Alexander/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: enforce auth on all API write endpoints, remove mario-kart
Some checks failed
CI / update (push) Has been cancelled
Details

Browse Source 
- Remove all mario-kart routes and model (zero auth, unused)
- Add requireGroup() helper to auth middleware
- Recipe write APIs (add/edit/delete/img/*): require rezepte_users group
- Translate endpoint: require rezepte_users (was fully unauthenticated)
- Nutrition overwrites: require auth (was no-op)
- Nutrition generate-all: require rezepte_users (was no-op)
- Alt-text/color endpoints: require rezepte_users group
- Image delete/mv: add path traversal protection
- Period shared endpoint: normalize username for consistent lookup
This commit is contained in:
Alexander Bocken
2026-04-07 20:10:48 +02:00
parent 8e4ba896e1
commit 2dce83de55
24 changed files with 119 additions and 1211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "homepage",
"version": "1.4.4",
"version": "1.5.0",
"private": true,
"type": "module",
"scripts": {