diff options
| author | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-06-19 23:31:30 +0900 |
|---|---|---|
| committer | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-06-19 23:31:30 +0900 |
| commit | af1f23466c46bf4cebc42ab1687552b1a4baafd5 (patch) | |
| tree | 0ac6513263d33307d5f010d788fa9cba4fd84bb5 | |
| parent | b5a24a1dcf5cdce6da925bb30d57b9f2a124f1dd (diff) | |
Separate API_TOKEN from REGISTER_TOKEN
REGISTER_TOKEN: passkey registration only
API_TOKEN: POST /api/posts authentication
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rw-r--r-- | app/routes/api.posts.tsx | 2 | ||||
| -rw-r--r-- | docker-compose.yml | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/app/routes/api.posts.tsx b/app/routes/api.posts.tsx index 8ef7639..ea86365 100644 --- a/app/routes/api.posts.tsx +++ b/app/routes/api.posts.tsx @@ -14,7 +14,7 @@ export async function action({ request }: Route.ActionArgs) { return Response.json({ error: "Method not allowed" }, { status: 405 }); } - const token = process.env.REGISTER_TOKEN; + const token = process.env.API_TOKEN; const auth = request.headers.get("Authorization") ?? ""; if (!token || auth !== `Bearer ${token}`) { return Response.json({ error: "Unauthorized" }, { status: 401 }); diff --git a/docker-compose.yml b/docker-compose.yml index b617cbc..8fbf296 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,7 @@ services: - DB_PATH=/app/data/microblog.db - SESSION_SECRET=${SESSION_SECRET} - REGISTER_TOKEN=${REGISTER_TOKEN} + - API_TOKEN=${API_TOKEN} - WEBAUTHN_RP_ID=blog.yyamashita.com - WEBAUTHN_ORIGIN=https://blog.yyamashita.com restart: unless-stopped |
