Skip to content

fix: protect brief API routes#56

Open
ianalloway wants to merge 1 commit into
mainfrom
codex/propose-fix-for-api-token-bypass
Open

fix: protect brief API routes#56
ianalloway wants to merge 1 commit into
mainfrom
codex/propose-fix-for-api-token-bypass

Conversation

@ianalloway

Copy link
Copy Markdown
Owner

Motivation

  • The /api/briefs and /api/briefs/{job_id} endpoints exposed delivered research briefs without calling verify_delivery_token, allowing remote enumeration and disclosure of customer briefs.
  • The change restores the intended access model where hosted briefs require either a valid delivery token or local-only access for dashboard previewing.

Description

  • Add a shared helper _is_local_request(request) to detect localhost/testclient callers and reuse it for authorization checks.
  • Keep the canonical hosted route GET /briefs/{job_id} protected by verify_delivery_token, and require either localhost or a valid token for GET /api/briefs/{job_id} by adding token and request parameters and enforcing verify_delivery_token for non-local requests.
  • Restrict GET /api/briefs enumeration to local requests only by adding a request parameter and returning 403 for remote callers.
  • Refactor GET /api/receipt/{job_id} to use the new _is_local_request helper for consistent localhost-or-token authorization, and add a regression test test_api_brief_routes_require_localhost_or_delivery_token in tests/test_server.py covering local listing/read, remote rejection, and remote token access.

Testing

  • Ran python -m pytest tests/test_server.py, which executed but skipped tests because the FastAPI test client is not available in the environment (tests are guarded and skipped when fastapi.testclient is absent).
  • Compiled the modified files with python -m compileall solvent/server.py tests/test_server.py, which succeeded without syntax errors.

Codex Task

Copilot AI review requested due to automatic review settings July 14, 2026 18:17

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants