mirror of
https://git.ianrenton.com/ian/spothole.git
synced 2026-06-24 05:35:10 +00:00
Move user credentials into HTTP request headers to prevent them being logged in the server logs
This commit is contained in:
Ian Renton
@@ -6,7 +6,7 @@ let alerts = [];
|
||||
|
||||
// Load alerts and populate the table.
|
||||
function loadAlerts() {
|
||||
$.getJSON('/api/v2/alerts' + buildQueryString(false), function (jsonData) {
|
||||
$.ajax({url: '/api/v2/alerts' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
|
||||
// Store last updated time
|
||||
lastUpdateTime = moment.utc();
|
||||
updateRefreshDisplay();
|
||||
@@ -14,11 +14,11 @@ function loadAlerts() {
|
||||
alerts = jsonData;
|
||||
// Update table
|
||||
updateTable();
|
||||
});
|
||||
}});
|
||||
}
|
||||
|
||||
// Build a query string for the API, based on the filters that the user has selected.
|
||||
function buildQueryString(includeCredentials) {
|
||||
function buildQueryString() {
|
||||
let str = "?";
|
||||
["dx_continent", "source"].forEach(fn => {
|
||||
if (!allFilterOptionsSelected(fn)) {
|
||||
@@ -33,9 +33,6 @@ function buildQueryString(includeCredentials) {
|
||||
if ($("#dxpeditions_skip_max_duration_check")[0].checked) {
|
||||
str = str + "&dxpeditions_skip_max_duration_check=true";
|
||||
}
|
||||
if (includeCredentials) {
|
||||
str = str + getCredentialQueryString();
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ BAND_COLUMN_SPOT_DIV_HEIGHT_PX = BAND_COLUMN_FONT_SIZE * 1.6;
|
||||
|
||||
// Load spots and populate the bands display.
|
||||
function loadSpots() {
|
||||
$.getJSON('/api/v2/spots' + buildQueryString(false), function (jsonData) {
|
||||
$.ajax({url: '/api/v2/spots' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
|
||||
// Store last updated time
|
||||
lastUpdateTime = moment.utc();
|
||||
updateRefreshDisplay();
|
||||
@@ -20,11 +20,11 @@ function loadSpots() {
|
||||
spots = jsonData;
|
||||
// Update bands display
|
||||
updateBands();
|
||||
});
|
||||
}});
|
||||
}
|
||||
|
||||
// Build a query string for the API, based on the filters that the user has selected.
|
||||
function buildQueryString(includeCredentials) {
|
||||
function buildQueryString() {
|
||||
let str = "?";
|
||||
["dx_continent", "de_continent", "mode", "source", "band", "sig"].forEach(fn => {
|
||||
if (!allFilterOptionsSelected(fn)) {
|
||||
@@ -34,9 +34,6 @@ function buildQueryString(includeCredentials) {
|
||||
str = str + "max_age=" + $("#max-spot-age option:selected").val();
|
||||
// Additional filters for the bands view: No dupes, no QRT
|
||||
str = str + "&dedupe=true&allow_qrt=false";
|
||||
if (includeCredentials) {
|
||||
str = str + getCredentialQueryString();
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
@@ -273,23 +273,23 @@ function closeDataPanel() {
|
||||
closePanel("#data-area");
|
||||
}
|
||||
|
||||
// Build a query string fragment containing any QRZ.com / HamQTH credentials the user has supplied,
|
||||
// Build a headers object containing any QRZ.com / HamQTH credentials the user has supplied,
|
||||
// provided the corresponding "enabled" checkbox is ticked.
|
||||
function getCredentialQueryString() {
|
||||
let str = "";
|
||||
function getCredentialHeaders() {
|
||||
const headers = {};
|
||||
if ($("#qrz-enabled")[0] && $("#qrz-enabled")[0].checked) {
|
||||
const qrzUsername = $("#qrz-username").val();
|
||||
const qrzPassword = $("#qrz-password").val();
|
||||
if (qrzUsername) str += "&qrz_username=" + encodeURIComponent(qrzUsername);
|
||||
if (qrzPassword) str += "&qrz_password=" + encodeURIComponent(qrzPassword);
|
||||
if (qrzUsername) headers["X-QRZ-Username"] = qrzUsername;
|
||||
if (qrzPassword) headers["X-QRZ-Password"] = qrzPassword;
|
||||
}
|
||||
if ($("#hamqth-enabled")[0] && $("#hamqth-enabled")[0].checked) {
|
||||
const hamqthUsername = $("#hamqth-username").val();
|
||||
const hamqthPassword = $("#hamqth-password").val();
|
||||
if (hamqthUsername) str += "&hamqth_username=" + encodeURIComponent(hamqthUsername);
|
||||
if (hamqthPassword) str += "&hamqth_password=" + encodeURIComponent(hamqthPassword);
|
||||
if (hamqthUsername) headers["X-HamQTH-Username"] = hamqthUsername;
|
||||
if (hamqthPassword) headers["X-HamQTH-Password"] = hamqthPassword;
|
||||
}
|
||||
return str;
|
||||
return headers;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ let firstLoad = true;
|
||||
|
||||
// Load spots and populate the map.
|
||||
function loadSpots() {
|
||||
$.getJSON('/api/v2/spots' + buildQueryString(true), function (jsonData) {
|
||||
$.ajax({url: '/api/v2/spots' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
|
||||
// Store data
|
||||
spots = jsonData;
|
||||
// Update map
|
||||
@@ -36,11 +36,11 @@ function loadSpots() {
|
||||
if ($("#showTerminator")[0].checked) {
|
||||
terminator.setTime();
|
||||
}
|
||||
});
|
||||
}});
|
||||
}
|
||||
|
||||
// Build a query string for the API, based on the filters that the user has selected.
|
||||
function buildQueryString(includeCredentials) {
|
||||
function buildQueryString() {
|
||||
let str = "?";
|
||||
["dx_continent", "de_continent", "mode", "source", "band", "sig"].forEach(fn => {
|
||||
if (!allFilterOptionsSelected(fn)) {
|
||||
@@ -50,9 +50,6 @@ function buildQueryString(includeCredentials) {
|
||||
str = str + "max_age=" + $("#max-spot-age option:selected").val();
|
||||
// Additional filters for the map view: No dupes, no QRT, only spots with good locations
|
||||
str = str + "&dedupe=true&allow_qrt=false";
|
||||
if (includeCredentials) {
|
||||
str = str + getCredentialQueryString();
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ function loadSpots() {
|
||||
}
|
||||
|
||||
// Make the new query
|
||||
$.getJSON('/api/v2/spots' + buildQueryString(false), function (jsonData) {
|
||||
$.ajax({url: '/api/v2/spots' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
|
||||
// Store data
|
||||
spots = jsonData;
|
||||
// Update table
|
||||
@@ -30,7 +30,7 @@ function loadSpots() {
|
||||
if (run) {
|
||||
startSSEConnection();
|
||||
}
|
||||
});
|
||||
}});
|
||||
}
|
||||
|
||||
// Start an SSE connection (closing an existing one if it exists). This will then be used to add to the table on the
|
||||
@@ -39,7 +39,7 @@ function startSSEConnection() {
|
||||
if (evtSource != null) {
|
||||
evtSource.close();
|
||||
}
|
||||
evtSource = new EventSource('/api/v2/spots/stream' + buildQueryString(true));
|
||||
evtSource = new EventSource('/api/v2/spots/stream' + buildQueryString());
|
||||
|
||||
evtSource.onmessage = function (event) {
|
||||
// Get the new spot
|
||||
@@ -86,7 +86,7 @@ function startSSEConnection() {
|
||||
}
|
||||
|
||||
// Build a query string for the API, based on the filters that the user has selected.
|
||||
function buildQueryString(includeCredentials) {
|
||||
function buildQueryString() {
|
||||
let str = "?";
|
||||
["dx_continent", "de_continent", "mode", "source", "band", "sig"].forEach(fn => {
|
||||
if (!allFilterOptionsSelected(fn)) {
|
||||
@@ -97,9 +97,6 @@ function buildQueryString(includeCredentials) {
|
||||
if ($("#search").val() !== "") {
|
||||
str = str + "&text_includes=" + encodeURIComponent($("#search").val());
|
||||
}
|
||||
if (includeCredentials) {
|
||||
str = str + getCredentialQueryString();
|
||||
}
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user