chelsea/llm-bot-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix distillation bugs: imports, auth security, and run configuration

Browse Source 
- Fix bare imports in core/ modules to use fully-qualified paths (core.users, core.postgres)
- Fix scheduler/daemon.py importing os before use
- Fix verifyLoginToken returning truthy 401 on failure (security: invalid tokens were passing auth checks)
- Fix api/routes/example.py passing literal True as userUUID instead of decoded JWT sub
- Switch all services to python -m invocation so /app is always on sys.path
- Remove orphaned sys.path.insert hacks from bot.py, commands/example.py, routes/example.py
- Change API port mapping from 5000 to 8080
- Add config/.env and root .env for docker-compose variable substitution

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
chelsea
2026-02-12 21:26:36 -06:00
parent 11c4ff5cb7
commit f53104d947
11 changed files with 39 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
api/routes/example.py
View File

@@ -7,16 +7,22 @@ This module demonstrates:
3. Making database calls via postgres module
"""
import flask
import sys
import os
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import flask
import jwt
import core.auth as auth
import core.postgres as postgres
def _get_user_uuid(token):
"""Decode JWT to extract user UUID. Returns None on failure."""
try:
payload = jwt.decode(token, os.getenv("JWT_SECRET"), algorithms=["HS256"])
return payload.get("sub")
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
return None
def register(app):
"""Register routes with the Flask app."""
@@ -27,8 +33,8 @@ def register(app):
return flask.jsonify({"error": "missing token"}), 401
token = header[7:]
decoded = auth.verifyLoginToken(token, userUUID=True)
if decoded != True:
user_uuid = _get_user_uuid(token)
if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
return flask.jsonify({"error": "unauthorized"}), 401
items = postgres.select("examples")
@@ -41,8 +47,8 @@ def register(app):
return flask.jsonify({"error": "missing token"}), 401
token = header[7:]
decoded = auth.verifyLoginToken(token, userUUID=True)
if decoded != True:
user_uuid = _get_user_uuid(token)
if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
return flask.jsonify({"error": "unauthorized"}), 401
data = flask.request.get_json()