Skip to content

Commit

Permalink
doc(readme): explain behavior of unset auth_tokens & delete_tokens
Browse files Browse the repository at this point in the history
Just a clarification on how this works in the case of uninstalled tokens, for greater clarity and security
  • Loading branch information
DDtKey committed Dec 10, 2023
1 parent adbd67a commit a3b1805
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,8 @@ done

Set `delete_tokens` array in [config.toml](./config.toml) to activate the [`DELETE`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/DELETE) endpoint and secure it with one (or more) auth token(s).

The `DELETE` endpoint will not be exposed and will return `404` error if `delete_tokens` are not set.

```sh
$ curl -H "Authorization: <auth_token>" -X DELETE "<server_address>/file.txt"
```
Expand Down Expand Up @@ -275,6 +277,11 @@ $ rustypaste

You can also set multiple auth tokens via the array field `[server].auth_tokens` in your `config.toml`.

> If neither `AUTH_TOKEN` nor `[server].auth_tokens` are set, the server will not require any authentication.
>
> Exception is the `DELETE` endpoint, which requires at least one token to be set. See [Delete file from server](#delete-file-from-server) for more information.

See [config.toml](./config.toml) for configuration options.

#### List endpoint
Expand Down

0 comments on commit a3b1805

Please sign in to comment.