xpltdco/media-rip
1
0
Fork 0
mirror of https://github.com/xpltdco/media-rip.git synced 2026-04-03 02:53:58 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
media-rip/frontend
History
xpltd 4b766bb0e7 Security hardening: API key system, container hardening 
API Key (Sonarr/Radarr style):
- Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke
- Persisted in SQLite via settings system
- When set, POST /api/downloads requires X-API-Key header or browser origin
- Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent)
- No key configured = open access (backward compatible)

Container hardening:
- Strip SUID/SGID bits from all binaries in image
- Make /app source directory read-only (only /downloads and /data writable)

Download endpoint:
- New _check_api_access guard on POST /api/downloads
- Timing-safe key comparison via secrets.compare_digest
2026-03-22 00:42:10 -05:00
..
src Security hardening: API key system, container hardening 2026-03-22 00:42:10 -05:00
.gitignore M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
env.d.ts M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
index.html M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
package-lock.json M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
package.json M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
tsconfig.json M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
tsconfig.node.json M001: media.rip() v1.0 — complete application 2026-03-18 20:00:17 -05:00
vite.config.ts R021/R022/R026: Docker, CI/CD, deployment example 2026-03-19 06:57:25 -05:00