mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-06-30 01:35:38 +02:00
security: agent-shell WS tokens and dependency audit fixes (#409)
Replace spoofable Host/Origin WebSocket auth with short-lived bootstrap tokens minted over the existing local-operator HTTP path. Docker/browser shell sessions prefetch a token before connecting; loopback peers remain unchanged. Also bump backend ws to 8.21.0 and refresh frontend lockfile to clear npm audit findings (dev toolchain only for frontend). Fixes #405, #406, #407 Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -12,7 +12,7 @@ import { FitAddon } from '@xterm/addon-fit';
|
||||
|
||||
import '@xterm/xterm/css/xterm.css';
|
||||
|
||||
import { resolveAgentShellWsUrl } from '@/lib/agentShellWs';
|
||||
import { mintAgentShellWsToken, resolveAgentShellWsUrl } from '@/lib/agentShellWs';
|
||||
|
||||
|
||||
|
||||
@@ -302,11 +302,12 @@ export default function AgentShellPanel({ active, expanded, onExpandedChange }:
|
||||
|
||||
|
||||
|
||||
const ws = new WebSocket(resolveAgentShellWsUrl(storedCwd));
|
||||
void (async () => {
|
||||
const wsToken = await mintAgentShellWsToken();
|
||||
const ws = new WebSocket(resolveAgentShellWsUrl(storedCwd, wsToken ?? undefined));
|
||||
ws.binaryType = 'arraybuffer';
|
||||
|
||||
ws.binaryType = 'arraybuffer';
|
||||
|
||||
wsRef.current = ws;
|
||||
wsRef.current = ws;
|
||||
|
||||
|
||||
|
||||
@@ -423,7 +424,7 @@ export default function AgentShellPanel({ active, expanded, onExpandedChange }:
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
})();
|
||||
}, []);
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user