require api auth token

2026-05-09 17:39:18 +08:00
parent 57287cbc67
commit a23ce5b08f
4 changed files with 93 additions and 29 deletions
--- a/.env.example
+++ b/.env.example
@@ -14,9 +14,12 @@ APP_URL="MY_APP_URL"
 # API_PORT: HTTP API server port. Frontend still runs on 3000 by default.
 API_PORT="3002"

-# API_AUTH_TOKEN: Optional token for API calls. Leave empty to disable auth.
-# When set, send Authorization: Bearer <token> or x-api-key: <token>.
-API_AUTH_TOKEN=""
+# API_AUTH_TOKEN: Required token for protected API calls.
+# Send it as Authorization: Bearer <token> or x-api-key: <token>.
+API_AUTH_TOKEN="CHANGE_ME_TO_A_LONG_RANDOM_TOKEN"
+
+# API_AUTH_DISABLED: Only set this to true for local-only development.
+API_AUTH_DISABLED="false"

 # API callers can also send a temporary Gemini key per request with:
 # x-gemini-api-key: <Gemini API Key>