mirrors/mcphub
1
0
Fork 0
mirror of https://github.com/samanhappy/mcphub.git synced 2025-12-23 18:29:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Allow password change in readonly mode by adding /auth/change-password to readonlyAllowPaths

Browse Source 
Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-12-05 04:05:32 +00:00
parent 4d141e6fc6
commit 9c5fa41162
2 changed files with 60 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/middlewares/auth.ts
View File

@@ -19,7 +19,7 @@ const validateBearerAuth = (req: Request, routingConfig: any): boolean => {
return authHeader.substring(7) === routingConfig.bearerAuthKey;
};
const readonlyAllowPaths = ['/tools/call/'];
const readonlyAllowPaths = ['/tools/call/', '/auth/change-password'];
const checkReadonly = (req: Request): boolean => {
if (!defaultConfig.readonly) {

59
tests/middlewares/auth.readonly.test.ts Normal file
View File

@@ -0,0 +1,59 @@
// Tests for readonly mode in auth middleware
// Verifies that password change is allowed in readonly mode
describe('Auth Readonly Mode Tests', () => {
// Test the readonlyAllowPaths configuration
describe('Readonly Allow Paths', () => {
// Simulate the checkReadonly logic
const readonlyAllowPaths = ['/tools/call/', '/auth/change-password'];
const checkReadonlyPath = (path: string, method: string, basePath: string = ''): boolean => {
for (const allowedPath of readonlyAllowPaths) {
if (path.startsWith(basePath + allowedPath)) {
return true;
}
}
return method === 'GET';
};
it('should allow /tools/call/ in readonly mode', () => {
const result = checkReadonlyPath('/tools/call/test', 'POST');
expect(result).toBe(true);
});
it('should allow /auth/change-password in readonly mode', () => {
const result = checkReadonlyPath('/auth/change-password', 'POST');
expect(result).toBe(true);
});
it('should allow GET requests in readonly mode', () => {
const result = checkReadonlyPath('/api/servers', 'GET');
expect(result).toBe(true);
});
it('should block other POST requests in readonly mode', () => {
const result = checkReadonlyPath('/api/servers', 'POST');
expect(result).toBe(false);
});
it('should block PUT requests in readonly mode', () => {
const result = checkReadonlyPath('/api/servers/1', 'PUT');
expect(result).toBe(false);
});
it('should block DELETE requests in readonly mode', () => {
const result = checkReadonlyPath('/api/servers/1', 'DELETE');
expect(result).toBe(false);
});
it('should work with base path for /auth/change-password', () => {
const result = checkReadonlyPath('/api/auth/change-password', 'POST', '/api');
expect(result).toBe(true);
});
it('should work with base path for /tools/call/', () => {
const result = checkReadonlyPath('/api/tools/call/test', 'POST', '/api');
expect(result).toBe(true);
});
});
});