feat(config): add security feature toggle support

Implements a master toggle for security features across config, CLI, and application logic. This allows granular control over whether the advanced security middleware and protections are active globally.
2026-05-03 23:07:21 +03:00
parent 290a3d15db
commit 43baade930
15 changed files with 78 additions and 12 deletions
--- a/lib/config/config_test.go
+++ b/lib/config/config_test.go
@@ -22,6 +22,9 @@ func TestDefaults(t *testing.T) {
 	if !cfg.GuestUploadsEnabled || !cfg.APIEnabled || !cfg.ZipDownloadsEnabled || !cfg.OneTimeDownloadsEnabled {
 		t.Fatal("expected default guest/API/download toggles to be enabled")
 	}
+	if !cfg.SecurityEnabled {
+		t.Fatal("expected security features to be enabled by default")
+	}
 	if cfg.AdminUsername != "admin" {
 		t.Fatalf("unexpected admin username: %s", cfg.AdminUsername)
 	}
@@ -39,6 +42,7 @@ func TestEnvironmentOverrides(t *testing.T) {
 	t.Setenv("WARPBOX_BOX_POLL_INTERVAL_MS", "2000")
 	t.Setenv("WARPBOX_ADMIN_USERNAME", "root")
 	t.Setenv("WARPBOX_ONE_TIME_DOWNLOAD_RETRY_ON_FAILURE", "true")
+	t.Setenv("WARPBOX_SECURITY_ENABLED", "false")

 	cfg, err := Load()
 	if err != nil {
@@ -63,6 +67,9 @@ func TestEnvironmentOverrides(t *testing.T) {
 	if !cfg.OneTimeDownloadRetryOnFailure {
 		t.Fatal("expected one-time retry-on-failure env override to be applied")
 	}
+	if cfg.SecurityEnabled {
+		t.Fatal("expected security features toggle from environment to be applied")
+	}
 	if cfg.Source(SettingAPIEnabled) != SourceEnv {
 		t.Fatalf("expected API setting source to be env, got %s", cfg.Source(SettingAPIEnabled))
 	}
@@ -191,6 +198,7 @@ func clearConfigEnv(t *testing.T) {
 		"WARPBOX_BOX_POLL_INTERVAL_MS",
 		"WARPBOX_THUMBNAIL_BATCH_SIZE",
 		"WARPBOX_THUMBNAIL_INTERVAL_SECONDS",
+		"WARPBOX_SECURITY_ENABLED",
 	} {
 		t.Setenv(name, "")
 	}