Save a list of safe to export secret keys
This commit is contained in:
parent
bc2010a762
commit
cb536a7611
|
@ -11,7 +11,7 @@ import {
|
|||
updateMessageBlock,
|
||||
} from '../../../script.js';
|
||||
import { extension_settings, getContext } from '../../extensions.js';
|
||||
import { secret_state, writeSecret } from '../../secrets.js';
|
||||
import { findSecret, secret_state, writeSecret } from '../../secrets.js';
|
||||
import { splitRecursive } from '../../utils.js';
|
||||
|
||||
export const autoModeOptions = {
|
||||
|
@ -599,16 +599,16 @@ jQuery(() => {
|
|||
};
|
||||
const popupText = `<h3>${optionText} API URL</h3><i>Example: <tt>${String(exampleURLs[extension_settings.translate.provider])}</tt></i>`;
|
||||
|
||||
const provider_name = extension_settings.translate.provider + '_url'
|
||||
const saved_url = ( Boolean(secret_state[provider_name]) ) ? await findSecret(provider_name) : '';
|
||||
const secretKey = extension_settings.translate.provider + '_url';
|
||||
const savedUrl = secret_state[secretKey] ? await findSecret(secretKey) : '';
|
||||
|
||||
const url = await callPopup(popupText, 'input', saved_url);
|
||||
const url = await callPopup(popupText, 'input', savedUrl);
|
||||
|
||||
if (url == false) {
|
||||
if (url == false || url == '') {
|
||||
return;
|
||||
}
|
||||
|
||||
await writeSecret(provider_name, url);
|
||||
await writeSecret(secretKey, url);
|
||||
|
||||
toastr.success('API URL saved');
|
||||
$('#translate_url_button').addClass('success');
|
||||
|
|
|
@ -124,6 +124,11 @@ export async function readSecretState() {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Finds a secret value by key.
|
||||
* @param {string} key Secret key
|
||||
* @returns {Promise<string | undefined>} Secret value, or undefined if keys are not exposed
|
||||
*/
|
||||
export async function findSecret(key) {
|
||||
try {
|
||||
const response = await fetch('/api/secrets/find', {
|
||||
|
|
|
@ -32,6 +32,14 @@ const SECRET_KEYS = {
|
|||
OOBA: 'api_key_ooba',
|
||||
};
|
||||
|
||||
// These are the keys that are safe to expose, even if allowKeysExposure is false
|
||||
const EXPORTABLE_KEYS = [
|
||||
SECRET_KEYS.LIBRE_URL,
|
||||
SECRET_KEYS.LINGVA_URL,
|
||||
SECRET_KEYS.ONERING_URL,
|
||||
SECRET_KEYS.DEEPLX_URL,
|
||||
];
|
||||
|
||||
/**
|
||||
* Writes a secret to the secrets file
|
||||
* @param {string} key Secret key
|
||||
|
@ -212,15 +220,13 @@ router.post('/view', jsonParser, async (_, response) => {
|
|||
|
||||
router.post('/find', jsonParser, (request, response) => {
|
||||
const allowKeysExposure = getConfigValue('allowKeysExposure', false);
|
||||
|
||||
const key = request.body.key;
|
||||
|
||||
if (!allowKeysExposure && key.slice(key.length-4) !== '_url' ) {
|
||||
if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) {
|
||||
console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
|
||||
return response.sendStatus(403);
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
const secret = readSecret(key);
|
||||
|
||||
|
|
Loading…
Reference in New Issue