fix: harden dashboard RBAC and cookie auth flows
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m17s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m17s
Restrict Docker/Files writes to admins, move terminal websocket auth to cookie-first with temporary query fallback, and migrate refresh-token handling to httpOnly cookies for safer session persistence. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
import docker
|
||||
from fastapi import APIRouter, Query
|
||||
from fastapi import APIRouter, Depends, Query
|
||||
from config import DOCKER_HOST
|
||||
from rbac import require_admin
|
||||
|
||||
router = APIRouter()
|
||||
client = docker.DockerClient(base_url=DOCKER_HOST)
|
||||
@@ -21,7 +22,7 @@ def list_containers():
|
||||
]
|
||||
|
||||
|
||||
@router.post("/containers/{container_id}/{action}")
|
||||
@router.post("/containers/{container_id}/{action}", dependencies=[Depends(require_admin())])
|
||||
def container_action(container_id: str, action: str):
|
||||
if action not in ("start", "stop", "restart"):
|
||||
return {"error": "invalid action"}
|
||||
|
||||
Reference in New Issue
Block a user