wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2025-12-14 16:57:05 +08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
master
ComfyUI/app
History
Dr.Lt.Data af96d9812d
feat(security): add System User protection with __ prefix (#10966) 
* feat(security): add System User protection with `__` prefix

Add protected namespace for custom nodes to store sensitive data
(API keys, licenses) that cannot be accessed via HTTP endpoints.

Key changes:
- New API: get_system_user_directory() for internal access
- New API: get_public_user_directory() with structural blocking
- 3-layer defense: header validation, path blocking, creation prevention
- 54 tests covering security, edge cases, and backward compatibility

System Users use `__` prefix (e.g., __system, __cache) following
Python's private member convention. They exist in user_directory/
but are completely blocked from /userdata HTTP endpoints.

* style: remove unused imports
2025-11-28 21:28:42 -05:00
..
database Add support for sqlite database (#8444) 2025-06-11 16:43:39 -04:00
__init__.py Add FrontendManager to manage non-default front-end impl (#3897) 2024-07-16 11:26:11 -04:00
app_settings.py Update frontend to v1.25.10 and revert navigation mode override (#9522) 2025-08-23 17:54:01 -04:00
custom_node_manager.py This should not be a warning. (#7946) 2025-05-05 07:49:07 -04:00
frontend_management.py Update server templates handler to use new multi-package distribution (comfyui-workflow-templates versions >=0.3) (#10791) 2025-11-19 22:36:56 -08:00
logger.py Repeat frontend version warning at the end. 2025-03-12 07:13:40 -04:00
model_manager.py API for Recently Used Items (#8792) 2025-08-01 22:02:06 -04:00
subgraph_manager.py Add custom node published subgraphs endpoint (#10438) 2025-10-21 23:16:16 -04:00
user_manager.py feat(security): add System User protection with __ prefix (#10966) 2025-11-28 21:28:42 -05:00