fix: Code Review P0/P1 batches 1-3 and single-operator risk acceptance

Apply sync/install/auth/schedule/retry/agent/settings fixes from full
code review; document accepted WS and Agent legacy risks for solo ops.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Nexus Deploy
2026-06-04 15:57:49 +08:00
parent a2ae74d582
commit b866e944ab
36 changed files with 1111 additions and 242 deletions
+11 -7
View File
@@ -63,13 +63,17 @@ async def _verify_webssh_token(token: str):
if not admin or not admin.is_active:
return None, None
# P1-7: Check updated_at — invalidate token after password change
token_updated = payload.get("updated", 0)
if token_updated and admin.updated_at:
admin_ts = int(admin.updated_at.timestamp())
# Allow 5-second grace for clock skew / race conditions
if admin_ts > token_updated + 5:
token_tv = payload.get("tv")
if token_tv is not None:
if int(token_tv) != int(admin.token_version or 0):
return None, None
else:
# Legacy WebSSH tokens without tv — fall back to updated_at grace
token_updated = payload.get("updated", 0)
if token_updated and admin.updated_at:
admin_ts = int(admin.updated_at.timestamp())
if admin_ts > token_updated + 5:
return None, None
return admin, server_id
except Exception:
@@ -96,7 +100,7 @@ async def terminal_ws(
admin, token_server_id = await _verify_webssh_token(token)
if not admin:
await websocket.close(code=4001, reason="Invalid or expired JWT token")
await websocket.close(code=4401, reason="Invalid or expired JWT token")
return
# Security: WebSSH token must bind to this server (general access_token rejected)