Conversation
Replace generic @jwt_required() usage with role-based decorators and switch Socket.IO token handling to the auth payload. - Replace jwt_required with viewer_required/admin_required across API modules (backend/app/api/cron.py, firewall.py, ftp.py, git.py, metrics.py) and update imports accordingly. - Require JWT for previously public system/private endpoints (backend/app/api/system.py, private_urls.py). - Change Socket.IO server connection handler to accept auth payload and read token from auth (backend/app/sockets.py) to avoid token leakage in query strings. - Update frontend clients to send token via socket auth instead of query (frontend/src/pages/WordPressProject.jsx, frontend/src/services/socket.js). These changes add finer-grained RBAC control for endpoints and improve socket auth security by removing tokens from URLs/logs.
There was a problem hiding this comment.
Pull request overview
This PR tightens authentication/authorization across the backend API by introducing role-based access control (RBAC) decorators in place of generic JWT checks, and improves Socket.IO security by moving JWTs from URL query parameters into the Socket.IO auth payload.
Changes:
- Replace
@jwt_required()with RBAC decorators (@viewer_required,@admin_required) for cron/firewall/ftp/git/metrics endpoints. - Require JWT auth for previously public system and private URL resolution endpoints.
- Switch Socket.IO clients/servers to use the
authpayload for token passing instead of query strings.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| frontend/src/services/socket.js | Send JWT via Socket.IO auth payload when establishing socket connections. |
| frontend/src/pages/WordPressProject.jsx | Update project page socket connection to pass JWT via auth payload. |
| backend/app/sockets.py | Read JWT from Socket.IO auth payload during connect to avoid token leakage in URLs/logs. |
| backend/app/api/system.py | Add JWT protection to /version and /check-update endpoints and update docstrings accordingly. |
| backend/app/api/private_urls.py | Require JWT for private URL slug resolution endpoint and adjust related docstring. |
| backend/app/api/metrics.py | Replace generic JWT requirement with RBAC (viewer for read, admin for control actions). |
| backend/app/api/git.py | Apply RBAC (viewer/admin) across Git/Gitea management endpoints. |
| backend/app/api/ftp.py | Apply RBAC (viewer/admin) across FTP management endpoints. |
| backend/app/api/firewall.py | Apply RBAC (viewer/admin) across firewall management endpoints. |
| backend/app/api/cron.py | Apply RBAC (viewer/admin) across cron management endpoints. |
| VERSION | Bump version from 1.2.77 to 1.2.78. |
Comments suppressed due to low confidence (1)
backend/app/sockets.py:54
- The exception is captured as
ebut never used. Either drop the variable (useexcept Exception:) or log the exception details to aid debugging when token validation fails.
try:
decode_token(token)
emit('connected', {'status': 'connected'})
except Exception as e:
emit('error', {'message': 'Invalid token'})
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
243
to
+247
| # Public Endpoint - No Authentication Required | ||
| # ============================================================================= | ||
|
|
||
| @private_urls_bp.route('/p/<slug>', methods=['GET']) | ||
| @jwt_required() |
There was a problem hiding this comment.
The section header still says this is a public endpoint with no authentication, but the route is now protected by @jwt_required(). Please update or remove the header comment so it matches the new access requirements (e.g., indicate JWT auth is required).
Major overhaul of README.md: reorganized layout and sections (features, screenshots, quick start, architecture, roadmap, tech stack, docs, contributing, community), updated badges and visuals, simplified install instructions, and added architecture diagram and roadmap. Added translated documentation files: docs/README.es.md, docs/README.pt.md, and docs/README.zh-CN.md.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace generic @jwt_required() usage with role-based decorators and switch Socket.IO token handling to the auth payload.
These changes add finer-grained RBAC control for endpoints and improve socket auth security by removing tokens from URLs/logs.