bobbai00 opened a new pull request, #5275:
URL: https://github.com/apache/texera/pull/5275
### What changes were proposed in this PR?
The agent service had no real access control: any caller who supplied an
agent id could read or drive any agent, ids were sequential
(`agent-${counter}`), `GET /agents` returned everyone's agents, and user tokens
were only base64-decoded — never signature-verified.
This PR introduces access control, **opt-in via `AGENT_AUTH_REQUIRED`
(default `false`)** so existing deployments are unchanged until it is switched
on.
**Backend (`agent-service`):**
- `auth-api.ts`: real **HS256 signature verification** against
`AUTH_JWT_SECRET`, matching the backend `JwtAuth` (requires `sub` + `exp`, 30s
clock skew, constant-time compare). Adds `verifyToken`, `getUidFromToken`,
`isAuthRequired`.
- `server.ts`: each agent is **bound to its owner's uid** at creation; a
single `onBeforeHandle` guard authorizes **every `/:id` route**, the WebSocket
handshake is authorized in `open`, and `GET /agents` is **scoped to the
caller**. Agent ids are now **random UUIDs**. When enforcement is on, creation
requires a valid token. Missing/invalid token → 401; wrong owner → 403.
**Frontend:** `agent.service.ts` now sends the user token on every agent
request (`Authorization: Bearer …`) and on the WebSocket via the `access-token`
query parameter (browsers can't set WS headers), mirroring the existing
`workflow-websocket.service.ts` idiom. These are inert while enforcement is off.
`Before: any caller + agent id -> full read/control of any agent`
`After: AGENT_AUTH_REQUIRED -> verified token, owner-scoped access, UUID
ids`
### Any related issues, documentation, discussions?
Closes #5268
### How was this PR tested?
Agent service (unit tests, type, format):
```
cd agent-service
bun test # 116 pass, 0 fail (incl. auth-api.test.ts and the new
# "access control (AGENT_AUTH_REQUIRED)" suite in
server.test.ts)
bun run typecheck # clean
bun run format:check
```
The new tests cover signature verification (valid / wrong-secret / expired /
missing-sub / non-HS256), permissive vs enforced `validateToken`, UUID id
format + uniqueness, owner-can-read, non-owner→403, missing-token→401, guarded
control route, and scoped listing.
Frontend: `eslint` and `prettier --check` pass on the changed file. The
change is small and mirrors an existing idiom; the full Angular build was not
run locally, and the change is inert unless `AGENT_AUTH_REQUIRED` is enabled.
### Was this PR authored or co-authored using generative AI tooling?
Generated-by: Claude Opus 4.8 (1M context)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
