From 6a511fdfcfb4428fa8922c4fe679ec583e776e26 Mon Sep 17 00:00:00 2001 From: kingbri Date: Mon, 20 Nov 2023 00:34:06 -0500 Subject: [PATCH] Secrets: Add find endpoint Requires the user to set allowKeysExposure to true before any calls can work. Signed-off-by: kingbri --- public/scripts/secrets.js | 17 +++++++++++++++++ src/secrets.js | 24 ++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/public/scripts/secrets.js b/public/scripts/secrets.js index e699c403e..0e23eb4d4 100644 --- a/public/scripts/secrets.js +++ b/public/scripts/secrets.js @@ -116,6 +116,23 @@ export async function readSecretState() { } } +export async function findSecret(key) { + try { + const response = await fetch('/api/secrets/find', { + method: 'POST', + headers: getRequestHeaders(), + body: JSON.stringify({ key }), + }); + + if (response.ok) { + const data = await response.json(); + return data.value + } + } catch { + console.error('Could not find secret value: ', key); + } +} + function authorizeOpenRouter() { const openRouterUrl = `https://openrouter.ai/auth?callback_url=${encodeURIComponent(location.origin)}`; location.href = openRouterUrl; diff --git a/src/secrets.js b/src/secrets.js index 1018911df..5c577b1ef 100644 --- a/src/secrets.js +++ b/src/secrets.js @@ -190,6 +190,30 @@ function registerEndpoints(app, jsonParser) { return response.sendStatus(500); } }); + + app.post('/api/secrets/find', jsonParser, (request, response) => { + const allowKeysExposure = getConfigValue('allowKeysExposure', false); + + if (!allowKeysExposure) { + console.error('Cannot fetch secrets unless allowKeysExposure in config.conf is set to true'); + return response.sendStatus(403); + } + + const key = request.body.key + + try { + const secret = readSecret(key) + + if (!secret) { + response.sendStatus(404); + } + + return response.send({ value: secret }); + } catch (error) { + console.error(error); + return response.sendStatus(500); + } + }); } module.exports = {