fix faulty if statement and replace the DECO_RELOAD_TOKEN to DECO_RELEASE_RELOAD_TOKEN

[0xcucumbersalad]

Summary

The /.decofile/reload endpoint previously failed open when no token was configured — any unauthenticated POST could replace the running site's entire decofile. This PR closes that gap and aligns the env var name with what the operator already sends.

Changes

• Fail-closed auth in runtime/routes/reload.ts: if the reload token env var is unset, or the request's Authorization header is missing/wrong, the handler returns 401. Previously if (RELOAD_TOKEN && token !== RELOAD_TOKEN) skipped the check entirely when the env var was unset.
• Renamed env var DECO_RELOAD_TOKEN → DECO_RELEASE_RELOAD_TOKEN to match the name the decofile operator already reads from the pod spec when constructing the Authorization header. Removes a silent name-mismatch that meant auth was effectively never enforced in operator-managed deployments.

---

Summary by cubic

Secure the /.decofile/reload endpoint by enforcing token auth even when no env var is set. Bumps @deco/deco, @deco/dev, and @deco/scripts to 1.196.2-beta.

• Bug Fixes

  • Fail-closed auth: if DECO_RELEASE_RELOAD_TOKEN is unset or the Authorization header is missing/invalid, return 401.
  • Renamed DECO_RELOAD_TOKEN to DECO_RELEASE_RELOAD_TOKEN to align with the operator.

• Migration

  • Set DECO_RELEASE_RELOAD_TOKEN in your environment/secret.
  • Call /.decofile/reload with Authorization: Bearer <token>.
  • Remove any use of DECO_RELOAD_TOKEN.

^{Written for commit 87b8b53. Summary will update on new commits. Review in cubic}

Summary by CodeRabbit

• Chores
  • Enforced stricter validation for the reload endpoint so unauthorized or missing tokens are rejected.
  • Renamed the reload token environment variable used by the runtime.
  • Bumped package metadata version strings to a beta identifier for the published packages.

[github-actions]

Tagging Options

Should a new tag be published when this PR is merged?

• 👍 for Patch 1.196.3 update
• 🎉 for Minor 1.197.0 update
• 🚀 for Major 2.0.0 update

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a45e1056-8301-4ae1-8182-cd5038a26528

📥 Commits

Reviewing files that changed from the base of the PR and between 51af334 and 87b8b53.

📒 Files selected for processing (3)

• deno.json
• dev/deno.json
• scripts/deno.json

✅ Files skipped from review due to trivial changes (3)

• scripts/deno.json
• dev/deno.json
• deno.json

---

📝 Walkthrough

Walkthrough

The reload endpoint's authorization now requires the token from DECO_RELEASE_RELOAD_TOKEN and rejects requests when no token is configured or when the provided token is missing/mismatched; package version strings were changed to 1.196.2-beta in three deno.json files.

Changes

Cohort / File(s)	Summary
Reload Endpoint Authorization runtime/routes/reload.ts	Switched expected env var to DECO_RELEASE_RELOAD_TOKEN; tightened auth check to 401 when token is unset or mismatched; simplified unauthorized response shape.
Package Metadata Versions deno.json, dev/deno.json, scripts/deno.json	Bumped package version strings from 1.196.2 to 1.196.2-beta only; no other metadata or dependency changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Secure decofile reload #1003: Previously added token-based Bearer auth to the same reload endpoint; closely related to the token-name and logic changes here.
• [chore]: Change reload approach to receive decofile as payload #1002: Other changes to the reload endpoint's request handling/control flow; touches the same endpoint.
• fix revision ID to not vary between PODS #1033: Modified revision/timestamp handling for the reload endpoint; affects the same route.

Suggested reviewers

• mcandeia
• hugo-ccabral

Poem

🐰 A token swapped, a gate made tight,
No phantom calls slip past the light,
Env set true, the check stays keen,
Reloads now only when it's seen,
Hoppity hop, secure and bright! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the two main changes: fixing the authentication logic in the reload endpoint and renaming the environment variable.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/deco-reload-vulnerability

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file