Skip to content

Enforce access code from frontend configuration #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TimUx merged 1 commit into from
Nov 18, 2025
Merged

Enforce access code from frontend configuration #24

TimUx merged 1 commit into from
Nov 18, 2025

Conversation

@TimUx
Copy link
Owner

@TimUx TimUx commented Nov 18, 2025

Summary

  • add a fallback that reads the generated frontend config for the access code so API routes are protected even when the environment variable is not set

Testing

  • not run (not requested)

Codex Task

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Nov 18, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

app.py
Comment on lines +33 to +35
prefix = "window.FPP_CONFIG ="
if not raw.startswith(prefix):
return ""
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Handle config.js files with leading comments

When ACCESS_CODE is unset but only provided in the bundled frontend config, the new fallback always returns an empty string because it requires config.js to start directly with "window.FPP_CONFIG =". The default config.js and template in this repo both begin with a comment, so the prefix check fails and control endpoints stay unprotected even though the frontend is configured with an access code. This affects deployments that rely on the checked-in config instead of the docker-generated one.

Useful? React with 👍 / 👎.

@TimUx TimUx merged commit 3b1b6ca into codex/research-falcon-player-api-and-endpoints-blz1ef Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TimUx