space/clickthrough
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(exec): require configured secret and header auth for /exec
All checks were successful
python-syntax / syntax-check (push) Successful in 4s
Details
python-syntax / syntax-check (pull_request) Successful in 5s
Details

Browse Source
This commit is contained in:
Luna
2026-04-05 20:22:18 +02:00
parent 930cdd2887
commit 38c1127347
5 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/API.md
View File

@@ -147,6 +147,10 @@ Hotkey:
Execute a shell command on the host running Clickthrough.
Requirements:
- `CLICKTHROUGH_EXEC_SECRET` must be configured on the server
- send header `x-clickthrough-exec-secret: <secret>`
```json
{
"command": "Get-Process | Select-Object -First 5",
@@ -162,6 +166,7 @@ Notes:
- if `shell` is omitted, server uses `CLICKTHROUGH_EXEC_DEFAULT_SHELL`
- output is truncated based on `CLICKTHROUGH_EXEC_MAX_OUTPUT_CHARS`
- endpoint can be disabled with `CLICKTHROUGH_EXEC_ENABLED=false`
- if `CLICKTHROUGH_EXEC_SECRET` is missing, `/exec` is blocked (`403`)
Response includes `stdout`, `stderr`, `exit_code`, timeout state, and execution metadata.