The /api/samples DELETE endpoint is now protected with authentication to prevent unauthorized data deletion.
-
Generate a secure token:
# Generate a random 32-character token openssl rand -hex 32Example output:
a7f3b9e2c4d1f8e6a9b3c5d7e1f4a8b2c6d9e3f7a1b4c8d2e6f9a3b7c1d5e8f2 -
Add to Cloudflare Pages:
- Go to your Cloudflare Dashboard
- Select your Pages project (meshwar-map)
- Go to Settings → Environment variables
- Add a new variable:
- Variable name:
ADMIN_TOKEN - Value: Your generated token (paste from step 1)
- Environment: Production (and Preview if needed)
- Variable name:
- Click Save
-
Redeploy the site:
- Cloudflare Pages will automatically redeploy with the new environment variable
- The DELETE endpoint will now require authentication
Before (INSECURE - anyone could do this):
curl -X DELETE https://meshwar-map.pages.dev/api/samplesAfter (SECURE - requires your token):
curl -X DELETE https://meshwar-map.pages.dev/api/samples \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN_HERE"Replace YOUR_ADMIN_TOKEN_HERE with the token you set in Cloudflare.
Without token (should fail):
curl -X DELETE https://meshwar-map.pages.dev/api/samplesResponse: {"error":"Unauthorized: Invalid or missing authentication token"}
With valid token (should succeed):
curl -X DELETE https://meshwar-map.pages.dev/api/samples \
-H "Authorization: Bearer a7f3b9e2c4d1f8e6a9b3c5d7e1f4a8b2c6d9e3f7a1b4c8d2e6f9a3b7c1d5e8f2"Response: {"success":true,"message":"All data cleared"}
- Keep your token secret! Don't commit it to git or share it publicly
- Store it in a password manager or secure note
- The GET and POST endpoints remain public (anyone can view/upload data)
- Only DELETE requires authentication
- If you lose your token, generate a new one and update it in Cloudflare
Without authentication, anyone could run a simple curl command to delete all your wardrive data:
# This is now BLOCKED! 🛡️
curl -X DELETE https://meshwar-map.pages.dev/api/samplesThe authentication prevents malicious actors, bots, or accidental deletions from destroying your data.