MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-24 03:54:43 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(vscode-ide-companion): enforce auth token validation (#10481)

Browse Source
This commit is contained in:
Shreya Keshive
2025-10-03 11:41:27 -04:00
committed by GitHub
parent 505e88656a
commit d8570e4d64
2 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/vscode-ide-companion/src/ide-server.test.ts
+3 -2
View File
@@ -379,7 +379,7 @@ describe('IDEServer', () => {
port = (ideServer as unknown as { port: number }).port; port = (ideServer as unknown as { port: number }).port;
}); });
it('should allow request without auth token for backwards compatibility', async () => { it('should reject request without auth token', async () => {
const response = await fetch(`http://localhost:${port}/mcp`, { const response = await fetch(`http://localhost:${port}/mcp`, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
@@ -390,7 +390,7 @@ describe('IDEServer', () => {
id: 1, id: 1,
}), }),
}); });
expect(response.status).not.toBe(401); expect(response.status).toBe(401);
}); });
it('should allow request with valid auth token', async () => { it('should allow request with valid auth token', async () => {
@@ -550,6 +550,7 @@ describe('IDEServer HTTP endpoints', () => {
headers: { headers: {
Host: `localhost:${port}`, Host: `localhost:${port}`,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Authorization: 'Bearer test-auth-token',
}, },
}, },
JSON.stringify({ jsonrpc: '2.0', method: 'initialize' }), JSON.stringify({ jsonrpc: '2.0', method: 'initialize' }),
packages/vscode-ide-companion/src/ide-server.ts
+16 -13
View File
@@ -166,19 +166,22 @@ export class IDEServer {
app.use((req, res, next) => { app.use((req, res, next) => {
const authHeader = req.headers.authorization; const authHeader = req.headers.authorization;
if (authHeader) { if (!authHeader) {
const parts = authHeader.split(' '); this.log('Missing Authorization header. Rejecting request.');
if (parts.length !== 2 || parts[0] !== 'Bearer') { res.status(401).send('Unauthorized');
this.log('Malformed Authorization header. Rejecting request.'); return;
res.status(401).send('Unauthorized'); }
return; const parts = authHeader.split(' ');
} if (parts.length !== 2 || parts[0] !== 'Bearer') {
const token = parts[1]; this.log('Malformed Authorization header. Rejecting request.');
if (token !== this.authToken) { res.status(401).send('Unauthorized');
this.log('Invalid auth token provided. Rejecting request.'); return;
res.status(401).send('Unauthorized'); }
return; const token = parts[1];
} if (token !== this.authToken) {
this.log('Invalid auth token provided. Rejecting request.');
res.status(401).send('Unauthorized');
return;
} }
next(); next();
}); });