Arnike/duty-teller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

docs: update environment configuration and API documentation
All checks were successful
CI / lint-and-test (push) Successful in 24s
Details

Browse Source 
- Revised the `.env.example` file to clarify the purpose of the `MINI_APP_SKIP_AUTH` variable, emphasizing its insecure nature and restriction to development use only.
- Updated the `README.md` to reflect changes in API authentication requirements, specifying that unauthenticated access to `/api/duties` and `/api/calendar-events` is only allowed with `MINI_APP_SKIP_AUTH=1`.
- Enhanced `configuration.md` to detail the implications of using `MINI_APP_SKIP_AUTH` for API access without Telegram initData.
- Removed the `_is_private_client` function and its associated tests, streamlining the codebase and focusing on the current authentication model.
- Added logging in `run.py` to warn when `MINI_APP_SKIP_AUTH` is enabled, highlighting the security risks.
This commit is contained in:
Nikolay Tatarinov
2026-02-21 15:13:39 +03:00
parent a81103e90d
commit 7ba4771501
9 changed files with 32 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@@ -12,7 +12,8 @@ ADMIN_USERNAMES=admin1,admin2
# ALLOWED_PHONES=
# ADMIN_PHONES=79001111111
# Dev only: set to 1 to allow calendar without Telegram initData (insecure; do not use in production).
# Dev only: set to 1 to allow /api/duties and /api/calendar-events without Telegram initData.
# Insecure — never use in production.
# MINI_APP_SKIP_AUTH=1
# Optional: URL of a public ICS calendar (e.g. holidays). Days from this calendar are highlighted on the duty grid; click "i" for summary.