commitshow 0.3.29 → 0.3.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/api.js +11 -1
- package/package.json +1 -1
package/dist/lib/api.js
CHANGED
|
@@ -43,7 +43,7 @@ const CLI_USER_AGENT = (() => {
|
|
|
43
43
|
})();
|
|
44
44
|
function headers(extra = {}) {
|
|
45
45
|
const cfg = readConfig();
|
|
46
|
-
|
|
46
|
+
const h = {
|
|
47
47
|
apikey: DEFAULT_ANON_KEY,
|
|
48
48
|
Authorization: `Bearer ${cfg.token ?? DEFAULT_ANON_KEY}`,
|
|
49
49
|
'Content-Type': 'application/json',
|
|
@@ -51,6 +51,16 @@ function headers(extra = {}) {
|
|
|
51
51
|
'X-Commitshow-Source': process.env.COMMITSHOW_SOURCE ?? '',
|
|
52
52
|
...extra,
|
|
53
53
|
};
|
|
54
|
+
// Dev/admin bypass · COMMITSHOW_ADMIN_TOKEN env unlocks all rate
|
|
55
|
+
// limits server-side (matches the /admin web console pattern).
|
|
56
|
+
// Used during development so we can hammer the audit pipeline
|
|
57
|
+
// without blowing through the 50/day IP cap. NEVER document this
|
|
58
|
+
// in the public CLI help — it's a server-side admin-token check
|
|
59
|
+
// and only works for token holders.
|
|
60
|
+
const adminTok = process.env.COMMITSHOW_ADMIN_TOKEN;
|
|
61
|
+
if (adminTok)
|
|
62
|
+
h['x-admin-token'] = adminTok;
|
|
63
|
+
return h;
|
|
54
64
|
}
|
|
55
65
|
async function rest(path, init = {}) {
|
|
56
66
|
const res = await fetch(`${baseUrl()}/rest/v1${path}`, {
|