docs: update environment configuration and API documentation
All checks were successful
CI / lint-and-test (push) Successful in 24s
All checks were successful
CI / lint-and-test (push) Successful in 24s
- Revised the `.env.example` file to clarify the purpose of the `MINI_APP_SKIP_AUTH` variable, emphasizing its insecure nature and restriction to development use only. - Updated the `README.md` to reflect changes in API authentication requirements, specifying that unauthenticated access to `/api/duties` and `/api/calendar-events` is only allowed with `MINI_APP_SKIP_AUTH=1`. - Enhanced `configuration.md` to detail the implications of using `MINI_APP_SKIP_AUTH` for API access without Telegram initData. - Removed the `_is_private_client` function and its associated tests, streamlining the codebase and focusing on the current authentication model. - Added logging in `run.py` to warn when `MINI_APP_SKIP_AUTH` is enabled, highlighting the security risks.
This commit is contained in:
@@ -81,5 +81,9 @@ def main() -> None:
|
||||
)
|
||||
t.start()
|
||||
|
||||
if config.MINI_APP_SKIP_AUTH:
|
||||
logger.warning(
|
||||
"MINI_APP_SKIP_AUTH is set — API auth disabled (insecure); use only for dev"
|
||||
)
|
||||
logger.info("Bot starting (polling)... HTTP API on port %s", config.HTTP_PORT)
|
||||
app.run_polling(allowed_updates=["message", "my_chat_member"])
|
||||
|
||||
Reference in New Issue
Block a user