mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 12:15:57 +00:00
fix(cliproxy): scrub GitLab PAT env after token-login auth (#1360)
* fix(cliproxy): scrub gitlab pat env var after auth handoff * style: apply prettier formatting
This commit is contained in:
@@ -999,8 +999,8 @@ async function handleGitLabPatLogin(
|
||||
const baseUrl = normalizeGitLabBaseUrl(options?.gitlabBaseUrl);
|
||||
const knownTokenFiles = listProviderTokenSnapshots(provider, tokenDir);
|
||||
const suppliedToken = options?.gitlabPersonalAccessToken?.trim();
|
||||
const personalAccessToken =
|
||||
suppliedToken || process.env['GITLAB_PERSONAL_ACCESS_TOKEN']?.trim() || undefined;
|
||||
const envPersonalAccessToken = process.env['GITLAB_PERSONAL_ACCESS_TOKEN']?.trim() || undefined;
|
||||
const personalAccessToken = suppliedToken || envPersonalAccessToken;
|
||||
|
||||
let token = personalAccessToken;
|
||||
if (!token) {
|
||||
@@ -1015,6 +1015,11 @@ async function handleGitLabPatLogin(
|
||||
return null;
|
||||
}
|
||||
|
||||
// PAT provided via process env should never be forwarded to downstream runtime.
|
||||
if (!suppliedToken && envPersonalAccessToken) {
|
||||
delete process.env['GITLAB_PERSONAL_ACCESS_TOKEN'];
|
||||
}
|
||||
|
||||
const response = await fetch(buildProxyUrl(target, '/v0/management/gitlab-auth-url'), {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
|
||||
Reference in New Issue
Block a user