M2-T01: add config JSON API (GET/PUT /api/config)

- new app/api/routes/api/ package with shared require_session (401) and
  require_csrf (presence-only X-CSRF-Token, 403) dependencies
- GET /api/config returns masked config sections; PUT /api/config reuses
  save_config_updates (blank secret keeps old; invalid -> 422, no write)
- session-protected; PUT also CSRF-protected
- register router in app/main.py; regenerate openapi/
- tests/test_api_config.py

This commit is contained in:

Tianyu Liu

2026-06-12 23:08:14 +02:00

parent 3628ac51e5

commit c2b1b7b751

8 changed files with 770 additions and 0 deletions

app/api/routes/api/__init__.py

View File