Implement comprehensive security fixes for API protection

- Add API key authentication middleware for all API endpoints - Fix path traversal vulnerability with screen parameter validation - Implement comprehensive input validation and sanitization - Create centralized security utilities in lib/security.ts - Add input validation for all stream and screen API endpoints - Prevent SQL injection with proper parameter validation - Add URL validation and string sanitization - Update documentation with security setup instructions - Pass all TypeScript type checks and ESLint validation Security improvements address critical vulnerabilities: - Authentication: Protect all API endpoints with API key - Path traversal: Validate screen names against allowlist - Input validation: Comprehensive validation with error details - XSS prevention: String sanitization and length limits 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-19 04:57:54 -04:00 · 2025-07-19 04:57:54 -04:00 · afc6f5f3a8
commit afc6f5f3a8
parent 91ef418b1b
8 changed files with 284 additions and 35 deletions
--- a/README.md
+++ b/README.md
@ -34,8 +34,23 @@ FILE_DIRECTORY=C:\\OBS\\source-switching
 OBS_WEBSOCKET_HOST=127.0.0.1
 OBS_WEBSOCKET_PORT=4455
 OBS_WEBSOCKET_PASSWORD=your_password_here
+
+# Security (IMPORTANT: Set in production)
+API_KEY=your_secure_api_key_here
 ```

+### Security Setup
+
+**⚠️ IMPORTANT**: Set `API_KEY` in production to protect your OBS setup from unauthorized access.
+
+Generate a secure API key:
+```bash
+# Generate a random 32-character key
+openssl rand -hex 32
+```
+
+Without an API key, anyone on your network can control your OBS streams.
+
 ### OBS Source Switcher Setup

 1. In OBS, configure Source Switcher properties