Skip to content

Fix Hub download token boundary#7177

Draft
Imagineer99 wants to merge 2 commits into
unslothai:mainfrom
Imagineer99:fix/hub-download-token-boundary
Draft

Fix Hub download token boundary#7177
Imagineer99 wants to merge 2 commits into
unslothai:mainfrom
Imagineer99:fix/hub-download-token-boundary

Conversation

@Imagineer99

Copy link
Copy Markdown
Collaborator

Summary

  • prevent Hub download workers from inheriting the backend operator HF_TOKEN when a request omits X-Unsloth-HF-Token
  • force model, GGUF, and dataset metadata calls to use explicit anonymous access when no request token is supplied
  • preserve explicitly supplied request tokens and centralize the Hugging Face token argument conversion

Security behavior

Authenticated Studio callers can choose model and dataset repo IDs. Before this change, omitting the per-request token caused workers and metadata lookups to reuse ambient backend credentials. Anonymous requests now scrub worker credentials, disable implicit authentication, and pass token=False to Hugging Face APIs.

Validation

  • pre-fix worker regression: 1 failed, 1 passed (ambient HF_TOKEN reached the worker)
  • pre-fix metadata matrix: 1 failed, 1 passed (four anonymous paths passed token=None)
  • focused fixed matrix: 5 passed
  • complete Hub backend suite: 132 passed
  • Ruff and git diff --check: clean
  • no-network Hugging Face header check: anonymous call omitted authorization; explicit request token was preserved

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a shared helper function hf_token_arg to sanitize and manage Hugging Face tokens, ensuring that the backend does not implicitly reuse its own ambient HF_TOKEN when fetching metadata or spawning download workers. Multiple services, utilities, and workers are updated to use this helper, and comprehensive unit tests are added to verify the security boundary. The review feedback suggests improving the hf_token_arg helper by stripping leading and trailing whitespace from the token to prevent authentication failures caused by accidental copy-paste errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +13 to +15
def hf_token_arg(hf_token: Optional[str]) -> HfTokenArg:
"""Return an explicit token or disable Hugging Face's ambient credentials."""
return hf_token if hf_token else False

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To prevent authentication failures due to accidental copy-paste errors (such as trailing newlines or spaces), it is recommended to strip leading and trailing whitespace from the Hugging Face token. Additionally, treating a token that consists only of whitespace as empty (and thus falling back to False for anonymous access) prevents invalid authentication requests.

Suggested change
def hf_token_arg(hf_token: Optional[str]) -> HfTokenArg:
"""Return an explicit token or disable Hugging Face's ambient credentials."""
return hf_token if hf_token else False
def hf_token_arg(hf_token: Optional[str]) -> HfTokenArg:
"""Return an explicit token or disable Hugging Face's ambient credentials."""
if hf_token:
stripped = hf_token.strip()
if stripped:
return stripped
return False
References
  1. Maintain consistency with existing patterns by using standard trimming for sanitization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant