OpenWeatherMap is leaking apikey

[jackblk]

I tested and found that Openweathermap widget is still not using new proxy yet, so it's leaking API key. This costs money due to subscription so I think it's very sensitive.

[benphelps]

Whoops, I’ll get that patched up soon.

[jackblk]

@benphelps I don't use Weather API but I think it is also affected 😄

[benphelps]

This has been fixed (optionally) in the latest commit, 5a8defb.

You can see some initial documentation here, https://github.com/benphelps/homepage/wiki/Settings

[benphelps]

I'm going to close this @jackblk, if you find something wrong, feel free to reopen :)

[jackblk]

@benphelps hmm I'm unable to use the new config

Error log:

TypeError: Cannot read properties of undefined (reading 'join')
    at getSettings (/app/.next/server/chunks/640.js:39:65)
    at handler (/app/.next/server/pages/api/widgets/openweathermap.js:57:98)
    at Object.apiResolver (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/api-utils/node.js:184:15)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async NextNodeServer.runApi (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/next-server.js:403:9)
    at async Object.fn (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/base-server.js:493:37)
    at async Router.execute (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/router.js:222:36)
    at async NextNodeServer.run (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/base-server.js:612:29)
    at async NextNodeServer.handleRequest (/app/node_modules/.pnpm/next@12.2.5_biqbaboplfbrettd7655fr4n2y/node_modules/next/dist/server/base-server.js:311:20)

settings.yaml

providers:
  openweathermap: abcdef

widgets.yaml

- openweathermap:
    latitude: 10
    longitude: 100
    units: metric # or imperial
    cache: 5 # Time in minutes to cache API responses, to stay within limits
    provider: openweathermap

[benphelps]

Fixed in the latest commit, I'll build a release soon.

[jackblk]

Wow that's so fast. Just a suggestion, we should add a good eslint config then add linting stage into the actions flow. I can help setting that up later if you don't mind. It will avoid small syntax issues like this.

[benphelps]

Yeah, I have some eslint configs I use for production work, I'll pull them over.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion for related concerns.