mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-03 07:18:25 +00:00
4e4e4f92a0
* fix(security): harden auth system and fix run journal logic bug
- Fix inverted condition in RunJournal.on_chat_model_start that prevented
first human message capture (not messages → messages)
- Pre-hash passwords with SHA-256 before bcrypt to avoid silent 72-byte
truncation vulnerability
- Move load_dotenv() from module scope into get_auth_config() to prevent
import-time os.environ mutation breaking test isolation
- Return generic ‘Invalid token’ instead of exposing specific error
variants (expired, malformed, invalid_signature) to clients
- Make @require_auth independently enforce 401 instead of silently
passing through when AuthMiddleware is absent
- Rate-limit /setup-status endpoint with per-IP cooldown to mitigate
initialization-state information leak
- Document in-process rate limiter limitation for multi-worker deployments
* fix(security): return 429+Retry-After on setup-status rate limit, bound cooldown dict
Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/070d0be8-99a5-46c8-85bb-6b81b5284021
Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>
* fix(security): add versioned password hashes with auto-migration on login
The SHA-256 pre-hash change silently broke verification for any existing
bcrypt-only password hashes. Introduce a <N>$ prefix scheme so hashes
are self-describing:
- v2 (current): bcrypt(b64(sha256(password))) with $ prefix
- v1 (legacy): plain bcrypt, prefixed $ or bare (no prefix)
verify_password auto-detects the version and falls back to v1 for older
hashes. LocalAuthProvider.authenticate() now rehashes legacy hashes to v2
on successful login via needs_rehash(), so existing users upgrade
transparently without a dedicated migration step.
* fix(auth): harden verify_password, best-effort rehash, update require_auth docstring, downgrade journal logging
- password.py: wrap bcrypt.checkpw in try/except → return False for malformed/corrupt hashes instead of crashing
- local_provider.py: wrap auto-rehash update_user() in try/except so transient DB errors don't fail valid logins
- authz.py: update require_auth docstring to reflect independent 401 enforcement
- journal.py: downgrade on_chat_model_start from INFO to DEBUG, log only metadata (batch_count, message_counts) instead of full serialized/messages content
Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/48c5cf31-a4ab-418a-982a-6343c37bb299
Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>
* fix(auth): address code review - narrow ValueError catch, add rehash warning log, rename num_batches
Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/48c5cf31-a4ab-418a-982a-6343c37bb299
Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
107 lines
3.4 KiB
Python
107 lines
3.4 KiB
Python
"""LangGraph Server auth handler — shares JWT logic with Gateway.
|
|
|
|
Loaded by LangGraph Server via langgraph.json ``auth.path``.
|
|
Reuses the same ``decode_token`` / ``get_auth_config`` as Gateway,
|
|
so both modes validate tokens with the same secret and rules.
|
|
|
|
Two layers:
|
|
1. @auth.authenticate — validates JWT cookie, extracts user_id,
|
|
and enforces CSRF on state-changing methods (POST/PUT/DELETE/PATCH)
|
|
2. @auth.on — returns metadata filter so each user only sees own threads
|
|
"""
|
|
|
|
import secrets
|
|
|
|
from langgraph_sdk import Auth
|
|
|
|
from app.gateway.auth.errors import TokenError
|
|
from app.gateway.auth.jwt import decode_token
|
|
from app.gateway.deps import get_local_provider
|
|
|
|
auth = Auth()
|
|
|
|
# Methods that require CSRF validation (state-changing per RFC 7231).
|
|
_CSRF_METHODS = frozenset({"POST", "PUT", "DELETE", "PATCH"})
|
|
|
|
|
|
def _check_csrf(request) -> None:
|
|
"""Enforce Double Submit Cookie CSRF check for state-changing requests.
|
|
|
|
Mirrors Gateway's CSRFMiddleware logic so that LangGraph routes
|
|
proxied directly by nginx have the same CSRF protection.
|
|
"""
|
|
method = getattr(request, "method", "") or ""
|
|
if method.upper() not in _CSRF_METHODS:
|
|
return
|
|
|
|
cookie_token = request.cookies.get("csrf_token")
|
|
header_token = request.headers.get("x-csrf-token")
|
|
|
|
if not cookie_token or not header_token:
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=403,
|
|
detail="CSRF token missing. Include X-CSRF-Token header.",
|
|
)
|
|
|
|
if not secrets.compare_digest(cookie_token, header_token):
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=403,
|
|
detail="CSRF token mismatch.",
|
|
)
|
|
|
|
|
|
@auth.authenticate
|
|
async def authenticate(request):
|
|
"""Validate the session cookie, decode JWT, and check token_version.
|
|
|
|
Same validation chain as Gateway's get_current_user_from_request:
|
|
cookie → decode JWT → DB lookup → token_version match
|
|
Also enforces CSRF on state-changing methods.
|
|
"""
|
|
# CSRF check before authentication so forged cross-site requests
|
|
# are rejected early, even if the cookie carries a valid JWT.
|
|
_check_csrf(request)
|
|
|
|
token = request.cookies.get("access_token")
|
|
if not token:
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=401,
|
|
detail="Not authenticated",
|
|
)
|
|
|
|
payload = decode_token(token)
|
|
if isinstance(payload, TokenError):
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=401,
|
|
detail="Invalid token",
|
|
)
|
|
|
|
user = await get_local_provider().get_user(payload.sub)
|
|
if user is None:
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=401,
|
|
detail="User not found",
|
|
)
|
|
if user.token_version != payload.ver:
|
|
raise Auth.exceptions.HTTPException(
|
|
status_code=401,
|
|
detail="Token revoked (password changed)",
|
|
)
|
|
|
|
return payload.sub
|
|
|
|
|
|
@auth.on
|
|
async def add_owner_filter(ctx: Auth.types.AuthContext, value: dict):
|
|
"""Inject user_id metadata on writes; filter by user_id on reads.
|
|
|
|
Gateway stores thread ownership as ``metadata.user_id``.
|
|
This handler ensures LangGraph Server enforces the same isolation.
|
|
"""
|
|
# On create/update: stamp user_id into metadata
|
|
metadata = value.setdefault("metadata", {})
|
|
metadata["user_id"] = ctx.user.identity
|
|
|
|
# Return filter dict — LangGraph applies it to search/read/delete
|
|
return {"user_id": ctx.user.identity}
|