Save a list of safe to export secret keys

This commit is contained in:
Cohee 2024-02-23 21:41:54 +02:00
parent bc2010a762
commit cb536a7611
3 changed files with 23 additions and 12 deletions

View File

@ -11,7 +11,7 @@ import {
updateMessageBlock,
} from '../../../script.js';
import { extension_settings, getContext } from '../../extensions.js';
import { secret_state, writeSecret } from '../../secrets.js';
import { findSecret, secret_state, writeSecret } from '../../secrets.js';
import { splitRecursive } from '../../utils.js';
export const autoModeOptions = {
@ -599,16 +599,16 @@ jQuery(() => {
};
const popupText = `<h3>${optionText} API URL</h3><i>Example: <tt>${String(exampleURLs[extension_settings.translate.provider])}</tt></i>`;
const provider_name = extension_settings.translate.provider + '_url'
const saved_url = ( Boolean(secret_state[provider_name]) ) ? await findSecret(provider_name) : '';
const secretKey = extension_settings.translate.provider + '_url';
const savedUrl = secret_state[secretKey] ? await findSecret(secretKey) : '';
const url = await callPopup(popupText, 'input', saved_url);
const url = await callPopup(popupText, 'input', savedUrl);
if (url == false) {
if (url == false || url == '') {
return;
}
await writeSecret(provider_name, url);
await writeSecret(secretKey, url);
toastr.success('API URL saved');
$('#translate_url_button').addClass('success');

View File

@ -124,6 +124,11 @@ export async function readSecretState() {
}
}
/**
* Finds a secret value by key.
* @param {string} key Secret key
* @returns {Promise<string | undefined>} Secret value, or undefined if keys are not exposed
*/
export async function findSecret(key) {
try {
const response = await fetch('/api/secrets/find', {

View File

@ -32,6 +32,14 @@ const SECRET_KEYS = {
OOBA: 'api_key_ooba',
};
// These are the keys that are safe to expose, even if allowKeysExposure is false
const EXPORTABLE_KEYS = [
SECRET_KEYS.LIBRE_URL,
SECRET_KEYS.LINGVA_URL,
SECRET_KEYS.ONERING_URL,
SECRET_KEYS.DEEPLX_URL,
];
/**
* Writes a secret to the secrets file
* @param {string} key Secret key
@ -212,15 +220,13 @@ router.post('/view', jsonParser, async (_, response) => {
router.post('/find', jsonParser, (request, response) => {
const allowKeysExposure = getConfigValue('allowKeysExposure', false);
const key = request.body.key;
if (!allowKeysExposure && key.slice(key.length-4) !== '_url' ) {
if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) {
console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
return response.sendStatus(403);
}
try {
const secret = readSecret(key);