fix: Code Review P0/P1 batches 1-3 and single-operator risk acceptance
Apply sync/install/auth/schedule/retry/agent/settings fixes from full code review; document accepted WS and Agent legacy risks for solo ops. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
+11
-7
@@ -63,13 +63,17 @@ async def _verify_webssh_token(token: str):
|
||||
if not admin or not admin.is_active:
|
||||
return None, None
|
||||
|
||||
# P1-7: Check updated_at — invalidate token after password change
|
||||
token_updated = payload.get("updated", 0)
|
||||
if token_updated and admin.updated_at:
|
||||
admin_ts = int(admin.updated_at.timestamp())
|
||||
# Allow 5-second grace for clock skew / race conditions
|
||||
if admin_ts > token_updated + 5:
|
||||
token_tv = payload.get("tv")
|
||||
if token_tv is not None:
|
||||
if int(token_tv) != int(admin.token_version or 0):
|
||||
return None, None
|
||||
else:
|
||||
# Legacy WebSSH tokens without tv — fall back to updated_at grace
|
||||
token_updated = payload.get("updated", 0)
|
||||
if token_updated and admin.updated_at:
|
||||
admin_ts = int(admin.updated_at.timestamp())
|
||||
if admin_ts > token_updated + 5:
|
||||
return None, None
|
||||
|
||||
return admin, server_id
|
||||
except Exception:
|
||||
@@ -96,7 +100,7 @@ async def terminal_ws(
|
||||
|
||||
admin, token_server_id = await _verify_webssh_token(token)
|
||||
if not admin:
|
||||
await websocket.close(code=4001, reason="Invalid or expired JWT token")
|
||||
await websocket.close(code=4401, reason="Invalid or expired JWT token")
|
||||
return
|
||||
|
||||
# Security: WebSSH token must bind to this server (general access_token rejected)
|
||||
|
||||
Reference in New Issue
Block a user