BUG: Unauthenticated shutdown endpoint allows local denial of service

[Ashvin-KS]

Is there an existing issue for this?

• I have searched the existing issues

What happened?

Unauthenticated shutdown endpoints can be triggered locally and cause immediate denial of service.

Both backend and sync microservice expose POST /shutdown without authentication, token validation, or trusted-caller checks. Any local process that can send HTTP requests to localhost can terminate one or both services.

Reproduction:

• Start PictoPy normally.
• Send POST request to backend shutdown endpoint on port 52123.
• Send POST request to sync microservice shutdown endpoint on port 52124.
• Observe service process exit.
• Expected behavior:
• Only trusted internal app logic should be able to shut down services.

Actual behavior:

• Any unauthenticated local caller can invoke shutdown and terminate processes.

Impact:

• High local DoS risk. Active indexing/sync operations can be interrupted and app reliability is degraded.

Suggested fix:

• Require authenticated shutdown secret or signed IPC command.
• Restrict shutdown actions to trusted caller context.
• Disable or harden HTTP shutdown routes in production builds.

Record

• I agree to follow this project's Code of Conduct

[github-actions]

👋 Thanks for opening this issue! The maintainers will review it shortly. Till then, do not open any PR. This is a strict rule we like to follow around here :)

[JITENDRAGAHERWAR03]

Hello 👋
I am interested in working on this issue. I have basic knowledge of Python and I’m eager to learn and contribute. I will try to provide a clean and well-documented solution.
Please assign this issue to me if possible.
Thank you 😊

[Ashvin-KS]

Hey hi ,here at PictoPy ,we must get the issue assigned .Thanks for ur interest.

[rohan-pandeyy]

Hi @Ashvin-KS, welcome and thank you for showing interest.😄

We can’t completely disable the shutdown routes in production since the frontend relies on them to terminate the backend services in Windows. The goal here would instead be to make sure that only PictoPy itself can trigger these endpoints, not arbitrary local processes.

Given that, could you expand a bit more upon your proposed approaches 1 and 2?

[Dotify71]

Hi maintainers,

I have been analyzing this repository to make some meaningful contributions, and I noticed that @JITENDRAGAHERWAR03 has copy-pasted the exact same generic "please assign me" template across dozens of open issues in this repository simultaneously.

Claiming every single open issue without providing any technical approach or context is not the right way to contribute to open source. It blocks genuine contributors and creates unnecessary noise for the maintainers.

I am actually ready to work on this specific issue right now. Regarding the unauthenticated shutdown endpoint, my proposed approach would be to protect the /shutdown route by requiring a uniquely generated session token (passed via headers or query params) that is only known to the local PictoPy frontend client upon startup, thereby rejecting any unauthorized local requests.

If that approach sounds good to the maintainers, I can open a Pull Request with the implementation today!