Secure server routes behind editor toolbar env var (#828)

Author: wwwillchen

mesop/server/server.py

@@ -26,6 +26,11 @@
   "MESOP_AI_SERVICE_BASE_URL", "http://localhost:43234"
 )
 
+EXPERIMENTAL_EDITOR_TOOLBAR_ENABLED = (
+  os.environ.get("MESOP_EXPERIMENTAL_EDITOR_TOOLBAR", "false").lower() == "true"
+)
+
+
 LOCALHOSTS = (
   # For IPv4 localhost
   "127.0.0.1",
@@ -400,6 +405,8 @@ def hot_reload() -> Response:
 
 
 def check_editor_access():
+  if not EXPERIMENTAL_EDITOR_TOOLBAR_ENABLED:
+    abort(403)  # Throws a Forbidden Error
   # Prevent accidental usages of editor mode outside of
   # one's local computer
   if request.remote_addr not in LOCALHOSTS: