From d9536ff5db75cc2a06dacb4afde014ef88fde380 Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Wed, 11 Aug 2021 10:54:12 +0800
Subject: [PATCH] rt: fix API security problem

---
 nixbld-etc-nixos/configuration.nix | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index 22f31bf4..85575b12 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -689,10 +689,20 @@ in
       "rt.m-labs.hk" = {
         forceSSL = true;
         useACMEHost = "nixbld.m-labs.hk";
-        locations."/".proxyPass = "http://127.0.0.1:4201";
-        extraConfig = ''
-          client_max_body_size 100M;
-        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:4201";
+          extraConfig = ''
+            client_max_body_size 100M;
+          '';
+        };
+        locations."/REST/1.0/NoAuth" = {
+          proxyPass = "http://127.0.0.1:4201";
+          extraConfig = ''
+            client_max_body_size 100M;
+            allow 127.0.0.1;
+            deny all;
+          '';
+        };
       };
       "nmigen.org" = {
         addSSL = true;