diff --git a/.github/templates/README.template.md b/.github/templates/README.template.md index c1a1cc54..66bcd9fa 100644 --- a/.github/templates/README.template.md +++ b/.github/templates/README.template.md @@ -220,15 +220,15 @@ Since Secured Signal API is just a Proxy you can use all of the [Signal REST API | Endpoint | | | :-------------------- | ------------------ | -| **/v1/about** | **/v1/unregister** | -| **/v1/configuration** | **/v1/qrcodelink** | +| **/v1/configuration** | **/v1/unregister** | | **/v1/devices** | **/v1/contacts** | | **/v1/register** | **/v1/accounts** | +| **/v1/qrcodelink** | | These Endpoints are blocked by default due to Security Risks. > [!NOTE] -> Matching works by checking if the requested Endpoints starts with a Blocked or an Allowed Endpoint +> Matching uses [glob-style patterns](https://www.gnu.org/software/bash/manual/html_node/Pattern-Matching.html): `*` matches any sequence of characters, `?` matches a single character and `[abc]` matches one of the characters in the brackets You can modify endpoints by configuring `access.endpoints` in your config: @@ -252,7 +252,7 @@ By default adding an endpoint explictly allows access to it, use `!` to block it | :------------- | :------------- | :--------: | --- | :---------------: | --- | | `/v2/send` | `unset` | **all** | 🛑 | **`/v2/send`** | ✅ | | `unset` | `!/v1/receive` | **all** | ✅ | **`/v1/receive`** | 🛑 | -| `/v2` | `!/v2/send` | **`/v2*`** | 🛑 | **`/v2/send`** | ✅ | +| `!/v2*` | `/v2/send` | **`/v2*`** | 🛑 | **`/v2/send`** | ✅ | ### Variables diff --git a/docs/configuration/endpoints.md b/docs/configuration/endpoints.md index d0c05493..02dcd63e 100644 --- a/docs/configuration/endpoints.md +++ b/docs/configuration/endpoints.md @@ -13,15 +13,15 @@ but by default the following endpoints are **blocked**, because of Security Conc | Endpoint | | | :-------------------- | ------------------ | -| **/v1/about** | **/v1/unregister** | -| **/v1/configuration** | **/v1/qrcodelink** | +| **/v1/configuration** | **/v1/unregister** | | **/v1/devices** | **/v1/contacts** | | **/v1/register** | **/v1/accounts** | +| **/v1/qrcodelink** | | ## Customize > [!NOTE] -> Matching works by checking if the requested Endpoints starts with a Blocked or an Allowed Endpoint +> Matching uses [glob-like patterns](https://www.gnu.org/software/bash/manual/html_node/Pattern-Matching.html): `*` matches any sequence of characters, `?` matches a single character and `[abc]` matches one of the characters in the brackets You can modify endpoints by configuring `access.endpoints` in your config: @@ -45,4 +45,4 @@ By default adding an endpoint explictly allows access to it, use `!` to block it | :------------- | :------------- | :--------: | --- | :---------------: | --- | | `/v2/send` | `unset` | **all** | 🛑 | **`/v2/send`** | ✅ | | `unset` | `!/v1/receive` | **all** | ✅ | **`/v1/receive`** | 🛑 | -| `/v2` | `!/v2/send` | **`/v2*`** | 🛑 | **`/v2/send`** | ✅ | +| `!/v2*` | `/v2/send` | **`/v2*`** | 🛑 | **`/v2/send`** | ✅ | diff --git a/docs/configuration/examples/config.yml b/docs/configuration/examples/config.yml index 3591048c..3405163f 100644 --- a/docs/configuration/examples/config.yml +++ b/docs/configuration/examples/config.yml @@ -25,5 +25,11 @@ settings: access: endpoints: - - !/v1/about + - "!/v1/about" - /v2/send + + fieldPolicies: + "@number": { + value: "+123400003", + action: block + } diff --git a/docs/configuration/examples/token.yml b/docs/configuration/examples/token.yml index 27005cf9..f80e4f2e 100644 --- a/docs/configuration/examples/token.yml +++ b/docs/configuration/examples/token.yml @@ -7,4 +7,4 @@ overrides: access: endpoints: # Disable Sending - - !/v2/send + - "!/v2/send"