jwed
9a37eda302
Previously the API was implicitly active whenever a token existed.
Now there's an explicit unifi.api.enabled setting that gates it:
* WifiApiController returns 503 ("API disabled") when the setting is
off, even if a valid token is presented. Stops the endpoint from
silently working if a token is lying around.
* Settings page exposes the toggle under the Rotate-WiFi-Passwords
block. With it off, the token / URL / curl example are hidden.
* The form submit handles the new api_enabled boolean.
v1.6.3.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>