Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-02 20:15:24 +02:00
Code Issues Releases Activity

feat: Create Recipe From HTML or JSON (#4274)

Browse source 
Co-authored-by: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
This commit is contained in:
Michael Genson 2024-09-30 10:52:13 -05:00 committed by GitHub
parent edf420491f
commit 4c1d855690
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
23 changed files with 408 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/docs/contributors/developers-guide/migration-guide.md
View file

@ -15,6 +15,10 @@ We have renamed the `updateAt` field to `updatedAt`. While the API will still ac
### Backend Endpoint Changes
These endpoints have moved, but are otherwise unchanged:
- `/recipes/create-url` -> `/recipes/create/url`
- `/recipes/create-url/bulk` -> `/recipes/create/url/bulk`
- `/recipes/create-from-zip` -> `/recipes/create/zip`
- `/recipes/create-from-image` -> `/recipes/create/image`
- `/groups/webhooks` -> `/households/webhooks`
- `/groups/shopping/items` -> `/households/shopping/items`
- `/groups/shopping/lists` -> `/households/shopping/lists`

4
docs/docs/documentation/community-guide/bulk-url-import.md
View file

@ -23,7 +23,7 @@ function import_from_file () {
do
echo $line
curl -X 'POST' \
"$3/api/recipes/create-url" \
"$3/api/recipes/create/url" \
-H "Authorization: Bearer $2" \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
@ -81,7 +81,7 @@ def import_from_file(input_file, token, mealie_url):
data = {
'url': line
}
response = requests.post(mealie_url + "/api/recipes/create-url", headers=headers, json=data)
response = requests.post(mealie_url + "/api/recipes/create/url", headers=headers, json=data)
print(response.text)
input_file="list"

4
docs/docs/documentation/getting-started/installation/security.md
View file

@ -18,7 +18,7 @@ Use your best judgement when deciding what to do.
By default, the API is **not** rate limited. This leaves Mealie open to a potential **Denial of Service Attack**. While it's possible to perform a **Denial of Service Attack** on any endpoint, there are a few key endpoints that are more vulnerable than others.
- `/api/recipes/create-url`
- `/api/recipes/create/url`
- `/api/recipes/{id}/image`
These endpoints are used to scrape data based off a user provided URL. It is possible for a malicious user to issue multiple requests to download an arbitrarily large external file (e.g a Debian ISO) and sufficiently saturate a CPU assigned to the container. While we do implement some protections against this by chunking the response, and using a timeout strategy, it's still possible to overload the CPU if an attacker issues multiple requests concurrently.
@ -33,7 +33,7 @@ If you'd like to mitigate this risk, we suggest that you rate limit the API in g
## Server Side Request Forgery
- `/api/recipes/create-url`
- `/api/recipes/create/url`
- `/api/recipes/{id}/image`
Given the nature of these APIs it's possible to perform a **Server Side Request Forgery** attack. This is where a malicious user can issue a request to an internal network resource, and potentially exfiltrate data. We _do_ perform some checks to mitigate access to resources within your network but at the end of the day, users of Mealie are allowed to trigger HTTP requests on **your server**.