b135f11557
Security (P0): - Remove committed session-secret default; auto-generate and persist a random secret to the config volume when SESSION_SECRET is unset (prevents forgeable session cookies / auth bypass). - Validate playlist names to a safe charset and render sldl configs via literal Python substitution instead of sed (closes a command-injection and path-traversal path through playlist names). - shlex-quote credential values written to shell-sourced env files, and strip newlines from values patched into .conf files. - Render playlist .conf files 0600; warn at startup if the master key is co-located with the config volume; document keeping it separate. Portability: - Configurable timezone via TZ (default UTC) instead of hardcoded Edmonton. - Remove personal defaults (navidrome user "andrew", ephemeral.club URLs). - Ship generic example seeds; move the cross-album dedup keep-list and the legacy playlist import to editable config files; drop the personal _upgrade.csv. - Generic VPN reference in docker-compose.snippet.yml. First-run experience: - Redirect to /setup instead of 500 when OIDC is unconfigured; surface a missing master key inline; entrypoint exits with an actionable message when the config folder is not writable. - Add unauthenticated /health (JSON) and /setup (checklist) diagnostics. Docs: - Write docs/ARCHITECTURE.md and docs/MIGRATION.md (previously referenced but missing); expand README with ownership, backups, advanced settings, and migration guidance. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
31 lines
1.0 KiB
Python
31 lines
1.0 KiB
Python
from fastapi import APIRouter, Request
|
|
from fastapi.responses import JSONResponse
|
|
from fastapi.templating import Jinja2Templates
|
|
|
|
from app.services import diagnostics
|
|
|
|
router = APIRouter(tags=["health"])
|
|
templates = Jinja2Templates(directory="app/templates")
|
|
|
|
|
|
@router.get("/health")
|
|
async def health():
|
|
"""Unauthenticated JSON health check. 200 when everything critical is
|
|
configured, 503 when something critical is missing so an uptime monitor
|
|
notices. The body always lists every check either way."""
|
|
result = diagnostics.summary()
|
|
status_code = 200 if result["status"] == "ok" else 503
|
|
return JSONResponse(result, status_code=status_code)
|
|
|
|
|
|
@router.get("/setup")
|
|
async def setup(request: Request):
|
|
"""Unauthenticated, human-readable version of the same checks, so a fresh
|
|
operator can see what still needs configuring before login works."""
|
|
result = diagnostics.summary()
|
|
return templates.TemplateResponse(
|
|
request,
|
|
"setup.html",
|
|
{"status": result["status"], "checks": result["checks"]},
|
|
)
|