Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use a composition token #1592

Merged
merged 1 commit into from Nov 16, 2022
Merged

feat: use a composition token #1592

merged 1 commit into from Nov 16, 2022

Conversation

phanan
Copy link
Member

@phanan phanan commented Nov 16, 2022

Use a composition token (API + web audio tokens) to prevent the API token from being logged by server and proxy software.

@what-the-diff
Copy link

what-the-diff bot commented Nov 16, 2022
edited by phanan

  • A new token, the "audio" token, has been introduced to allow playing audio files without having full API access. This helps prevent leaking of the main (full-privileged) API token in server logs and proxies.
  • Change the API token to audio token in http.ts
  • Remove api_token from songStore and change it to t (audioToken)
  • Create a new test class AuthTest which tests login/logout functionality of Koel's API endpoints

@phanan phanan force-pushed the feat/composition-token branch 3 times, most recently from 629affc to 79f5adc Compare November 16, 2022 16:45
@phanan phanan merged commit d2f8e4d into master Nov 16, 2022
@phanan phanan deleted the feat/composition-token branch November 16, 2022 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@phanan