m0n3r0 f378f00bfb fix(feishu): validate verification token before reflecting url_verification challenge ... When FEISHU_VERIFICATION_TOKEN is configured, an unauthenticated remote could previously prove endpoint control by sending a url_verification payload with any attacker-controlled challenge string — the handler reflected the challenge BEFORE running the token check. Move the verification_token check ahead of the url_verification echo so the challenge response is gated on a valid token. Add a regression test covering the wrong-token case. Also fix the stale test_connect_webhook_mode_starts_local_server fixture to set FEISHU_VERIFICATION_TOKEN (post #30746 webhook mode requires a secret). Salvaged from PR #29663 by @m0n3r0 — kept the url_verification reorder and its regression test; dropped the host-conditional weakening of the #30746 secret guard (we want webhook secrets required regardless of bind host, not only on 0.0.0.0/::). Docs updated to call out the gating. Co-authored-by: teknium1 <127238744+teknium1@users.noreply.github.com>		2026-05-24 04:51:19 -07:00
..
developer-guide	fix(provider): make config.yaml model.provider the single source of truth (#31222)	2026-05-23 18:18:41 -07:00
getting-started	docs: surface Nous Portal on pages where it solves a real problem the page describes (#30874)	2026-05-23 02:47:53 -07:00
guides	docs: dedicated Nous Portal integration page and setup guide (#31296)	2026-05-23 21:07:58 -07:00
integrations	docs: dedicated Nous Portal integration page and setup guide (#31296)	2026-05-23 21:07:58 -07:00
reference	fix(provider): make config.yaml model.provider the single source of truth (#31222)	2026-05-23 18:18:41 -07:00
user-guide	fix(feishu): validate verification token before reflecting url_verification challenge	2026-05-24 04:51:19 -07:00
index.md	docs(windows): avoid piping installer directly into iex	2026-05-18 20:05:47 -07:00
user-stories.mdx	docs(website): add User Stories and Use Cases collage page (#18282)	2026-04-30 23:56:59 -07:00