MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove JWT leftovers

This commit is contained in:
Kasper Seweryn 2022-04-23 10:19:13 +02:00 committed by Georg Krause
parent 9fcc745e3c
commit 4528c5edff
No known key found for this signature in database
GPG Key ID: 2970D504B2183D22
2 changed files with 17 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
front/src/components/audio/Player.vue
View File

@ -666,18 +666,17 @@ export default {
// so authentication can be checked by the backend // so authentication can be checked by the backend
// because for audio files we cannot use the regular Authentication // because for audio files we cannot use the regular Authentication
// header // header
let param = 'jwt' return sources.map(source => {
let value = this.$store.state.auth.token source.url = updateQueryString(
if (this.$store.state.auth.scopedTokens && this.$store.state.auth.scopedTokens.listen) { source.url,
// used scoped tokens instead of JWT to reduce the attack surface if the token 'token',
// is leaked this.$store.state.auth.scopedTokens.listen
param = 'token' )
value = this.$store.state.auth.scopedTokens.listen
} return source
sources.forEach(e => {
e.url = updateQueryString(e.url, param, value)
}) })
} }
return sources return sources
}, },

22
front/src/components/library/TrackBase.vue
View File

@ -310,25 +310,19 @@ export default {
return null return null
}, },
downloadUrl () { downloadUrl () {
let u = this.$store.getters['instance/absoluteUrl']( const url = this.$store.getters['instance/absoluteUrl'](
this.upload.listen_url this.upload.listen_url
) )
if (this.$store.state.auth.authenticated) { if (this.$store.state.auth.authenticated) {
let param = 'jwt' return updateQueryString(
let value = this.$store.state.auth.token url,
if (this.$store.state.auth.scopedTokens && this.$store.state.auth.scopedTokens.listen) { 'token',
// used scoped tokens instead of JWT to reduce the attack surface if the token encodeURI(this.$store.state.auth.scopedTokens.listen)
// is leaked
param = 'token'
value = this.$store.state.auth.scopedTokens.listen
}
u = updateQueryString(
u,
param,
encodeURI(value)
) )
} }
return u
return url
}, },
attributedToUrl () { attributedToUrl () {
const route = this.$router.resolve({ const route = this.$router.resolve({