GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
014e5c7f23bbe21799160e91a4c58d22c8f11e27
gt-ai-os-community/apps/resource-cluster/app/api/auth.py
HackWeasel b9dfb86260 GT AI OS Community Edition v2.0.33 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00

20 lines
721 B
Python
Raw Blame History

"""
Authentication utilities for API endpoints
"""
from fastapi import HTTPException, Header
from app.core.security import capability_validator, CapabilityToken
async def verify_capability(authorization: str = Header(None)) -> CapabilityToken:
"""Verify capability token from Authorization header"""
if not authorization or not authorization.startswith("Bearer "):
raise HTTPException(status_code=401, detail="Missing or invalid authorization header")
token_str = authorization.replace("Bearer ", "")
token = capability_validator.verify_capability_token(token_str)
if not token:
raise HTTPException(status_code=401, detail="Invalid capability token")
return token
View Git Blame Copy Permalink