Security audit: fix XSS, missing function, improve SSH & URL handling
- Fix XSS: HTML-escape all user input (URLs, package names, errors, proxy data) - Fix NameError: add missing is_demo_link() function (called but undefined) - Fix: remove unused http_in fetch in proxies_get() - Security: mask API keys in log output (TMDB key no longer visible in logs) - Security: use known_hosts for SSH host key verification when available - Security: remove .env from git tracking, add .env.example template - Usability: add URL reachability check before submitting to JDownloader - Usability: add "Erledigte Jobs entfernen" button to clear finished/failed jobs - Usability: color-code job status (red for failed, green for finished) - Docs: add security section to README (known_hosts, HTTPS, .env) https://claude.ai/code/session_01S774Pqazr2U8vkSyhUBgDs
This commit is contained in:
Claude
61
.env.example
Normal file
61
.env.example
Normal file
@@ -0,0 +1,61 @@
|
||||
# ===== General =====
|
||||
TZ=Europe/Berlin
|
||||
|
||||
# ===== JDownloader container =====
|
||||
JD_IMAGE=jlesage/jdownloader-2:latest
|
||||
JD_CONTAINER_NAME=jdownloader-2
|
||||
JD_WEB_PORT=5800
|
||||
|
||||
# ===== WebGUI container =====
|
||||
WEBGUI_CONTAINER_NAME=jd-webgui
|
||||
WEBGUI_PORT=8080
|
||||
|
||||
# Path to private SSH key on the Docker host (absolute path!)
|
||||
SSH_KEY_PATH=/home/USER/.ssh/id_ed25519
|
||||
|
||||
# ===== MyJDownloader =====
|
||||
MYJD_EMAIL=you@example.com
|
||||
MYJD_PASSWORD=CHANGE_ME
|
||||
# Leave empty to auto-pick first available device
|
||||
MYJD_DEVICE=
|
||||
|
||||
# ===== Jellyfin VM SSH/SFTP target =====
|
||||
JELLYFIN_HOST=192.168.1.1
|
||||
JELLYFIN_PORT=22
|
||||
JELLYFIN_USER=jellyfinuser
|
||||
JELLYFIN_SSH_KEY=/ssh/id_ed25519
|
||||
|
||||
# Target directories on the Jellyfin VM
|
||||
JELLYFIN_MOVIES_DIR=/jellyfin/Filme
|
||||
JELLYFIN_SERIES_DIR=/jellyfin/Serien
|
||||
# Fallback (used if MOVIES/SERIES not set)
|
||||
JELLYFIN_DEST_DIR=/jellyfin/Filme
|
||||
|
||||
# ===== Jellyfin API refresh (optional) =====
|
||||
JELLYFIN_LIBRARY_REFRESH=true
|
||||
JELLYFIN_API_BASE=http://192.168.1.1:8096
|
||||
JELLYFIN_API_KEY=CHANGE_ME
|
||||
|
||||
# ===== TMDB (optional but recommended for naming) =====
|
||||
TMDB_API_KEY=CHANGE_ME
|
||||
TMDB_LANGUAGE=de-DE
|
||||
|
||||
# ===== Naming / structure =====
|
||||
CREATE_MOVIE_FOLDER=true
|
||||
CREATE_SERIES_FOLDERS=true
|
||||
|
||||
# ===== MD5 sidecar staging dir inside container =====
|
||||
MD5_DIR=/md5
|
||||
|
||||
# ===== WebGUI auth (optional; leave empty to disable) =====
|
||||
BASIC_AUTH_USER=admin
|
||||
BASIC_AUTH_PASS=CHANGE_ME
|
||||
|
||||
# ===== Polling =====
|
||||
POLL_SECONDS=5
|
||||
|
||||
# ===== SSH host key verification (optional) =====
|
||||
# Path to known_hosts file inside container. If present, strict host key
|
||||
# checking is used. If absent, all host keys are accepted (less secure).
|
||||
# Generate with: ssh-keyscan -p 22 192.168.1.1 > known_hosts
|
||||
# SSH_KNOWN_HOSTS=/ssh/known_hosts
|
||||
Reference in New Issue
Block a user