rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Save a list of safe to export secret keys

Browse Source
This commit is contained in:
Cohee
2024-02-23 21:41:54 +02:00
parent bc2010a762
commit cb536a7611
3 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/endpoints/secrets.js
View File

@@ -32,6 +32,14 @@ const SECRET_KEYS = {
OOBA: 'api_key_ooba',
};
// These are the keys that are safe to expose, even if allowKeysExposure is false
const EXPORTABLE_KEYS = [
SECRET_KEYS.LIBRE_URL,
SECRET_KEYS.LINGVA_URL,
SECRET_KEYS.ONERING_URL,
SECRET_KEYS.DEEPLX_URL,
];
/**
* Writes a secret to the secrets file
* @param {string} key Secret key
@@ -212,15 +220,13 @@ router.post('/view', jsonParser, async (_, response) => {
router.post('/find', jsonParser, (request, response) => {
const allowKeysExposure = getConfigValue('allowKeysExposure', false);
const key = request.body.key;
if (!allowKeysExposure && key.slice(key.length-4) !== '_url' ) {
if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) {
console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
return response.sendStatus(403);
}
try {
const secret = readSecret(key);