From 4c6741c9055f7c573ded1ba63742bd86cb02273f Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 6 Oct 2025 19:23:48 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(backend)=20add=20Django=20setting?= =?UTF-8?q?=20to=20disable=20external=20API=20endpoints?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduce ENABLE_EXTERNAL_API setting (defaults to False) to allow administrators to disable external API endpoints, preventing unintended exposure for self-hosted instances where such endpoints aren't needed or desired. --- env.d/development/common.dist | 1 + src/backend/core/urls.py | 20 ++++++++++++-------- src/backend/meet/settings.py | 4 ++++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/env.d/development/common.dist b/env.d/development/common.dist index 1b2dc5ca..32f85678 100644 --- a/env.d/development/common.dist +++ b/env.d/development/common.dist @@ -67,6 +67,7 @@ FRONTEND_USE_FRENCH_GOV_FOOTER=False FRONTEND_USE_PROCONNECT_BUTTON=False # External Applications +EXTERNAL_API_ENABLED=True APPLICATION_JWT_AUDIENCE=http://localhost:8071/external-api/v1.0/ APPLICATION_JWT_SECRET_KEY=devKey APPLICATION_BASE_URL=http://localhost:3000 diff --git a/src/backend/core/urls.py b/src/backend/core/urls.py index 716e6776..d8493e5a 100644 --- a/src/backend/core/urls.py +++ b/src/backend/core/urls.py @@ -43,12 +43,16 @@ urlpatterns = [ ] ), ), - path( - f"external-api/{settings.EXTERNAL_API_VERSION}/", - include( - [ - *external_router.urls, - ] - ), - ), ] + +if settings.EXTERNAL_API_ENABLED: + urlpatterns.append( + path( + f"external-api/{settings.EXTERNAL_API_VERSION}/", + include( + [ + *external_router.urls, + ] + ), + ) + ) diff --git a/src/backend/meet/settings.py b/src/backend/meet/settings.py index 00a00282..f835d209 100755 --- a/src/backend/meet/settings.py +++ b/src/backend/meet/settings.py @@ -70,6 +70,9 @@ class Base(Configuration): API_VERSION = "v1.0" EXTERNAL_API_VERSION = "v1.0" + EXTERNAL_API_ENABLED = values.BooleanValue( + False, environ_name="EXTERNAL_API_ENABLED", environ_prefix=None + ) DATA_DIR = values.Value(path.join("/", "data"), environ_name="DATA_DIR") @@ -828,6 +831,7 @@ class Test(Base): "django.contrib.auth.hashers.MD5PasswordHasher", ] USE_SWAGGER = True + EXTERNAL_API_ENABLED = True CELERY_TASK_ALWAYS_EAGER = values.BooleanValue(True)