From 0deb1758e4fc42da84a3d0d1eced8ffa3da0449d Mon Sep 17 00:00:00 2001
From: mildis <me@mildis.org>
Date: Wed, 2 Dec 2020 08:53:07 +0100
Subject: [PATCH 1/2] list unauthenticated endpoints

Ease the setup of a WAF or a reverse-proxy.

Fixes #233
---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 5e18ce3..2b4d395 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,24 @@ Lufi comes with several languages.
 
 Please, see [this wiki page](https://framagit.org/fiat-tux/hat-softwares/lufi/wikis/contribute#internationalization) to know how to contribute to internationalization.
 
+## API endpoints
+
+Some endpoints require authentication, others don't.
+Here are the endpoints that needs to be whitelisted from authentication :  
+* `"^/r/"`
+* `"^/js/"`,
+* `"^/img/"`,
+* `"^/css/"`,
+* `"^/lang/"`,
+* `"^/font/"`,
+* `"^/partial/"`,
+* `"^/download/"`,
+* `"^/upload"`,
+* `"^/guest/"`,
+* `"^/about"`,
+* `"^/delays$"`,
+* `"^/fulstats$"`
+
 ## Authors
 
 See [AUTHORS.md](AUTHORS.md) file.

From 89adb86340c69955100567720d9caf80453da728 Mon Sep 17 00:00:00 2001
From: Luc Didry <luc@framasoft.org>
Date: Fri, 29 Dec 2023 05:32:43 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=9D=20=E2=80=94=20Add=20precisions?=
 =?UTF-8?q?=20to=20unauthenticated=20endpoints?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 2b4d395..60ff43c 100644
--- a/README.md
+++ b/README.md
@@ -70,21 +70,21 @@ Please, see [this wiki page](https://framagit.org/fiat-tux/hat-softwares/lufi/wi
 
 ## API endpoints
 
-Some endpoints require authentication, others don't.
-Here are the endpoints that needs to be whitelisted from authentication :  
-* `"^/r/"`
-* `"^/js/"`,
-* `"^/img/"`,
-* `"^/css/"`,
-* `"^/lang/"`,
-* `"^/font/"`,
-* `"^/partial/"`,
-* `"^/download/"`,
-* `"^/upload"`,
-* `"^/guest/"`,
-* `"^/about"`,
-* `"^/delays$"`,
-* `"^/fulstats$"`
+When using accounts, some endpoints require authentication, others don't.
+Here are the endpoints that needs to be excluded from authentication if you’re using an authenticating proxy:
+- `"^/r/"` (page to get a file)
+- `"^/js/"` (get js assets)
+- `"^/img/"` (get images assets)
+- `"^/css/"` (get css assets)
+- `"^/lang/"` (change language)
+- `"^/font/"` (get fonts assets)
+- `"^/partial/"` (get rendered js assets)
+- `"^/download/"` (websocket URL to download a file)
+- `"^/upload"` (websocket URL to upload a file)
+- `"^/guest/"` (guest page for uploading)
+- `"^/about"` (about page)
+- `"^/delays$"` (delays information page)
+- `"^/fullstats$"` (JSON endpoint giving stats about the files)
 
 ## Authors