Skip to content

feat: reject all requests without a JWT#384

Merged
jpetto merged 1 commit intomainfrom
HNT-2548-reject-requests-without-valid-jwt
May 6, 2026
Merged

feat: reject all requests without a JWT#384
jpetto merged 1 commit intomainfrom
HNT-2548-reject-requests-without-valid-jwt

Conversation

@jpetto
Copy link
Copy Markdown
Collaborator

@jpetto jpetto commented May 4, 2026
edited
Loading

Goal

reject all requests to admin API that do not include a JWT to reduce potential attacks from the wider internet. (the admin API gateway is open to the public due to the curation admin tool.)

  • fix sentry import
  • update tests

currently deployed to dev.

client testing checklist:

I'd love feedback/perspectives on:

  • any reason we shouldn't enforce a JWT auth header?

Implementation Decisions:

there isn't too much actually changed here - instead of allowing a missing token when creating the app context, we are now requiring it.

even though in practice some of the fields are now required, i didn't update the IContext type to keep the changes here small in scope. i can update to do this if we think it's worthwhile.

References

JIRA ticket:

@jpetto jpetto force-pushed the HNT-2548-reject-requests-without-valid-jwt branch from 3e9be17 to 1b41ea8 Compare May 5, 2026 17:09
@jpetto jpetto marked this pull request as ready for review May 5, 2026 17:13
@jpetto jpetto requested a review from a team as a code owner May 5, 2026 17:13
@jpetto jpetto requested review from mmiermans and nina-py and removed request for a team May 5, 2026 17:13
mmiermans
mmiermans reviewed May 5, 2026
View reviewed changes
Comment thread src/server/context.ts
Sentry.captureException('Request is missing JWT');

// throw a generic error if request is missing JWT
throw new Error('Internal server error');
Copy link
Copy Markdown
Contributor

@mmiermans mmiermans May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we throw a 401 instead of a generic error, to have accurate error statistics?

Copy link
Copy Markdown
Collaborator Author

@jpetto jpetto May 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i waffled between telling a potential attacker they were unauthorized versus giving them no additional info and (obviously) landed on the latter. i'm good with it as-is for now. we'll get sentry counts for this scenario.

mmiermans
mmiermans approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mmiermans mmiermans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with a minor suggestion

@jpetto jpetto force-pushed the HNT-2548-reject-requests-without-valid-jwt branch 2 times, most recently from faed917 to 1b41ea8 Compare May 6, 2026 14:38
@jpetto
feat: reject all requests without a JWT
878b377 
- fix sentry import in jwtUtils (this was never working?)
- add tests for getAppContext
@jpetto jpetto force-pushed the HNT-2548-reject-requests-without-valid-jwt branch from 1b41ea8 to 878b377 Compare May 6, 2026 14:39
@jpetto jpetto merged commit 4c1e93c into main May 6, 2026
7 checks passed
@jpetto jpetto deleted the HNT-2548-reject-requests-without-valid-jwt branch May 6, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmiermans mmiermans mmiermans approved these changes

@nina-py nina-py Awaiting requested review from nina-py nina-py is a code owner automatically assigned from Pocket/backend

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jpetto @mmiermans