Remove secrets from API config endpoint? #424
Description
There is an API endpoint to get the Tracker configuration.
https://index.torrust-demo.com/api/v1/settings
It's used by the Index to show the admin the Index settings (read-only).
The response:
{
"data": {
"log_level": "info",
"website": {
"name": "Torrust"
},
"tracker": {
"url": "udp://tracker.torrust-demo.com:6969",
"mode": "Public",
"api_url": "http://tracker:1212",
"token": "*****",
"token_valid_seconds": 7257600
},
"net": {
"port": 3001,
"base_url": null
},
"auth": {
"email_on_signup": "Optional",
"min_password_length": 6,
"max_password_length": 64,
"secret_key": "*****"
},
"database": {
"connect_url": "sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc"
},
"mail": {
"email_verification_enabled": false,
"from": "[email protected]",
"reply_to": "[email protected]",
"username": "",
"password": "*****",
"server": "mailcatcher",
"port": 1025
},
"image_cache": {
"max_request_timeout_ms": 1000,
"capacity": 128000000,
"entry_size_limit": 4000000,
"user_quota_period_seconds": 3600,
"user_quota_bytes": 64000000
},
"api": {
"default_torrent_page_size": 10,
"max_torrent_page_size": 30
},
"tracker_statistics_importer": {
"torrent_info_update_interval": 3600,
"port": 3002
}
}
}Should we remove the secrets from the response? @da2ce7 @WarmBeer
- data.tracker.token
- data.database.connect_url
- data.mail.password
- data.auth.secret_key
Metadata
Metadata
Assignees
Type
Projects
Status