lfg2025/sapien
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict admin to local connections

Browse Source
This commit is contained in:
Dorian
2026-05-19 12:13:04 -05:00
parent 5c4ce583c5
commit c2751f2700
4 changed files with 89 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -21,6 +21,7 @@ Required production environment:
PORT=2354
HOST=0.0.0.0
APP_MODE=all
ADMIN_ALLOWED_HOSTS=admin.local,l484.local
MEMBERSHIP_ENCRYPTION_KEY=<32+ random bytes>
ACCESS_HMAC_KEY=<32+ random bytes>
ACCESS_CONTROLLER_TOKEN=<random controller token>
@@ -35,6 +36,8 @@ DEV_SEED_MEMBERS=false
Keep `server/data` on a persistent volume. Do not deploy `.env.local`.
The admin UI, admin APIs, and controller card-scan endpoint are available only when the request comes from localhost, a private LAN IP, a `.local` hostname, or a hostname listed in `ADMIN_ALLOWED_HOSTS`. Public members can still use `/api/member/door/unlock` from the external site when their local membership secret verifies an active paid membership.
## BTCPay
Create a BTCPay webhook pointing at: