Skip to content

feat(auth): production-mode guard — 非 loopback 未設 token 拒啟動#3

Merged
MakiDevelop merged 2 commits into
mainfrom
feat/production-auth-guard
May 31, 2026
Merged

feat(auth): production-mode guard — 非 loopback 未設 token 拒啟動#3
MakiDevelop merged 2 commits into
mainfrom
feat/production-auth-guard

Conversation

@MakiDevelop
Copy link
Copy Markdown
Owner

@MakiDevelop MakiDevelop commented May 31, 2026

get_principal 無 token 時落 dev-local,若 bind 0.0.0.0 對外又忘了設 MH_API_TOKEN 等於門戶大開。新增 startup guard(fail-closed):

  • enforce_production_auth_guard(settings):非 loopback host 且未設 api_token → raise ProductionAuthError
  • escape hatch:MH_ALLOW_INSECURE=1
  • 掛在 create_app(CLI serve + embedded 兩條路都護到)
  • _is_loopback_bind_hostipaddress.is_loopback(127.x / ::1 / localhost / IPv6)
  • README 文件化

localhost dev 無 token 行為不變。+4 測試。pytest 71 passed + ruff clean。

🤖 Generated with Claude Code

MakiDevelop and others added 2 commits May 31, 2026 13:59
@MakiDevelop @claude
feat(auth): production-mode guard — 非 loopback 未設 token 拒啟動
27a6656 
get_principal 無 token 時落 dev-local,若有人 bind 0.0.0.0 對外又忘了
設 MH_API_TOKEN 等於門戶大開。新增 startup guard:

- enforce_production_auth_guard(settings):bind 非 loopback host 且未設
  api_token → raise ProductionAuthError(fail-closed)
- escape hatch:MH_ALLOW_INSECURE=1 明確覆寫
- 掛在 create_app(CLI serve + embedded 兩條路都護到)
- _is_loopback_bind_host 用 ipaddress.is_loopback(涵蓋 127.x/::1/localhost/IPv6)
- cli serve 捕捉 ProductionAuthError → 紅字 + exit 1

localhost dev 無 token 行為不變。+4 測試(拒啟動/有token放行/override/localhost放行)。
pytest 71 passed + ruff clean。

Constraint: 不可破壞 localhost dev 無 token 流程
Directive: guard 放 create_app 不只 cli,讓 embedded 路徑也受保護
Rejected: 改 get_principal 預設 | 動既有 auth 中介層風險高,只加 startup gate
Not-tested: 真實對外部署啟動(測試用 Settings 注入)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@MakiDevelop @claude
docs: README 記錄 production auth guard(fail-closed + MH_ALLOW_INSECURE)
75378b1 
對應 27a6656 的 startup guard:非 loopback 綁定未設 token 會拒啟動,
文件化 override 方式,避免使用者部署時撞到「拒啟動」不知所措。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@MakiDevelop MakiDevelop merged commit 7ffe94b into main May 31, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MakiDevelop