adding more security to api endpoints to require api token for all access, no by passing

2026-02-01 08:13:37 +00:00 · 2025-12-29 16:16:28 -05:00
parent dd822c41c5
commit d68de99c15
26 changed files with 1347 additions and 184 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -36,7 +36,7 @@ services:
      # Required
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}

-      # Optional - authentication (leave empty to disable)
+      # Optional - authentication, one will generate if left blank
      - AUTOMAKER_API_KEY=${AUTOMAKER_API_KEY:-}

      # Optional - restrict to specific directory within container only
@@ -49,7 +49,7 @@ services:
      - DATA_DIR=/data

      # Optional - CORS origin (default allows all)
-      - CORS_ORIGIN=${CORS_ORIGIN:-*}
+      - CORS_ORIGIN=${CORS_ORIGIN:-http://localhost:3007}
    volumes:
      # ONLY named volumes - these are isolated from your host filesystem
      # This volume persists data between restarts but is container-managed