yetangitu/funkwhale
1
0
Fork 0
mirror of https://code.eliotberriot.com/funkwhale/funkwhale.git synced 2025-10-04 23:59:17 +02:00
Code Issues Releases Wiki Activity

Use scoped tokens to load <audio> urls instead of JWT

Browse source
This commit is contained in:
Agate 2020-05-11 10:06:35 +02:00
parent ff73de81d0
commit e331a87478
No known key found for this signature in database
GPG key ID: 6B501DFD73514E14
17 changed files with 265 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

11
front/src/components/audio/Player.vue
View file

@ -428,8 +428,17 @@ export default {
// so authentication can be checked by the backend
// because for audio files we cannot use the regular Authentication
// header
let param = "jwt"
let value = this.$store.state.auth.token
if (this.$store.state.auth.scopedTokens && this.$store.state.auth.scopedTokens.listen) {
// used scoped tokens instead of JWT to reduce the attack surface if the token
// is leaked
param = "token"
value = this.$store.state.auth.scopedTokens.listen
}
console.log('HELLO', param, value, this.$store.state.auth.scopedTokens)
sources.forEach(e => {
e.url = url.updateQueryString(e.url, 'jwt', this.$store.state.auth.token)
e.url = url.updateQueryString(e.url, param, value)
})
}
return sources