Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 02:05:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(gallery): add auth check to /api/image/sharpen endpoint (#2761)

Browse Source 
Every other image-processing endpoint (denoise, upscale, remove-bg,
enhance-face, inpaint, harmonize) calls require_privilege(request,
"can_generate_images"). The sharpen endpoint was missing this check,
allowing unauthenticated users to trigger CPU-intensive image processing.
This commit is contained in:
Ernest Hysa
2026-06-05 14:12:33 +01:00
committed by GitHub
parent e0e250d023
commit d4ff7fce81
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/gallery_routes.py
+1
View File
@@ -1316,6 +1316,7 @@ def setup_gallery_routes() -> APIRouter:
@router.post("/api/image/sharpen") @router.post("/api/image/sharpen")
async def sharpen_image(request: Request): async def sharpen_image(request: Request):
"""Apply unsharp-mask sharpening to an image.""" """Apply unsharp-mask sharpening to an image."""
require_privilege(request, "can_generate_images")
body = await request.json() body = await request.json()
image_b64 = body.get("image") image_b64 = body.get("image")
amount = body.get("amount", 50) / 100.0 amount = body.get("amount", 50) / 100.0