mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 336dfa95d3 into 05d8f11085

Browse source
This commit is contained in:
memosr.eth 2026-04-24 19:26:33 -05:00 committed by GitHub
commit b0dcd0da6b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hermes_cli/web_server.py
View file

@ -993,7 +993,16 @@ async def get_env_vars():
@app.put("/api/env") @app.put("/api/env")
async def set_env_var(body: EnvVarUpdate): async def set_env_var(body: EnvVarUpdate, request: Request):
# --- Token check ---
auth = request.headers.get("authorization", "")
if auth != f"Bearer {_SESSION_TOKEN}":
raise HTTPException(status_code=401, detail="Unauthorized")
# --- Whitelist check ---
if body.key not in OPTIONAL_ENV_VARS:
raise HTTPException(status_code=400, detail=f"{body.key} is not an allowed env var")
try: try:
save_env_value(body.key, body.value) save_env_value(body.key, body.value)
return {"ok": True, "key": body.key} return {"ok": True, "key": body.key}
@ -1003,7 +1012,16 @@ async def set_env_var(body: EnvVarUpdate):
@app.delete("/api/env") @app.delete("/api/env")
async def remove_env_var(body: EnvVarDelete): async def remove_env_var(body: EnvVarDelete, request: Request):
# --- Token check ---
auth = request.headers.get("authorization", "")
if auth != f"Bearer {_SESSION_TOKEN}":
raise HTTPException(status_code=401, detail="Unauthorized")
# --- Whitelist check ---
if body.key not in OPTIONAL_ENV_VARS:
raise HTTPException(status_code=400, detail=f"{body.key} is not an allowed env var")
try: try:
removed = remove_env_value(body.key) removed = remove_env_value(body.key)
if not removed: if not removed: