starred/ServerKit
1
0
Fork 0
mirror of https://github.com/jhd3197/ServerKit.git synced 2026-04-26 08:25:59 +03:00
Code Issues 3 Projects Releases 2 Packages Wiki Activity

[PR #13] [MERGED] Replace jwt_required with RBAC, use socket auth #19

New issue
Closed
opened 2026-03-02 11:44:09 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 11:44:09 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/jhd3197/ServerKit/pull/13
Author: @jhd3197
Created: 2/9/2026
Status: Merged
Merged: 2/10/2026
Merged by: @jhd3197

Base: mainHead: dev

📝 Commits (4)

  • caa799b Replace jwt_required with RBAC, use socket auth
  • 79c397f chore: bump version to 1.2.78 [skip ci]
  • d2b9877 Revamp README and add translations
  • e1fe2a2 chore: bump version to 1.2.79 [skip ci]

📊 Changes

15 files changed (+1118 additions, -383 deletions)

View changed files

📝 README.md (+166 -298)
📝 VERSION (+1 -1)
📝 backend/app/api/cron.py (+8 -8)
📝 backend/app/api/firewall.py (+16 -15)
📝 backend/app/api/ftp.py (+16 -15)
📝 backend/app/api/git.py (+33 -32)
📝 backend/app/api/metrics.py (+6 -6)
📝 backend/app/api/private_urls.py (+2 -1)
📝 backend/app/api/system.py (+4 -2)
📝 backend/app/sockets.py (+6 -3)
docs/README.es.md (+286 -0)
docs/README.pt.md (+286 -0)
docs/README.zh-CN.md (+286 -0)
📝 frontend/src/pages/WordPressProject.jsx (+1 -1)
📝 frontend/src/services/socket.js (+1 -1)

📄 Description

Replace generic @jwt_required() usage with role-based decorators and switch Socket.IO token handling to the auth payload.

  • Replace jwt_required with viewer_required/admin_required across API modules (backend/app/api/cron.py, firewall.py, ftp.py, git.py, metrics.py) and update imports accordingly.
  • Require JWT for previously public system/private endpoints (backend/app/api/system.py, private_urls.py).
  • Change Socket.IO server connection handler to accept auth payload and read token from auth (backend/app/sockets.py) to avoid token leakage in query strings.
  • Update frontend clients to send token via socket auth instead of query (frontend/src/pages/WordPressProject.jsx, frontend/src/services/socket.js).

These changes add finer-grained RBAC control for endpoints and improve socket auth security by removing tokens from URLs/logs.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jhd3197/ServerKit/pull/13 **Author:** [@jhd3197](https://github.com/jhd3197) **Created:** 2/9/2026 **Status:** ✅ Merged **Merged:** 2/10/2026 **Merged by:** [@jhd3197](https://github.com/jhd3197) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (4) - [`caa799b`](https://github.com/jhd3197/ServerKit/commit/caa799ba1b09a959717a74c319437c4af1c1a954) Replace jwt_required with RBAC, use socket auth - [`79c397f`](https://github.com/jhd3197/ServerKit/commit/79c397fa696e924701b6d327f15a8fe9338f3ce3) chore: bump version to 1.2.78 [skip ci] - [`d2b9877`](https://github.com/jhd3197/ServerKit/commit/d2b9877d74122fe04cd2dd26e7e72276183bdad4) Revamp README and add translations - [`e1fe2a2`](https://github.com/jhd3197/ServerKit/commit/e1fe2a290ef230c158839c396917c942f063f770) chore: bump version to 1.2.79 [skip ci] ### 📊 Changes **15 files changed** (+1118 additions, -383 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+166 -298) 📝 `VERSION` (+1 -1) 📝 `backend/app/api/cron.py` (+8 -8) 📝 `backend/app/api/firewall.py` (+16 -15) 📝 `backend/app/api/ftp.py` (+16 -15) 📝 `backend/app/api/git.py` (+33 -32) 📝 `backend/app/api/metrics.py` (+6 -6) 📝 `backend/app/api/private_urls.py` (+2 -1) 📝 `backend/app/api/system.py` (+4 -2) 📝 `backend/app/sockets.py` (+6 -3) ➕ `docs/README.es.md` (+286 -0) ➕ `docs/README.pt.md` (+286 -0) ➕ `docs/README.zh-CN.md` (+286 -0) 📝 `frontend/src/pages/WordPressProject.jsx` (+1 -1) 📝 `frontend/src/services/socket.js` (+1 -1) </details> ### 📄 Description Replace generic @jwt_required() usage with role-based decorators and switch Socket.IO token handling to the auth payload. - Replace jwt_required with viewer_required/admin_required across API modules (backend/app/api/cron.py, firewall.py, ftp.py, git.py, metrics.py) and update imports accordingly. - Require JWT for previously public system/private endpoints (backend/app/api/system.py, private_urls.py). - Change Socket.IO server connection handler to accept auth payload and read token from auth (backend/app/sockets.py) to avoid token leakage in query strings. - Update frontend clients to send token via socket auth instead of query (frontend/src/pages/WordPressProject.jsx, frontend/src/services/socket.js). These changes add finer-grained RBAC control for endpoints and improve socket auth security by removing tokens from URLs/logs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 11:44:09 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
new-ui
agent-v1.0.3
agent-v1.0.2
agent-v1.0.1
agent-v1.0.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ServerKit#19
No description provided.