add optional env variable to protect the public report creation endpoint with a secret

2023-09-30 01:10:50 +02:00
parent 3713c7eaba
commit b7177708a7
3 changed files with 15 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -29,12 +29,13 @@ $ node -r dotenv/config build/index.js

 Configurations can be done with env variables

-| Name                | Description                                                                                                                                         |
-| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `HOST`              | Host the server should listen on                                                                                                                    |
-| `PORT`              | Port the server should listen on                                                                                                                    |
-| `DATABASE_URI`      | URI to the database as a connection string. Supported databases are [sqlite](https://www.sqlite.org/index.html) and [mariadb](https://mariadb.org/) |
-| `ADMIN_USER`        | Name for the root admin user. The admin user won't be available if `ADMIN_USER` or `ADMIN_PASSWORD` is set                                          |
-| `ADMIN_PASSWORD`    | Password for the root admin user defined via `ADMIN_USER`. The admin user won't be available if `ADMIN_USER` or `ADMIN_PASSWORD` is set             |
-| `PUBLIC_BASE_PATH`  | If running the website on a sub-path, set this variable to the path so that assets etc. can find the correct location                               |
-| `PUBLIC_START_DATE` | The start date when the event starts                                                                                                                |
+| Name                | Description                                                                                                                                                                  |
+| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `HOST`              | Host the server should listen on                                                                                                                                             |
+| `PORT`              | Port the server should listen on                                                                                                                                             |
+| `DATABASE_URI`      | URI to the database as a connection string. Supported databases are [sqlite](https://www.sqlite.org/index.html) and [mariadb](https://mariadb.org/)                          |
+| `ADMIN_USER`        | Name for the root admin user. The admin user won't be available if `ADMIN_USER` or `ADMIN_PASSWORD` is set                                                                   |
+| `ADMIN_PASSWORD`    | Password for the root admin user defined via `ADMIN_USER`. The admin user won't be available if `ADMIN_USER` or `ADMIN_PASSWORD` is set                                      |
+| `REPORT_SECRET`     | Secret which may be required (as `?secret=<secret>` query parameter) to create reports on the public endpoint. Isn't required to be in the request if this variable is empty |
+| `PUBLIC_BASE_PATH`  | If running the website on a sub-path, set this variable to the path so that assets etc. can find the correct location                                                        |
+| `PUBLIC_START_DATE` | The start date when the event starts                                                                                                                                         |