* @brief Gates remote-origin device-write commands behind the consent prompt; commands that * never touch the hardware always pass. Keeps the command path consistent with the * raw byte paths, which run the same gate. */
| 621 | * raw byte paths, which run the same gate. |
| 622 | */ |
| 623 | bool API::Server::authorizeRemoteCommand(const QString& command) |
| 624 | { |
| 625 | static const QSet<QString> kControlScriptOnlyCommands = { |
| 626 | QStringLiteral("system.exec"), |
| 627 | QStringLiteral("system.kill"), |
| 628 | QStringLiteral("system.runningProcesses"), |
| 629 | }; |
| 630 | |
| 631 | if (kControlScriptOnlyCommands.contains(command)) |
| 632 | return false; |
| 633 | |
| 634 | static const QSet<QString> kDeviceWriteCommands = { |
| 635 | QStringLiteral("io.writeData"), |
| 636 | QStringLiteral("io.ble.writeCharacteristic"), |
| 637 | QStringLiteral("console.send"), |
| 638 | }; |
| 639 | |
| 640 | if (!kDeviceWriteCommands.contains(command)) |
| 641 | return true; |
| 642 | |
| 643 | return authorizeDeviceWrite(); |
| 644 | } |
| 645 | |
| 646 | /** |
| 647 | * @brief Consumes the first line as a {"type":"auth","token":...} handshake before commands. |
no test coverage detected