...loakHQ#217)
The path-traversal half of CloakHQ#217 was fixed in babef04. The remaining
gaps were:
- /json/*, /devtools/*, and /fingerprint/*/devtools/* served CDP
 metadata + WebSocket control with no authentication.
- Inside a container the auto-detect binds to 0.0.0.0, so docker
 port-forwards expose the CDP surface to anyone on the network by
 default — exactly the deployment shape the reporter flagged.
This change adds two opt-in knobs and a startup warning:
1. ``--auth-token=<secret>`` (or env ``CLOAKSERVE_AUTH_TOKEN``) installs
 an aiohttp middleware that requires ``Authorization: Bearer <secret>``
 or ``?token=<secret>`` on every /json, /devtools, and /fingerprint/...
 route. ``/`` (status) stays open so health checks keep working.
 Comparison is ``hmac.compare_digest`` to avoid timing oracles.
2. ``--host=<addr>`` lets the operator pin the bind address explicitly
 instead of relying on the dockerenv auto-detect. Default behaviour
 is unchanged: loopback off-container, 0.0.0.0 in a container.
3. When the resolved bind is non-loopback AND no auth token is set, the
 server prints a loud WARNING at startup pointing the operator at the
 new flag. This is the realistic remediation path for the existing
 deployments that turned up in the report — they keep working but
 get a clear nudge.
Backwards-compatible: no token = no auth = current behaviour.
Closes one of the open gaps in CloakHQ#217. Path containment + safe rmtree
were already addressed; per-IP rate limiting is left for a follow-up.
Tests: 12 new in TestHostAndAuthCli + TestAuthMiddleware; full
test_cloakserve.py suite green at 66 passed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@journeytosilius journeytosilius left a comment

Addresses both review blockers on CloakHQ#248:
1. ``parse_connection_params`` did not exclude ``token`` from the generic
 fingerprint passthrough. A request like ``/json/version?token=secret``
 authenticated in the middleware, then the same query string was parsed
 again by the launch path and ``token`` fell through to the catch-all
 branch — yielding ``--fingerprint-token=secret`` in Chrome's argv.
 That leaked the auth secret to child process args (visible in ``ps``)
 and pushed an unsupported flag at the Chrome binary.
 Add ``token`` to ``SPECIAL_PARAMS`` so the parser silently drops it
 from launch params. Two new tests cover bare ``?token=`` and the
 mixed ``fingerprint=...&token=...`` case.
2. The rewritten ``webSocketDebuggerUrl`` in ``/json/version`` and
 ``/json/list`` was emitted without any auth query, so a client that
 authenticated via the ``?token=`` compat path (the documented
 ``connect_over_cdp(URL_STRING)`` flow) followed the URL and got 401
 on the WebSocket handshake. The WS handshake cannot carry the same
 Authorization header that worked on the JSON probe in that flow, so
 the rewritten URL itself must carry the secret.
 New ``_append_token_query(url, token)`` helper appends
 ``?token=<urlquoted-token>`` (or ``&token=...`` if a query already
 exists) when ``app["auth_token"]`` is configured. Both rewrite
 sites call it. Tests:
 - ``TestAppendTokenQuery`` (5 unit cases: no-token no-op,
 no-query append, with-query append, URL encoding, fingerprint
 path).
 - ``TestHandleJsonVersionTokenPropagation`` (2 end-to-end cases
 against a stub Chrome upstream — one with auth on, one with auth
 off, asserting the WS URL carries / omits the token correctly).
Full suite: 75 passed (66 prior + 9 new).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>