fix: Code Review P0/P1 batches 1-3 and single-operator risk acceptance

Apply sync/install/auth/schedule/retry/agent/settings fixes from full
code review; document accepted WS and Agent legacy risks for solo ops.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Nexus Deploy
2026-06-04 15:57:49 +08:00
parent a2ae74d582
commit b866e944ab
36 changed files with 1111 additions and 242 deletions
+26 -9
View File
@@ -58,22 +58,39 @@ def _verify_api_key(x_api_key: str = Header(...)):
async def _verify_server_api_key(server_id: int, provided_key: str, service: ServerService) -> bool:
"""Verify API key against per-server agent_api_key, falling back to global API key.
"""Verify API key against per-server agent_api_key, with limited global fallback.
Authentication priority:
1. If server has agent_api_key set → must match exactly
2. Otherwise → must match global API_KEY
1. Server must exist
2. If server has agent_api_key → must match exactly
3. Legacy only: no per-server key → global API_KEY (logged for migration)
"""
# Try to get server's per-server key
try:
server = await service.get_server(server_id)
if server and server.agent_api_key:
return secrets.compare_digest(provided_key, server.agent_api_key)
except Exception:
logger.debug(f"Failed to look up server {server_id} for per-server API key check, falling back to global key")
logger.warning(
"Failed to look up server %s for per-server API key check — rejecting",
server_id,
exc_info=True,
)
return False
# Fallback: global API key
return secrets.compare_digest(provided_key, settings.API_KEY)
if not server:
return False
if server.agent_api_key:
return secrets.compare_digest(provided_key, server.agent_api_key)
if secrets.compare_digest(provided_key, settings.API_KEY):
logger.warning(
"Server %s (%s) used global API_KEY for agent auth — "
"assign per-server key via POST /api/servers/%s/agent-key",
server_id,
server.name,
server_id,
)
return True
return False
def _threshold_for(thresholds: dict, metric: str) -> float: