xpltdco/media-rip
1
0
Fork 0
mirror of https://github.com/xpltdco/media-rip.git synced 2026-04-03 02:53:58 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
media-rip/backend/app/routers
History
xpltd 4b766bb0e7 Security hardening: API key system, container hardening 
API Key (Sonarr/Radarr style):
- Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke
- Persisted in SQLite via settings system
- When set, POST /api/downloads requires X-API-Key header or browser origin
- Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent)
- No key configured = open access (backward compatible)

Container hardening:
- Strip SUID/SGID bits from all binaries in image
- Make /app source directory read-only (only /downloads and /data writable)

Download endpoint:
- New _check_api_access guard on POST /api/downloads
- Timing-safe key comparison via secrets.compare_digest
2026-03-22 00:42:10 -05:00
..
__init__.py M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
admin.py Security hardening: API key system, container hardening 2026-03-22 00:42:10 -05:00
cookies.py Docker self-hosting: fix persistence, add data_dir config 2026-03-19 09:56:10 -05:00
downloads.py Security hardening: API key system, container hardening 2026-03-22 00:42:10 -05:00
files.py M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
formats.py M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
health.py Dynamic app version from git tag + file size display in queue 2026-03-21 23:45:48 -05:00
sse.py Fix SSE keepalive: yield explicit ping event, enforce test timeout 2026-03-21 20:57:50 -05:00
system.py Purge intervals: hours→minutes, default ON at 1440min (24h) 2026-03-21 20:33:13 -05:00
themes.py M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00