Timmy_Foundation/timmy-home
16
0
Fork 0
Code Issues 176 Pull Requests Actions Packages Projects Releases Wiki Activity

security: Add author whitelist for task router (Issue #132)

Browse Source 
Implements security fix for issue #132 - Task router author whitelist

Changes:
- Add author_whitelist.py module with whitelist validation
- Integrate whitelist checks into task_router_daemon.py
- Add author_whitelist config option to config.yaml
- Add comprehensive tests for whitelist validation

Security features:
- Validates task authors against authorized whitelist
- Logs all authorization attempts (success and failure)
- Secure by default: empty whitelist denies all
- Configurable via environment variable or config file
- Prevents unauthorized command execution from untrusted Gitea users
This commit is contained in:
Allegro
2026-03-31 03:53:37 +00:00
parent 00d887c4fc
commit 384fad6d5f
4 changed files with 904 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config.yaml
View File

@@ -160,6 +160,11 @@ security:
enabled: false
domains: []
shared_files: []
# Author whitelist for task router (Issue #132)
# Only users in this list can submit tasks via Gitea issues
# Empty list = deny all (secure by default)
# Set via env var TIMMY_AUTHOR_WHITELIST as comma-separated list
author_whitelist: []
_config_version: 9
session_reset:
mode: none