Arnike/duty-teller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

docs: update environment configuration and API documentation
All checks were successful
CI / lint-and-test (push) Successful in 24s
Details

Browse Source 
- Revised the `.env.example` file to clarify the purpose of the `MINI_APP_SKIP_AUTH` variable, emphasizing its insecure nature and restriction to development use only.
- Updated the `README.md` to reflect changes in API authentication requirements, specifying that unauthenticated access to `/api/duties` and `/api/calendar-events` is only allowed with `MINI_APP_SKIP_AUTH=1`.
- Enhanced `configuration.md` to detail the implications of using `MINI_APP_SKIP_AUTH` for API access without Telegram initData.
- Removed the `_is_private_client` function and its associated tests, streamlining the codebase and focusing on the current authentication model.
- Added logging in `run.py` to warn when `MINI_APP_SKIP_AUTH` is enabled, highlighting the security risks.
This commit is contained in:
Nikolay Tatarinov
2026-02-21 15:13:39 +03:00
parent a81103e90d
commit 7ba4771501
9 changed files with 32 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tests/test_api_dependencies.py
View File

@@ -71,29 +71,3 @@ class TestValidateDutyDates:
assert exc_info.value.status_code == 400
assert exc_info.value.detail == "From after to message"
mock_t.assert_called_with("ru", "dates.from_after_to")
class TestIsPrivateClient:
"""Tests for _is_private_client."""
def test_loopback_true(self):
assert deps._is_private_client("127.0.0.1") is True
assert deps._is_private_client("::1") is True
def test_rfc1918_private_true(self):
assert deps._is_private_client("10.0.0.1") is True
assert deps._is_private_client("192.168.1.1") is True
assert deps._is_private_client("172.16.0.1") is True
assert deps._is_private_client("172.31.255.255") is True
def test_public_ip_false(self):
assert deps._is_private_client("8.8.8.8") is False
def test_non_ip_false(self):
assert deps._is_private_client("example.com") is False
assert deps._is_private_client("") is False
assert deps._is_private_client(None) is False
def test_172_non_private_octet_false(self):
assert deps._is_private_client("172.15.0.1") is False
assert deps._is_private_client("172.32.0.1") is False