arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Don't expose Last.fm API Key in the index.html

Browse Source
This commit is contained in:
Deluan
2024-01-29 21:41:54 -05:00
parent 3a9b3452a2
commit 1f71e56741
6 changed files with 11 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/auth.go
+3
View File
@@ -77,6 +77,9 @@ func buildAuthPayload(user *model.User) map[string]interface{} {
if conf.Server.EnableGravatar && user.Email != "" {
payload["avatar"] = gravatar.Url(user.Email, 50)
}
if conf.Server.LastFM.Enabled {
payload["lastFMApiKey"] = conf.Server.LastFM.ApiKey
}
bytes := make([]byte, 3)
_, err := rand.Read(bytes)
server/serve_index.go
+1 -2
View File
@@ -60,8 +60,7 @@ func serveIndex(ds model.DataStore, fs fs.FS, shareInfo *model.Share) http.Handl
"enableSharing": conf.Server.EnableSharing,
"defaultDownloadableShare": conf.Server.DefaultDownloadableShare,
"devSidebarPlaylists": conf.Server.DevSidebarPlaylists,
"lastFMEnabled": conf.Server.LastFM.Enabled,
"lastFMApiKey": conf.Server.LastFM.ApiKey,
"lastFMEnabled": conf.Server.LastFM.Enabled && conf.Server.LastFM.ApiKey != "" && conf.Server.LastFM.Secret != "",
"devShowArtistPage": conf.Server.DevShowArtistPage,
"listenBrainzEnabled": conf.Server.ListenBrainz.Enabled,
"enableExternalServices": conf.Server.EnableExternalServices,
server/serve_index_test.go
+4 -11
View File
@@ -281,6 +281,10 @@ var _ = Describe("serveIndex", func() {
})
It("sets the lastFMEnabled", func() {
conf.Server.LastFM.Enabled = true
conf.Server.LastFM.ApiKey = "123"
conf.Server.LastFM.Secret = "456"
r := httptest.NewRequest("GET", "/index.html", nil)
w := httptest.NewRecorder()
@@ -290,17 +294,6 @@ var _ = Describe("serveIndex", func() {
Expect(config).To(HaveKeyWithValue("lastFMEnabled", true))
})
It("sets the lastFMApiKey", func() {
conf.Server.LastFM.ApiKey = "APIKEY-123"
r := httptest.NewRequest("GET", "/index.html", nil)
w := httptest.NewRecorder()
serveIndex(ds, fs, nil)(w, r)
config := extractAppConfig(w.Body.String())
Expect(config).To(HaveKeyWithValue("lastFMApiKey", "APIKEY-123"))
})
It("sets the devShowArtistPage", func() {
conf.Server.DevShowArtistPage = true
r := httptest.NewRequest("GET", "/index.html", nil)