fix(gallery): add auth check to /api/image/sharpen endpoint (#2761)
Every other image-processing endpoint (denoise, upscale, remove-bg, enhance-face, inpaint, harmonize) calls require_privilege(request, "can_generate_images"). The sharpen endpoint was missing this check, allowing unauthenticated users to trigger CPU-intensive image processing.
This commit is contained in:
parent
e0e250d023
commit
d4ff7fce81
1 changed files with 1 additions and 0 deletions
|
|
@ -1316,6 +1316,7 @@ def setup_gallery_routes() -> APIRouter:
|
|||
@router.post("/api/image/sharpen")
|
||||
async def sharpen_image(request: Request):
|
||||
"""Apply unsharp-mask sharpening to an image."""
|
||||
require_privilege(request, "can_generate_images")
|
||||
body = await request.json()
|
||||
image_b64 = body.get("image")
|
||||
amount = body.get("amount", 50) / 100.0
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue