Skip to content

[P25] [Server/API] Вынести API token из server.py и заменить засвеченный токен #25

Description

@MostDef2000

Request

Когда будет время — заменить текущий API token и вынести его из server.py.

Background

Сейчас SLF data server (/root/slf-server/server.py) содержит hardcoded token:

SECRET_TOKEN = "..."

Токен уже использовался в terminal/chat для проверки /api/forum_faq, поэтому его нужно считать засвеченным и заменить.

Scope

Responsible area: Server/API / security operation.

Target server files/services:

/root/slf-server/server.py
slf-server.service

Intended behavior

  • server.py must not contain the literal secret token.
  • server.py should read token from environment, e.g.:
SECRET_TOKEN = os.environ.get("SLF_API_TOKEN", "")
  • slf-server.service should pass SLF_API_TOKEN through systemd environment or an EnvironmentFile.
  • Generate and install a new token.
  • Restart service safely.
  • Verify existing endpoints still work:
    • /api/analysis
    • /api/forum_faq
    • existing /api/<collection> reads/writes by token.

Out of scope

  • Do not change API schema.
  • Do not change wiki, data, or forum_faq contents.
  • Do not make public unauthenticated endpoints.
  • Do not commit or print the new token.
  • Do not change GitHub release files.

Acceptance checks

  • grep -n "SECRET_TOKEN = \"" /root/slf-server/server.py returns nothing.
  • systemctl restart slf-server.service succeeds.
  • systemctl status slf-server.service --no-pager shows active/running.
  • Old token no longer works.
  • New token works for /api/forum_faq and returns source=forum_faq, count=6 or current expected count.
  • New token is not pasted into GitHub, logs, or code.

PM planning

Complexity: M
Risk: high
Recommended order: later
Type: Security / Server/API
Reason:

  • This touches authentication and service startup.
  • It is important but not blocking current forum_faq work because unauthorized external requests already fail.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    Status
    Inbox

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions