make the /api/config endpoint restrictive to what it provides. It will only show what is needed for the current code.

2026-03-04 23:27:46 +01:00 · 2025-09-17 22:55:40 -07:00
parent f06fa3a4a3
commit 61b74473e3
1 changed files with 10 additions and 3 deletions
--- a/meshview/web.py
+++ b/meshview/web.py
@@ -1579,15 +1579,22 @@ async def api_stats(request):
    return web.json_response(stats)


-
@routes.get("/api/config")
 async def api_config(request):
    try:
-        # Return CONFIG as JSON
-        return web.json_response(CONFIG)
+        site = CONFIG.get("site", {})
+        safe_site = {
+            "map_interval": site.get("map_interval", 3),        # default 3 if missing
+            "firehose_interval": site.get("firehose_interal", 3)  # default 1000 if missing
+        }
+
+        safe_config = {"site": safe_site}
+
+        return web.json_response(safe_config)
    except Exception as e:
        return web.json_response({"error": str(e)}, status=500)

+
@routes.get("/api/edges")
 async def api_edges(request):
    edges_set = set()