xpltdco/media-rip
1
0
Fork 0
mirror of https://github.com/xpltdco/media-rip.git synced 2026-04-03 02:53:58 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
media-rip/backend/app/core
History
xpltd 4b766bb0e7 Security hardening: API key system, container hardening 
API Key (Sonarr/Radarr style):
- Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke
- Persisted in SQLite via settings system
- When set, POST /api/downloads requires X-API-Key header or browser origin
- Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent)
- No key configured = open access (backward compatible)

Container hardening:
- Strip SUID/SGID bits from all binaries in image
- Make /app source directory read-only (only /downloads and /data writable)

Download endpoint:
- New _check_api_access guard on POST /api/downloads
- Timing-safe key comparison via secrets.compare_digest
2026-03-22 00:42:10 -05:00
..
__init__.py M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
config.py Security hardening: API key system, container hardening 2026-03-22 00:42:10 -05:00
database.py Dynamic app version from git tag + file size display in queue 2026-03-21 23:45:48 -05:00
sse_broker.py Settings layout rework, purge fix, SSE broadcast 2026-03-19 06:04:59 -05:00