Close app_api blocklist gap for bare /api/tokens and /api/users

The blocklist prefixes had trailing slashes, so path.startswith() only matched /api/tokens/{id} but not /api/tokens itself — the bare GET (list) and POST (mint) endpoints were reachable via app_api. Same gap on /api/users (list/create/delete). Drop trailing slashes so both bare and sub-resource forms are blocked. /api/auth and /api/admin had no bare endpoints today but get the same treatment to prevent future drift. Caught by #1462.
2026-06-03 11:16:56 +09:00
parent aa5e3f6884
commit 6153c5ed68
1 changed files with 4 additions and 4 deletions
--- a/src/tool_implementations.py
+++ b/src/tool_implementations.py
@@ -2671,10 +2671,10 @@ async def _cookbook_register_task(session_id: str, model: str, host: str,
 # when the agent is admin-context — accidental "delete account"
 # style mistakes have permanent blast radius.
 _APP_API_BLOCKLIST_PREFIXES = (
-    "/api/auth/",          # login/logout/password
-    "/api/users/",         # user CRUD
-    "/api/tokens/",        # api token mgmt
-    "/api/admin/",         # admin one-shots (wipe etc.)
+    "/api/auth",           # login/logout/password
+    "/api/users",          # user CRUD (bare /api/users list+create+delete must also block)
+    "/api/tokens",         # api token mgmt (bare /api/tokens list+create must also block)
+    "/api/admin",          # admin one-shots (wipe etc.)
    "/api/backup/restore", # destructive restore
 )