fix: disable API v1 write methods (closes #112) #115

Merged

sneak merged 1 commits from fix/disable-api-write-methods into main

2026-02-20 14:35:13 +01:00

Author	SHA1	Message	Date
user	ab7c43b887	fix: disable API v1 write methods (closes #112 ) All checks were successful Check / check (pull_request) Successful in 11m21s Details Remove POST /apps, DELETE /apps/{id}, and POST /apps/{id}/deploy from the API v1 route group. These endpoints used cookie-based session auth without CSRF protection, creating a CSRF vulnerability. Read-only endpoints (GET /apps, GET /apps/{id}, GET /apps/{id}/deployments), login, and whoami are retained. Removed handlers: HandleAPICreateApp, HandleAPIDeleteApp, HandleAPITriggerDeploy, along with apiCreateRequest struct and validateCreateRequest function. Updated tests to use service layer directly for app creation in remaining read-only endpoint tests.	2026-02-20 05:33:07 -08:00

Author

SHA1

Message

Date

user

ab7c43b887

fix: disable API v1 write methods (closes #112 )

Check / check (pull_request) Successful in 11m21s

Details

Remove POST /apps, DELETE /apps/{id}, and POST /apps/{id}/deploy from
the API v1 route group. These endpoints used cookie-based session auth
without CSRF protection, creating a CSRF vulnerability.

Read-only endpoints (GET /apps, GET /apps/{id}, GET /apps/{id}/deployments),
login, and whoami are retained.

Removed handlers: HandleAPICreateApp, HandleAPIDeleteApp,
HandleAPITriggerDeploy, along with apiCreateRequest struct and
validateCreateRequest function.

Updated tests to use service layer directly for app creation in
remaining read-only endpoint tests.

2026-02-20 05:33:07 -08:00

fix: disable API v1 write methods (closes #112) #115

1 Commits