From 4528c5edffbc2922ac077bc3081b53873962ce40 Mon Sep 17 00:00:00 2001
From: Kasper Seweryn <github@wvffle.net>
Date: Sat, 23 Apr 2022 10:19:13 +0200
Subject: [PATCH] Remove JWT leftovers

---
 front/src/components/audio/Player.vue      | 19 +++++++++----------
 front/src/components/library/TrackBase.vue | 22 ++++++++--------------
 2 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/front/src/components/audio/Player.vue b/front/src/components/audio/Player.vue
index b8ad250d6..c27a8bf2a 100644
--- a/front/src/components/audio/Player.vue
+++ b/front/src/components/audio/Player.vue
@@ -666,18 +666,17 @@ export default {
         // so authentication can be checked by the backend
         // because for audio files we cannot use the regular Authentication
         // header
-        let param = 'jwt'
-        let value = this.$store.state.auth.token
-        if (this.$store.state.auth.scopedTokens && this.$store.state.auth.scopedTokens.listen) {
-          // used scoped tokens instead of JWT to reduce the attack surface if the token
-          // is leaked
-          param = 'token'
-          value = this.$store.state.auth.scopedTokens.listen
-        }
-        sources.forEach(e => {
-          e.url = updateQueryString(e.url, param, value)
+        return sources.map(source => {
+          source.url = updateQueryString(
+            source.url,
+            'token',
+            this.$store.state.auth.scopedTokens.listen
+          )
+
+          return source
         })
       }
+
       return sources
     },
 
diff --git a/front/src/components/library/TrackBase.vue b/front/src/components/library/TrackBase.vue
index b9be407bb..9b7b2652a 100644
--- a/front/src/components/library/TrackBase.vue
+++ b/front/src/components/library/TrackBase.vue
@@ -310,25 +310,19 @@ export default {
       return null
     },
     downloadUrl () {
-      let u = this.$store.getters['instance/absoluteUrl'](
+      const url = this.$store.getters['instance/absoluteUrl'](
         this.upload.listen_url
       )
+
       if (this.$store.state.auth.authenticated) {
-        let param = 'jwt'
-        let value = this.$store.state.auth.token
-        if (this.$store.state.auth.scopedTokens && this.$store.state.auth.scopedTokens.listen) {
-          // used scoped tokens instead of JWT to reduce the attack surface if the token
-          // is leaked
-          param = 'token'
-          value = this.$store.state.auth.scopedTokens.listen
-        }
-        u = updateQueryString(
-          u,
-          param,
-          encodeURI(value)
+        return updateQueryString(
+          url,
+          'token',
+          encodeURI(this.$store.state.auth.scopedTokens.listen)
         )
       }
-      return u
+
+      return url
     },
     attributedToUrl () {
       const route = this.$router.resolve({