From 598f107c7fae254e8cc2d9cfbc6524eb78900812 Mon Sep 17 00:00:00 2001
From: clsv <clsv2012@gmail.com>
Date: Mon, 7 Jul 2025 11:45:42 +0300
Subject: [PATCH] fix: prevent remote access to API by binding to localhost

---
 src/main/config.ts              | 1 +
 src/main/services/api/server.ts | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/config.ts b/src/main/config.ts
index 99a05bed..5e8db1db 100644
--- a/src/main/config.ts
+++ b/src/main/config.ts
@@ -1 +1,2 @@
 export const API_PORT = 3033
+export const API_HOST = '127.0.0.1'
diff --git a/src/main/services/api/server.ts b/src/main/services/api/server.ts
index 493c6fbd..e2627b2b 100644
--- a/src/main/services/api/server.ts
+++ b/src/main/services/api/server.ts
@@ -1,7 +1,7 @@
 import * as jsonServer from '@masscode/json-server'
 import { store } from '../../store'
 import { nanoid } from 'nanoid'
-import { API_PORT } from '../../config'
+import { API_PORT, API_HOST } from '../../config'
 import path from 'path'
 import type { DB, Folder, Snippet, Tag } from '@shared/types/main/db'
 import type { Server } from 'http'
@@ -132,7 +132,7 @@ export class ApiServer {
 
     app.use(router)
 
-    const server = app.listen(API_PORT, () => {
+    const server = app.listen(API_PORT, API_HOST, () => {
       console.log(`API server is running on port ${API_PORT}`)
     }) as ServerWithDestroy