feat: enhance HTTP handling and configuration
All checks were successful
CI / lint-and-test (push) Successful in 24s
All checks were successful
CI / lint-and-test (push) Successful in 24s
- Introduced a new utility function `safe_urlopen` to ensure only allowed URL schemes (http, https) are opened, enhancing security against path traversal vulnerabilities. - Updated the `run.py` and `calendar_ics.py` files to utilize `safe_urlopen` for HTTP requests, improving error handling and security. - Added `HTTP_HOST` configuration to the settings, allowing dynamic binding of the HTTP server host. - Revised the `.env.example` file to include the new `HTTP_HOST` variable with a description. - Enhanced tests for `safe_urlopen` to validate behavior with disallowed URL schemes and ensure proper integration in existing functionality.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
BOT_TOKEN=your_bot_token_here
|
||||
DATABASE_URL=sqlite:///data/duty_teller.db
|
||||
MINI_APP_BASE_URL=
|
||||
# HTTP_HOST=127.0.0.1 # use 0.0.0.0 to bind all interfaces
|
||||
HTTP_PORT=8080
|
||||
|
||||
# Access: roles are assigned in the DB by an admin via /set_role. When a user has no role in DB,
|
||||
|
||||
Reference in New Issue
Block a user