kingbri 8381305f70 Server: Add API key for security ...

When the extras server was hosted publicly, there was a huge security
risk of anyone finding a cloudflare tunnel URL and directly querying
API routes.

However, this had a simple solution of implementing middleware to check
if a generated API key is valid. Since the server is simple, the API
key is a string of bytes stored in a textfile. If that textfile is
deleted, extras will automatically create a new API key/textfile.

Additionally, this is enabled via an optional argument to prevent
local user irritation.

Signed-off-by: kingbri <bdashore3@proton.me>

2023-06-02 22:26:54 -04:00

29 KiB

Raw Blame History

View Raw