You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
returnerrors.New("admin token is required when authorization is enabled; set AGENTFIELD_AUTHORIZATION_ADMIN_TOKEN or explicitly set AGENTFIELD_INSECURE_ADMIN_NO_TOKEN=true")
186
+
}
187
+
returnnil
188
+
}
189
+
176
190
// AdminTokenAuth enforces a separate admin token for admin routes.
177
-
// If adminToken is empty, the middleware is a no-op (falls back to global API key auth).
178
191
// Admin tokens must be sent via the X-Admin-Token header only (not Bearer) to avoid
179
192
// collision with the API key Bearer token namespace.
logger.Logger.Error().Msg("⚠️ SECURITY WARNING: Authorization is enabled but no admin_token is configured! Admin routes (tag approval, policy management) are unprotected. Set AGENTFIELD_AUTHORIZATION_ADMIN_TOKEN for production use.")
logger.Logger.Warn().Msg("⚠️ Tag approval default_mode is 'auto' — all agent tags will be auto-approved. Set tag_approval_rules.default_mode to 'manual' for production.")
0 commit comments