Require operator token for gRPC pause and resume by homerquan · Pull Request #5 · MirrorNeuronLab/MirrorNeuron

homerquan · 2026-05-18T17:40:50Z

The PauseJob and ResumeJob gRPC RPCs previously allowed unauthenticated clients to change job lifecycle state, creating an availability/control vulnerability.
The change adds a minimal operator-auth guard to ensure only callers possessing an operator token can invoke these state-changing RPCs.

Add MirrorNeuron.Grpc.Auth which reads MN_GRPC_OPERATOR_TOKEN and provides authorize_operator!/1 and authorized?/2 to validate bearer or MirrorNeuron-specific token headers with a constant-time compare.
Gate PauseJob and ResumeJob handlers by calling MirrorNeuron.Grpc.Auth.authorize_operator!(stream) before invoking MirrorNeuron.pause/1 or MirrorNeuron.resume/1.
Update README.md to document the new MN_GRPC_OPERATOR_TOKEN configuration key.
Add focused unit tests in tests/unit/grpc/auth_test.exs that exercise header extraction (including adapter/http request headers) and token matching behavior.

Ran mix format --check-formatted, which succeeded.
Ran the new tests directly with elixir -r lib/mirror_neuron_grpc/auth.ex -e 'ExUnit.start()' tests/unit/grpc/auth_test.exs, and they completed with 0 failures.
mix test could not be run to completion in this environment because Hex/dependency fetches failed (network/proxy prevented mix local.hex / dependency installation).

Require operator token for gRPC pause resume

3fbab59

homerquan added aardvark codex labels May 18, 2026 — with ChatGPT Codex Connector

homerquan merged commit c4b024d into main May 18, 2026
1 check passed

Provide feedback