feat(security): hardcode API mode and disable token authentication
- Hardcode APIMode=true in settings.h (const, cannot be changed) - Remove accessToken from settings struct - Disable token authentication (authorized=false permanently) - Disable default_url feature - users must provide url parameter - Remove api_mode and api_access_token from all config files - Remove API_MODE and API_TOKEN environment variable support This is a security enhancement that forces API-mode-only operation. Users must provide url parameter for all conversions.
This commit is contained in:
@@ -1,9 +1,7 @@
|
||||
[common]
|
||||
;API mode, set to true to prevent loading local subscriptions or serving local files directly
|
||||
api_mode=true
|
||||
;API mode is hardcoded to true for security - cannot be configured
|
||||
;Token authentication is disabled - users must provide url parameter
|
||||
|
||||
;Access token used for performing critical action through Web interface
|
||||
api_access_token=password
|
||||
|
||||
;Default URLs, used when no URL is provided in request, use "|" to separate multiple subscription links, supports local files/URL
|
||||
default_url=
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
version = 1
|
||||
[common]
|
||||
# API mode, set to true to prevent loading local subscriptions or serving local files directly
|
||||
api_mode = true
|
||||
# API mode is hardcoded to true for security - cannot be configured
|
||||
# Token authentication is disabled - users must provide url parameter
|
||||
|
||||
# Access token used for performing critical action through Web interface
|
||||
api_access_token = "password"
|
||||
|
||||
# Default URLs, used when no URL is provided in request, use "|" to separate multiple subscription links, supports local files/URL
|
||||
default_url = []
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
common:
|
||||
api_mode: true
|
||||
api_access_token: password
|
||||
# API mode is hardcoded to true - token auth disabled
|
||||
default_url: []
|
||||
enable_insert: true
|
||||
insert_url: []
|
||||
|
||||
Reference in New Issue
Block a user