2 Commits

Author SHA1 Message Date
程序员阿江(Relakkes)
a5cc7ff0c1 Tighten H5 policy trusted routes
The classifier should not treat every /sdk path as trusted by pathname, because LAN-exposed servers already have a narrower local SDK trust boundary.

Constraint: Desktop local chat, Tauri WebView, loopback adapters, and local SDK routes must remain tokenless.

Rejected: Path-only /sdk trust | a non-local caller could reach the SDK route through a LAN-bound server.

Confidence: high

Scope-risk: narrow

Directive: Keep remote /sdk and hostile-origin loopback requests in the H5/browser bucket unless a dedicated SDK auth layer is verified.

Tested: bun test src/server/__tests__/h5-access-policy.test.ts
2026-05-12 14:26:00 +08:00
程序员阿江(Relakkes)
115e6f3b36 Prepare H5 auth to distinguish browser traffic from trusted local callers
Add a small standalone request classifier and focused server tests so later H5 token enforcement can target LAN/browser requests without changing the current desktop, SDK, or adapter paths.

Constraint: Task scope is limited to a standalone classifier plus tests in two server files
Constraint: Local desktop WebView, loopback integrations, and /sdk routes must remain tokenless for now
Rejected: Integrate the classifier into auth middleware now | this task only introduces the reusable classification seam
Confidence: high
Scope-risk: narrow
Directive: Keep local-trusted and internal-sdk classifications tokenless unless the server auth integration changes with matching regression coverage
Tested: bun test src/server/__tests__/h5-access-policy.test.ts
Tested: per-file TypeScript diagnostics for src/server/h5AccessPolicy.ts and src/server/__tests__/h5-access-policy.test.ts
Not-tested: Full server auth middleware integration
Not-tested: bun run check:server remains red from pre-existing repo dependency and unrelated test failures
2026-05-12 14:20:32 +08:00