Request
Когда будет время — заменить текущий API token и вынести его из server.py.
Background
Сейчас SLF data server (/root/slf-server/server.py) содержит hardcoded token:
Токен уже использовался в terminal/chat для проверки /api/forum_faq, поэтому его нужно считать засвеченным и заменить.
Scope
Responsible area: Server/API / security operation.
Target server files/services:
/root/slf-server/server.py
slf-server.service
Intended behavior
server.py must not contain the literal secret token.
server.py should read token from environment, e.g.:
SECRET_TOKEN = os.environ.get("SLF_API_TOKEN", "")
slf-server.service should pass SLF_API_TOKEN through systemd environment or an EnvironmentFile.
- Generate and install a new token.
- Restart service safely.
- Verify existing endpoints still work:
/api/analysis
/api/forum_faq
- existing
/api/<collection> reads/writes by token.
Out of scope
- Do not change API schema.
- Do not change
wiki, data, or forum_faq contents.
- Do not make public unauthenticated endpoints.
- Do not commit or print the new token.
- Do not change GitHub release files.
Acceptance checks
grep -n "SECRET_TOKEN = \"" /root/slf-server/server.py returns nothing.
systemctl restart slf-server.service succeeds.
systemctl status slf-server.service --no-pager shows active/running.
- Old token no longer works.
- New token works for
/api/forum_faq and returns source=forum_faq, count=6 or current expected count.
- New token is not pasted into GitHub, logs, or code.
PM planning
Complexity: M
Risk: high
Recommended order: later
Type: Security / Server/API
Reason:
- This touches authentication and service startup.
- It is important but not blocking current
forum_faq work because unauthorized external requests already fail.
Request
Когда будет время — заменить текущий API token и вынести его из
server.py.Background
Сейчас SLF data server (
/root/slf-server/server.py) содержит hardcoded token:Токен уже использовался в terminal/chat для проверки
/api/forum_faq, поэтому его нужно считать засвеченным и заменить.Scope
Responsible area: Server/API / security operation.
Target server files/services:
Intended behavior
server.pymust not contain the literal secret token.server.pyshould read token from environment, e.g.:slf-server.serviceshould passSLF_API_TOKENthrough systemd environment or an EnvironmentFile./api/analysis/api/forum_faq/api/<collection>reads/writes by token.Out of scope
wiki,data, orforum_faqcontents.Acceptance checks
grep -n "SECRET_TOKEN = \"" /root/slf-server/server.pyreturns nothing.systemctl restart slf-server.servicesucceeds.systemctl status slf-server.service --no-pagershows active/running./api/forum_faqand returnssource=forum_faq,count=6or current expected count.PM planning
Complexity: M
Risk: high
Recommended order: later
Type: Security / Server/API
Reason:
forum_faqwork because unauthorized external requests already fail.