Merge pull request #1852 from berbant/staging

Display TranslateProvider link
2024-02-23 21:43:59 +02:00 · 2024-02-23 21:43:59 +02:00 · 9b34ac1bde
parent 82c5042bad cb536a7611
commit 9b34ac1bde
3 changed files with 24 additions and 7 deletions
--- a/public/scripts/extensions/translate/index.js
+++ b/public/scripts/extensions/translate/index.js
@ -11,7 +11,7 @@ import {
    updateMessageBlock,
 } from '../../../script.js';
 import { extension_settings, getContext } from '../../extensions.js';
-import { secret_state, writeSecret } from '../../secrets.js';
+import { findSecret, secret_state, writeSecret } from '../../secrets.js';
 import { splitRecursive } from '../../utils.js';

 export const autoModeOptions = {
@ -598,13 +598,18 @@ jQuery(() => {
            'deeplx': 'http://127.0.0.1:1188/translate',
        };
        const popupText = `<h3>${optionText} API URL</h3><i>Example: <tt>${String(exampleURLs[extension_settings.translate.provider])}</tt></i>`;
-        const url = await callPopup(popupText, 'input');

-        if (url == false) {
+        const secretKey = extension_settings.translate.provider + '_url';
+        const savedUrl = secret_state[secretKey] ? await findSecret(secretKey) : '';
+
+        const url = await callPopup(popupText, 'input', savedUrl);
+
+        if (url == false || url == '') {
            return;
        }

-        await writeSecret(extension_settings.translate.provider + '_url', url);
+        await writeSecret(secretKey, url);
+
        toastr.success('API URL saved');
        $('#translate_url_button').addClass('success');
    });
--- a/public/scripts/secrets.js
+++ b/public/scripts/secrets.js
@ -124,6 +124,11 @@ export async function readSecretState() {
    }
 }

+/**
+ * Finds a secret value by key.
+ * @param {string} key Secret key
+ * @returns {Promise<string | undefined>} Secret value, or undefined if keys are not exposed
+ */
 export async function findSecret(key) {
    try {
        const response = await fetch('/api/secrets/find', {
--- a/src/endpoints/secrets.js
+++ b/src/endpoints/secrets.js
@ -32,6 +32,14 @@ const SECRET_KEYS = {
    OOBA: 'api_key_ooba',
 };

+// These are the keys that are safe to expose, even if allowKeysExposure is false
+const EXPORTABLE_KEYS = [
+    SECRET_KEYS.LIBRE_URL,
+    SECRET_KEYS.LINGVA_URL,
+    SECRET_KEYS.ONERING_URL,
+    SECRET_KEYS.DEEPLX_URL,
+];
+
 /**
 * Writes a secret to the secrets file
 * @param {string} key Secret key
@ -212,14 +220,13 @@ router.post('/view', jsonParser, async (_, response) => {

 router.post('/find', jsonParser, (request, response) => {
    const allowKeysExposure = getConfigValue('allowKeysExposure', false);
+    const key = request.body.key;

-    if (!allowKeysExposure) {
+    if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) {
        console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
        return response.sendStatus(403);
    }

-    const key = request.body.key;
-
    try {
        const secret = readSecret(key);