From ed7dfea8345c3839c634425923a514b2247e4669 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Mon, 29 Jun 2026 13:39:42 +0200 Subject: [PATCH] docs: document public watchlist --- README.md | 11 +++++++++++ SECURITY.md | 4 ++++ 2 files changed, 15 insertions(+) diff --git a/README.md b/README.md index 7f59fa3d..175cbfe6 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,17 @@ Configuration is loaded from environment variables, and a local `.env` file is r +### Public Watchlist JSON + +`GET /api/public/users/{user_id}/watchlist` returns a versioned, agent-friendly JSON view of a +user's complete watchlist. It includes status summaries, episode progress, +added/completed/last-watched dates, and localized titles. Add `?download=1` to receive the same +response as a `watchlist-{user_id}.json` attachment; the watchlist page's export action uses this +URL. + +This endpoint is intentionally unauthenticated. A deployment that should keep watchlist and +playback data private must restrict access to `/api/public/` at the network or reverse-proxy layer. + ### Repository Map | Path | Responsibility | diff --git a/SECURITY.md b/SECURITY.md index 5426b2de..6f957361 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -55,6 +55,10 @@ dependency monitoring. Use a strong `PLAYBACK_PROXY_SECRET` if playback proxy token signing is enabled. Do not commit real secrets, provider tokens, session data, or production databases to the repository. +The read-only `/api/public/users/{user_id}/watchlist` endpoint intentionally exposes watchlist +statuses, episode progress, and watchlist dates without authentication. Restrict `/api/public/` at +the network or reverse-proxy layer when that data should not be public. + ## Dependency Security Dependencies are managed through Go modules and Bun. When updating dependencies, run the normal