ToothFairyAI_Public/tf_code
1
0
Fork 0
mirror of https://gitea.toothfairyai.com/ToothFairyAI/tf_code.git synced 2026-04-05 08:33:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

core: add password authentication and improve server security

Browse Source 
- Add OPENCODE_PASSWORD flag for basic auth protection
- Show security warnings when password is not set
- Remove deprecated spawn command
- Improve error handling with HTTPException responses
This commit is contained in:
Dax Raad
2026-01-12 15:23:12 -05:00
parent b4f33485a7
commit 1954c1255e
7 changed files with 23 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/opencode/src/server/server.ts
View File

@@ -7,6 +7,7 @@ import { Hono } from "hono"
import { cors } from "hono/cors"
import { stream, streamSSE } from "hono/streaming"
import { proxy } from "hono/proxy"
import { basicAuth } from "hono/basic-auth"
import { Session } from "../session"
import z from "zod"
import { Provider } from "../provider/provider"
@@ -25,6 +26,7 @@ import { Project } from "../project/project"
import { Vcs } from "../project/vcs"
import { Agent } from "../agent/agent"
import { Auth } from "../auth"
import { Flag } from "../flag/flag"
import { Command } from "../command"
import { ProviderAuth } from "../provider/auth"
import { Global } from "../global"
@@ -45,6 +47,7 @@ import { Snapshot } from "@/snapshot"
import { SessionSummary } from "@/session/summary"
import { SessionStatus } from "@/session/status"
import { upgradeWebSocket, websocket } from "hono/bun"
import { HTTPException } from "hono/http-exception"
import { errors } from "./error"
import { Pty } from "@/pty"
import { PermissionNext } from "@/permission/next"
@@ -80,6 +83,7 @@ export namespace Server {
log.error("failed", {
error: err,
})
if (err instanceof HTTPException) return err.getResponse()
if (err instanceof NamedError) {
let status: ContentfulStatusCode
if (err instanceof Storage.NotFoundError) status = 404
@@ -93,6 +97,11 @@ export namespace Server {
status: 500,
})
})
.use((c, next) => {
const password = Flag.OPENCODE_PASSWORD
if (!password) return next()
return basicAuth({ username: "opencode", password })(c, next)
})
.use(async (c, next) => {
const skipLogging = c.req.path === "/log"
if (!skipLogging) {