diff --git a/.codex b/.codex deleted file mode 100644 index e69de29..0000000 diff --git a/public/doc-assets/swagger-init.js b/public/doc-assets/swagger-init.js deleted file mode 100644 index 75d47d8..0000000 --- a/public/doc-assets/swagger-init.js +++ /dev/null @@ -1,11 +0,0 @@ -window.addEventListener('DOMContentLoaded', () => { - window.ui = window.SwaggerUIBundle({ - url: '/openapi.json', - dom_id: '#swagger-ui', - deepLinking: true, - docExpansion: 'list', - persistAuthorization: true, - displayRequestDuration: true, - filter: true, - }); -}); diff --git a/public/doc-assets/swagger.html b/public/doc-assets/swagger.html deleted file mode 100644 index 0e9abd9..0000000 --- a/public/doc-assets/swagger.html +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - Oikos API Docs - - - - - - -
- Oikos API Documentation - -
-
- - diff --git a/public/locales/de.json b/public/locales/de.json index 804c6d3..82ba5a1 100644 --- a/public/locales/de.json +++ b/public/locales/de.json @@ -630,28 +630,28 @@ "currencyLabel": "Währung", "currencyHint": "Legt die Währung für den gesamten Budget-Bereich fest.", "currencySaved": "Währung gespeichert.", - "apiTokensTitle": "API Tokens", - "apiTokensCardTitle": "Access Tokens", - "apiTokensHint": "Create API tokens for external integrations. The full token is shown only once after creation.", - "apiTokenNameLabel": "Token name", - "apiTokenExpiresLabel": "Expiration date", - "apiTokenExpiresHint": "Leave empty to create a token without expiration.", - "apiTokenCreatedLabel": "New API token", - "apiTokenCreatedHint": "Store this token securely. It cannot be shown again.", - "apiTokenCreate": "Create token", - "apiTokenInvalidExpiration": "Please enter a valid expiration date.", - "apiTokenCreatedToast": "API token created.", - "apiTokenRevokedToast": "API token revoked.", - "apiTokenRevokeConfirm": "Revoke API token \"{{name}}\"?", - "apiTokenRevoke": "Revoke token", - "apiTokenRevoked": "Revoked", - "apiTokenExpired": "Expired", - "apiTokenActive": "Active", - "apiTokenPrefix": "Prefix", - "apiTokenExpires": "Expires", - "apiTokenNeverExpires": "No expiration", - "apiTokenLastUsed": "Last used", - "apiTokenNeverUsed": "Never used", + "apiTokensTitle": "API-Tokens", + "apiTokensCardTitle": "Zugriffstoken", + "apiTokensHint": "Erstelle API-Tokens für externe Integrationen. Der vollständige Token wird nach der Erstellung nur einmal angezeigt.", + "apiTokenNameLabel": "Tokenname", + "apiTokenExpiresLabel": "Ablaufdatum", + "apiTokenExpiresHint": "Leer lassen, um einen Token ohne Ablaufdatum zu erstellen.", + "apiTokenCreatedLabel": "Neuer API-Token", + "apiTokenCreatedHint": "Speichere diesen Token sicher. Er kann nicht erneut angezeigt werden.", + "apiTokenCreate": "Token erstellen", + "apiTokenInvalidExpiration": "Bitte gib ein gültiges Ablaufdatum ein.", + "apiTokenCreatedToast": "API-Token erstellt.", + "apiTokenRevokedToast": "API-Token widerrufen.", + "apiTokenRevokeConfirm": "API-Token \"{{name}}\" widerrufen?", + "apiTokenRevoke": "Token widerrufen", + "apiTokenRevoked": "Widerrufen", + "apiTokenExpired": "Abgelaufen", + "apiTokenActive": "Aktiv", + "apiTokenPrefix": "Präfix", + "apiTokenExpires": "Läuft ab", + "apiTokenNeverExpires": "Kein Ablaufdatum", + "apiTokenLastUsed": "Zuletzt verwendet", + "apiTokenNeverUsed": "Nie verwendet", "ics": { "title": "ICS-Abonnements", "add": "Abonnement hinzufügen", diff --git a/server/index.js b/server/index.js index 77307a8..d09af0e 100644 --- a/server/index.js +++ b/server/index.js @@ -57,10 +57,10 @@ app.use(helmet({ // Alpine.js CDN (optional, falls verwendet) 'https://cdn.jsdelivr.net', ], - styleSrc: ["'self'", "'unsafe-inline'", 'https://cdn.jsdelivr.net'], + styleSrc: ["'self'", "'unsafe-inline'"], imgSrc: ["'self'", 'data:'], connectSrc: ["'self'"], - fontSrc: ["'self'", 'data:', 'https://cdn.jsdelivr.net'], + fontSrc: ["'self'"], objectSrc: ["'none'"], frameSrc: ["'none'"], // upgrade-insecure-requests nur mit HTTPS aktivieren @@ -176,9 +176,6 @@ function sendOpenApi(req, res) { app.get('/api/v1/openapi.json', sendOpenApi); app.get('/openapi.json', sendOpenApi); -app.get('/docs', (_req, res) => { - res.sendFile(path.join(import.meta.dirname, '..', 'public', 'doc-assets', 'swagger.html')); -}); // Alle weiteren API-Routen erfordern Authentifizierung + CSRF-Schutz app.use('/api/v1', requireAuth);