vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-05-22 19:47:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge af3ae2939a into 7ba1d61e34

Browse source
This commit is contained in:
Spidershield-contrib 2026-05-14 08:42:06 +08:00 committed by GitHub
commit bcaa0976dc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
helpers/fasta2a_server.py
View file

@ -1,5 +1,6 @@
# noqa: D401 (docstrings) internal helper
import asyncio
import hmac
import uuid
import atexit
from typing import Any, List
@ -457,7 +458,7 @@ class DynamicA2AProxy:
cfg = settings.get_settings()
expected_token = cfg.get("mcp_server_token")
if expected_token and request_token != expected_token:
if expected_token and not hmac.compare_digest(request_token, expected_token):
# Invalid token, return 401
await send({
'type': 'http.response.start',
@ -533,8 +534,8 @@ class DynamicA2AProxy:
api_key = request.headers.get("X-API-KEY") or request.query_params.get("api_key")
is_authorized = (
(auth_header.startswith("Bearer ") and auth_header.split(" ", 1)[1] == expected) or
(api_key == expected)
(auth_header.startswith("Bearer ") and hmac.compare_digest(auth_header.split(" ", 1)[1], expected)) or
(api_key is not None and hmac.compare_digest(api_key, expected))
)
if not is_authorized: