From 321cbe8789cd1df74dcab2404dc36f68b1422904 Mon Sep 17 00:00:00 2001 From: greg Date: Sat, 24 May 2025 09:22:07 +0200 Subject: [PATCH] feat: implement secure Express API server for markdown content management --- src/api/server.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/api/server.js b/src/api/server.js index 2b2c26e..5730b99 100644 --- a/src/api/server.js +++ b/src/api/server.js @@ -22,6 +22,8 @@ app.use(cors()); app.use(bodyParser.json({ limit: '1mb' })); // Added body parser size limit // Basic authentication - only if credentials are set +// Commenting out API-level Basic Auth as Caddy reverse proxy will handle it. +/* if (USERNAME && PASSWORD) { app.use(basicAuth({ users: { [USERNAME]: PASSWORD }, @@ -35,6 +37,7 @@ if (USERNAME && PASSWORD) { // A better approach for production would be to throw an error and exit: // throw new Error('Admin credentials not configured'); } +*/ // Helper function for filename validation and path construction function getSafeFilePath(filename) {