zhi/HarborForge.Cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge fix/security-audit: CLI credential hardening

Browse Source
This commit is contained in:
h z
2026-06-01 09:23:52 +01:00
parent ef8d4dbdad 4125a4c102
commit 729365ca46
2 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/commands/auth.go
View File

@@ -1,6 +1,9 @@
package commands
import (
"os"
"strings"
"git.hangman-lab.top/zhi/HarborForge.Cli/internal/mode"
"git.hangman-lab.top/zhi/HarborForge.Cli/internal/output"
"git.hangman-lab.top/zhi/HarborForge.Cli/internal/passmgr"
@@ -20,11 +23,16 @@ func ResolveToken(tokenFlag string) string {
}
return tok
}
// manual mode
if tokenFlag == "" {
output.Error("--token <token> required or execute this with pcexec")
// manual mode — prefer the explicit flag, else fall back to the HF_TOKEN
// env var so the token need not appear in argv (visible via `ps`/history).
if tokenFlag != "" {
return tokenFlag
}
return tokenFlag
if env := strings.TrimSpace(os.Getenv("HF_TOKEN")); env != "" {
return env
}
output.Error("--token <token> or HF_TOKEN env required, or execute this with pcexec")
return ""
}
// RejectTokenInPaddedCell checks if --token was passed in padded-cell mode