ulysses/core
Kenny Van de Maele a2261c38c1
refactor(auth): centralize the internal-tool pseudo-username into a constant (#4333)
The in-process tool loopback stamps current_user = "internal-tool" and
require_admin grants admin to that sentinel; it is also a reserved username.
That security-sensitive string was hand-typed in ~7 places (stamp, admin gate,
RESERVED_USERNAMES, and standalone admin-equivalent checks in note/research/
shell/task routes), where a typo silently breaks an auth gate.

Add INTERNAL_TOOL_USER in core/middleware.py next to INTERNAL_TOOL_TOKEN/
INTERNAL_TOOL_HEADER and use it at every such site. A typo is now an
ImportError, not a silent mismatch. auth.py importing middleware is acyclic
(middleware imports no app modules). Behaviour is unchanged.

The multi-sentinel sets bundling internal-tool with api/demo/system
(assistant_routes, task_scheduler, research_routes) are a separate reserved-set
dedup, left for a follow-up.

Closes #4332
2026-06-16 13:13:00 +02:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
atomic_io.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
auth.py refactor(auth): centralize the internal-tool pseudo-username into a constant (#4333) 2026-06-16 13:13:00 +02:00
constants.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
database.py feat(paths): abstract runtime path logic for frozen distribution packages (#969) 2026-06-15 17:44:10 +01:00
exceptions.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
middleware.py refactor(auth): centralize the internal-tool pseudo-username into a constant (#4333) 2026-06-16 13:13:00 +02:00
models.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00
platform_compat.py fix(platform): read proc version with utf-8 2026-06-11 21:58:22 +01:00
session_manager.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00