From c827d442ec489cc863b7c200de71979a909e150c Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Tue, 16 Jul 2024 15:58:20 -0400 Subject: [PATCH] Encode secret --- libretranslate/app.py | 2 +- libretranslate/secret.py | 4 ++++ libretranslate/templates/app.js.template | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libretranslate/app.py b/libretranslate/app.py index 4e115cc..80c3b2a 100644 --- a/libretranslate/app.py +++ b/libretranslate/app.py @@ -402,7 +402,7 @@ def create_app(args): response = Response(render_template("app.js.template", url_prefix=args.url_prefix, get_api_key_link=args.get_api_key_link, - api_secret=secret.get_current_secret() if args.require_api_key_secret else ""), content_type='application/javascript; charset=utf-8') + api_secret=secret.get_current_secret_b64() if args.require_api_key_secret else ""), content_type='application/javascript; charset=utf-8') if args.require_api_key_secret: response.headers['Last-Modified'] = http_date(datetime.now()) diff --git a/libretranslate/secret.py b/libretranslate/secret.py index 8778ff7..048910d 100644 --- a/libretranslate/secret.py +++ b/libretranslate/secret.py @@ -1,3 +1,4 @@ +import base64 import random import string @@ -21,6 +22,9 @@ def secret_match(secret): def get_current_secret(): return get_storage().get_str("secret_1") +def get_current_secret_b64(): + return base64.b64encode(get_current_secret().encode("utf-8")).decode("utf-8") + def setup(args): if args.api_keys and args.require_api_key_secret: s = get_storage() diff --git a/libretranslate/templates/app.js.template b/libretranslate/templates/app.js.template index 7727451..b2f5c39 100644 --- a/libretranslate/templates/app.js.template +++ b/libretranslate/templates/app.js.template @@ -41,7 +41,7 @@ document.addEventListener('DOMContentLoaded', function(){ filesTranslation: true, frontendTimeout: 500, - apiSecret: "{{ api_secret }}" + apiSecret: atob("{{ api_secret }}") }, mounted: function() { const self = this;