mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-18 04:41:56 +00:00
test(security): broaden plugin API auth coverage + correct stale docstring
Follow-up to the previous commit's middleware fix.
- plugins/kanban/dashboard/plugin_api.py: rewrite the "Security note"
docstring. The previous text said "/api/plugins/ is unauthenticated by
design" — that's now actively wrong and dangerously misleading. New
text explains that plugin routes flow through the same session-token
middleware as core API routes and that --host 0.0.0.0 is safe to use
on a LAN as a result.
- tests/hermes_cli/test_web_server.py: extend TestPluginAPIAuth to cover
the surfaces the original PR didn't pin:
* test_plugin_route_allows_auth now exercises a real plugin path
(/api/plugins/example/hello) instead of accepting 200 OR 404 from
a maybe-loaded kanban plugin — the assertion was effectively vacuous.
* test_plugin_patch_requires_auth + test_plugin_delete_requires_auth
cover non-GET mutation methods in case a future regression
whitelists them by accident.
* test_non_kanban_plugin_route_requires_auth proves the fix is
plugin-agnostic, not kanban-specific (hits hermes-achievements +
a non-existent plugin namespace; both 401 before route resolution).
* test_plugin_websocket_unaffected_by_http_middleware locks in that
the HTTP middleware change didn't accidentally start gating WS
upgrades — kanban /events still uses its own ?token= check.
Plus a cosmetic blank-line cleanup.
This commit is contained in:
Teknium
parent
ec9329ec41
commit
ae4b09ce10
2 changed files with 95 additions and 18 deletions
|
|
@ -13,15 +13,24 @@ reads run alongside the dispatcher's IMMEDIATE write transactions).
|
|||
|
||||
Security note
|
||||
-------------
|
||||
The dashboard's HTTP auth middleware (``web_server.auth_middleware``)
|
||||
explicitly skips ``/api/plugins/`` — plugin routes are unauthenticated by
|
||||
design because the dashboard binds to localhost by default. For the
|
||||
WebSocket we still require the session token as a ``?token=`` query
|
||||
parameter (browsers cannot set the ``Authorization`` header on an upgrade
|
||||
request), matching the established pattern used by the in-browser PTY
|
||||
bridge in ``hermes_cli/web_server.py``. If you run the dashboard with
|
||||
``--host 0.0.0.0``, every plugin route — kanban included — becomes
|
||||
reachable from the network. Don't do that on a shared host.
|
||||
Plugin HTTP routes go through the dashboard's session-token auth middleware
|
||||
(``web_server.auth_middleware``) just like core API routes — every
|
||||
``/api/plugins/...`` request must present the session bearer token (or the
|
||||
session cookie set when you load the dashboard HTML). The token is the
|
||||
random per-process ``_SESSION_TOKEN`` printed at startup; the dashboard's
|
||||
own pages inject it via ``window.__HERMES_SESSION_TOKEN__`` so logged-in
|
||||
browsers don't have to handle it manually.
|
||||
|
||||
For the ``/events`` WebSocket we still require the session token as a
|
||||
``?token=`` query parameter (browsers cannot set the ``Authorization``
|
||||
header on an upgrade request), matching the established pattern used by
|
||||
the in-browser PTY bridge in ``hermes_cli/web_server.py``.
|
||||
|
||||
This means ``hermes dashboard --host 0.0.0.0`` is safe to run on a LAN:
|
||||
plugin routes are no longer an unauthenticated exception. The auth still
|
||||
isn't multi-user — anyone who can read the printed URL+token gets full
|
||||
dashboard access — but they can't ride along just because they can reach
|
||||
the port.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue