refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) #437
No reviewers
Labels
No labels
admin
analytics
auth
automation
bug
business
chore
ci
compliance
data
data-moat
docs
duplicate
dx
enhancement
Fable 5 ревью
feedback/max
generative
GG-форсайт
needs-discussion
needs-human
observability
pause-bots
performance
priority/p0
priority/p1
priority/p2
priority/p3
scope/backend
scope/db
scope/devops
scope/frontend
scope/qa
scrapers
security
site-finder
stage/1
stage/2
status/blocked
status/done
status/needs-analysis
status/needs-fix
status/qa
status/ready
status/review
status/wip
tech-debt
tradein
ux
week ревью 1
wontfix
вторичка
ИРД
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lekss361/gendesign#437
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "refactor/remove-app-admin-auth"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
AdminTokenAuthdep из 43 endpoints в 5 admin файлах — Caddy basic_auth (PR #426) даёт достаточную network-level защитуbackend/.env.example:SCRAPE_ADMIN_TOKENпомечен DEPRECATED с инструкцией rollbackЧто НЕ менялось
core/deps.py:verify_admin_token+AdminTokenAuthостаются (dead code, rollback safety)X-Admin-Tokenheader, backend игнорируетФайлы
admin_scrape.pyadmin_cadastre.pyadmin_jobs.pyadmin_leads.pyadmin_weight_profiles.pyVerification
Test plan
9ed03a8f6atocd0d80b626Merged via deep-code-reviewer — verdict APPROVE (MINOR with follow-ups).
Caddy coverage verification — PASS
gendsgn.rublock:/api/v1/admin/*→handle /api/*→reverse_proxy backend:8000, afterimport caddy/users.caddy.snippet. Verified Caddyfile:67-69.:80IP fallback: same pattern Caddyfile:138-142.ports: 127.0.0.1:8000:8000— NOT public. docker-compose.prod.yml:62-63.obsidian.gendsgn.ru,errors.gendsgn.ru,git.gendsgn.ru) route to OTHER containers — no backend leak.cd0d80b6: all 6 admin route files have 0AdminTokenAuthrefs;core/deps.pyretains 2 (dead code for rollback).Trust shift implications
curl localhost:8000/api/v1/admin/*) was already possible — no regression.Follow-ups (non-blocking, can be separate PRs)
Test fixes (Medium):
backend/tests/test_admin_weight_profiles.py:407-428—test_unauthorized_no_token+test_unauthorized_wrong_tokenwill FAIL (endpoint returns 200, not 401).backend/tests/api/v1/test_admin_cadastre.py:298-307—test_create_job_no_token_returns_401will FAIL.backend/tests/api/v1/test_admin_ekburg_permits.py:79— similar pattern, likely FAIL.ci.yml:70runsuv run pytest -qonrefactor/**push → red CI on GitHub mirror if active. Forgejo deploy.yml does NOT gate on pytest, so prod deploy unaffected.Smoke tests (Low):
backend/tests/smoke/test_prod_smoke.py:139-143—admin_headersfixture should switch tohttpx.BasicAuth("admin", SMOKE_BASIC_AUTH_PASS), иначе через Caddy будет 401.Tradein cron (Low):
tradein-mvp/deploy/cron-scrape.sh:64-78—X-Admin-Tokenheader теперь dead, можно cleanup. Note: script bypasses Caddy viadocker exec backend curl localhost:8000/...— внутренний доступ open by design.Stale comments (nits):
backend/app/api/v1/analytics.py:232— упоминание X-Admin-Token.backend/.env.example:30— упомянут "PR #436", остальные docstrings ссылаются на PR #426. Off-by-one.Vault decision (must): создать
decisions/2026-05-23_admin_auth_caddy_only.md— trust boundary shift, rollback path, dead code retention timeline (suggest 30 дней post-pilot).Frontend cleanup (next sprint):
frontend/src/app/admin/**+frontend/src/lib/api/weightProfiles.tsпродолжают слатьX-Admin-Token— backend silently ignores. Регенерироватьapi-types.tsпосле deploy backend, потом убрать sends.Dead code timeline: через 30 дней post-pilot (если Caddy alone подтверждён достаточным) — удалить
verify_admin_token+AdminTokenAuthизcore/deps.pyиSCRAPE_ADMIN_TOKENиз.env.example.Post-deploy manual smoke (per PR test plan)
curl https://gendsgn.ru/api/v1/admin/scrape/queue→ 401 Caddycurl -u admin:<pass> https://gendsgn.ru/api/v1/admin/scrape/queue→ 200curl -u admin:wrong https://gendsgn.ru/api/v1/admin/scrape/queue→ 401 CaddyMerge commit:
b233bf91cc1f05336725f29435c357fcabd4c19b. deploy.yml auto-triggers onbackend/**path.