MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-10 22:21:22 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(vscode-ide-companion): enforce auth token validation (#10481)

Browse Source
This commit is contained in:
Shreya Keshive
2025-10-03 11:41:27 -04:00
committed by GitHub
parent 505e88656a
commit d8570e4d64
2 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/vscode-ide-companion/src/ide-server.test.ts
View File

@@ -379,7 +379,7 @@ describe('IDEServer', () => {
port = (ideServer as unknown as { port: number }).port;
});
it('should allow request without auth token for backwards compatibility', async () => {
it('should reject request without auth token', async () => {
const response = await fetch(`http://localhost:${port}/mcp`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
@@ -390,7 +390,7 @@ describe('IDEServer', () => {
id: 1,
}),
});
expect(response.status).not.toBe(401);
expect(response.status).toBe(401);
});
it('should allow request with valid auth token', async () => {
@@ -550,6 +550,7 @@ describe('IDEServer HTTP endpoints', () => {
headers: {
Host: `localhost:${port}`,
'Content-Type': 'application/json',
Authorization: 'Bearer test-auth-token',
},
},
JSON.stringify({ jsonrpc: '2.0', method: 'initialize' }),

29
packages/vscode-ide-companion/src/ide-server.ts
View File

@@ -166,19 +166,22 @@ export class IDEServer {
app.use((req, res, next) => {
const authHeader = req.headers.authorization;
if (authHeader) {
const parts = authHeader.split(' ');
if (parts.length !== 2 || parts[0] !== 'Bearer') {
this.log('Malformed Authorization header. Rejecting request.');
res.status(401).send('Unauthorized');
return;
}
const token = parts[1];
if (token !== this.authToken) {
this.log('Invalid auth token provided. Rejecting request.');
res.status(401).send('Unauthorized');
return;
}
if (!authHeader) {
this.log('Missing Authorization header. Rejecting request.');
res.status(401).send('Unauthorized');
return;
}
const parts = authHeader.split(' ');
if (parts.length !== 2 || parts[0] !== 'Bearer') {
this.log('Malformed Authorization header. Rejecting request.');
res.status(401).send('Unauthorized');
return;
}
const token = parts[1];
if (token !== this.authToken) {
this.log('Invalid auth token provided. Rejecting request.');
res.status(401).send('Unauthorized');
return;
}
next();
});