Fix security concerns - restrictive file permissions and remove secret logging

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 19:26:33 +00:00 · 2026-01-31 18:44:17 +00:00
parent a343b17ab3
commit a1f9cd4114
3 changed files with 6 additions and 5 deletions
@@ -29,7 +29,6 @@ def admin_required(f):
                return jsonify({"error": "Invalid authorization format"}), 401
            
            token = auth_header.split(' ')[1] if len(auth_header.split(' ')) > 1 else None
-            print(f"Extracted token: '{token}'")
            
            # Check environment variable - no fallback for security
            expected_token = os.getenv('ADMIN_TOKEN')
@@ -37,9 +36,6 @@ def admin_required(f):
                print("❌ ADMIN_TOKEN environment variable not set")
                return jsonify({"error": "Server configuration error: ADMIN_TOKEN not configured"}), 500
            
-            print(f"Expected token: '{expected_token}'")
-            print(f"Environment ADMIN_TOKEN: '{os.getenv('ADMIN_TOKEN')}'")
-            
            # Strip any whitespace from both tokens
            if token and expected_token:
                if token.strip() == expected_token.strip():