disinto-admin/disinto
1
0
Fork 0
Code Issues 24 Pull requests 1 Projects Releases Packages Wiki Activity Actions
disinto/tools/edge-control/lib
History
dev-qwen2 0243f546da
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
fix: edge-control: deregister has no ownership check — any authorized SSH key can take over any project (#1091) 
Require the caller to prove ownership on deregister by providing the
pubkey that was used during registration. The stored pubkey is loaded
from registry.json and compared byte-for-byte against the supplied key.

Changes:
- Add get_pubkey() helper to lib/ports.sh
- Update do_deregister() to verify caller pubkey before removing project
- Update SSH protocol to "deregister <project> <pubkey>"
- Update bin/disinto CLI to read tunnel keypair and pass pubkey
- Return {"error":"pubkey mismatch"} on failure (no pubkey leakage)
- Add unit tests for both success and failure paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-20 19:12:31 +00:00
..
authorized_keys.sh fix: edge control stdout pollution and install.sh dispatch 2026-04-10 19:38:41 +00:00
caddy.sh fix: bug: edge-control add_route targets non-existent Caddy server edge — registration succeeds in registry but traffic never routes (#789) 2026-04-15 16:24:24 +00:00
ports.sh fix: edge-control: deregister has no ownership check — any authorized SSH key can take over any project (#1091) 2026-04-20 19:12:31 +00:00