xpltd 4b766bb0e7 Security hardening: API key system, container hardening ... API Key (Sonarr/Radarr style): - Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke - Persisted in SQLite via settings system - When set, POST /api/downloads requires X-API-Key header or browser origin - Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent) - No key configured = open access (backward compatible) Container hardening: - Strip SUID/SGID bits from all binaries in image - Make /app source directory read-only (only /downloads and /data writable) Download endpoint: - New _check_api_access guard on POST /api/downloads - Timing-safe key comparison via secrets.compare_digest		2026-03-22 00:42:10 -05:00
..
app	Security hardening: API key system, container hardening	2026-03-22 00:42:10 -05:00
tests	Dynamic app version from git tag + file size display in queue	2026-03-21 23:45:48 -05:00
.gitignore	M001: media.rip() v1.0 — complete application	2026-03-18 20:00:17 -05:00
pyproject.toml	M001: media.rip() v1.0 — complete application	2026-03-18 20:00:17 -05:00
requirements.txt	M001: media.rip() v1.0 — complete application	2026-03-18 20:00:17 -05:00
start.py	Purge intervals: hours→minutes, default ON at 1440min (24h)	2026-03-21 20:33:13 -05:00