Add anti-wipe guard for hfToken in cookbook state sync
Some checks failed
CI / Focused test guidance (report-only) (push) Has been cancelled
CI / Python syntax (compileall) (push) Has been cancelled
CI / JS syntax (node --check) (push) Has been cancelled
CI / Python tests (pytest) (push) Has been cancelled
Container scan / hadolint (Dockerfile lint) (push) Has been cancelled
Container scan (Trivy) / Trivy (image scan, advisory) (push) Has been cancelled
Container scan (Trivy) / Trivy (image scan + SARIF upload) (push) Has been cancelled
Dependency review / dependency-review (PR gate) (push) Has been cancelled
Dependency review / pip-audit (advisory) (push) Has been cancelled
ci / docker publish / build (amd64) (push) Has been cancelled
ci / docker publish / build (arm64) (push) Has been cancelled
Secret scan / gitleaks (push) Has been cancelled
Workflow security / actionlint (push) Has been cancelled
Workflow security / zizmor (Actions SAST) (push) Has been cancelled
ci / docker publish / merge manifest + tag (push) Has been cancelled
Some checks failed
CI / Focused test guidance (report-only) (push) Has been cancelled
CI / Python syntax (compileall) (push) Has been cancelled
CI / JS syntax (node --check) (push) Has been cancelled
CI / Python tests (pytest) (push) Has been cancelled
Container scan / hadolint (Dockerfile lint) (push) Has been cancelled
Container scan (Trivy) / Trivy (image scan, advisory) (push) Has been cancelled
Container scan (Trivy) / Trivy (image scan + SARIF upload) (push) Has been cancelled
Dependency review / dependency-review (PR gate) (push) Has been cancelled
Dependency review / pip-audit (advisory) (push) Has been cancelled
ci / docker publish / build (amd64) (push) Has been cancelled
ci / docker publish / build (arm64) (push) Has been cancelled
Secret scan / gitleaks (push) Has been cancelled
Workflow security / actionlint (push) Has been cancelled
Workflow security / zizmor (Actions SAST) (push) Has been cancelled
ci / docker publish / merge manifest + tag (push) Has been cancelled
The frontend strips hfToken from state responses (GET replaces it with masked version). When it syncs back via POST, incoming state has no hfToken. The servers anti-wipe guard existed but hfToken had no equivalent protection, so the token could be wiped by a sync race. Added hfToken preservation matching the servers guard pattern.
This commit is contained in:
parent
80f38c9443
commit
1a7d67df7a
1 changed files with 3 additions and 0 deletions
|
|
@ -2696,6 +2696,9 @@ def setup_cookbook_routes() -> APIRouter:
|
|||
elif disk_env.get("servers") and not inc_env.get("servers"):
|
||||
inc_env["servers"] = disk_env["servers"]
|
||||
logger.warning("cookbook state POST: incoming env.servers empty; preserved on-disk servers (anti-wipe guard)")
|
||||
if disk_env.get("hfToken") and not inc_env.get("hfToken"):
|
||||
inc_env["hfToken"] = disk_env["hfToken"]
|
||||
logger.debug("cookbook state POST: incoming env missing hfToken; preserved on-disk token (anti-wipe guard)")
|
||||
|
||||
disk_tasks = on_disk.get("tasks") or [] if isinstance(on_disk, dict) else []
|
||||
incoming_tasks = data.get("tasks") if isinstance(data.get("tasks"), list) else []
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue