Skip to content

Commit

Permalink
Skip auth when loading audio and image input values using secure token
Browse files Browse the repository at this point in the history
  • Loading branch information
jonatanklosko committed Jun 14, 2024
1 parent 064d676 commit 9b1c898
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
2 changes: 1 addition & 1 deletion lib/livebook_web/live/output/audio_input_component.ex
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ defmodule LivebookWeb.Output.AudioInputComponent do
# token and then the controller fetches input value from the LV.
# This is especially important for client-specific inputs in forms.
token = LivebookWeb.SessionHelpers.generate_input_token(self(), input_id)
~p"/sessions/audio-input/#{token}"
~p"/public/sessions/audio-input/#{token}"
end

@impl true
Expand Down
2 changes: 1 addition & 1 deletion lib/livebook_web/live/output/image_input_component.ex
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ defmodule LivebookWeb.Output.ImageInputComponent do
# LV. This is especially important for client-specific inputs in
# forms.
token = LivebookWeb.SessionHelpers.generate_input_token(self(), input_id)
~p"/sessions/image-input/#{token}"
~p"/public/sessions/image-input/#{token}"
end

@impl true
Expand Down
4 changes: 2 additions & 2 deletions lib/livebook_web/router.ex
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ defmodule LivebookWeb.Router do

get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset
get "/sessions/node/:node_id/assets/:hash/*file_parts", SessionController, :show_cached_asset
get "/sessions/audio-input/:token", SessionController, :show_input_audio
get "/sessions/image-input/:token", SessionController, :show_input_image
end

live_session :default,
Expand Down Expand Up @@ -121,8 +123,6 @@ defmodule LivebookWeb.Router do
live "/sessions/:id/package-search", SessionLive, :package_search
get "/sessions/:id/files/:name", SessionController, :show_file
get "/sessions/:id/download/files/:name", SessionController, :download_file
get "/sessions/audio-input/:token", SessionController, :show_input_audio
get "/sessions/image-input/:token", SessionController, :show_input_image
live "/sessions/:id/settings/custom-view", SessionLive, :custom_view_settings
live "/sessions/:id/*path_parts", SessionLive, :catch_all
end
Expand Down
10 changes: 5 additions & 5 deletions test/livebook_web/controllers/session_controller_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,7 @@ defmodule LivebookWeb.SessionControllerTest do

token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)

conn = get(conn, ~p"/sessions/audio-input/#{token}")
conn = get(conn, ~p"/public/sessions/audio-input/#{token}")

assert conn.status == 200
assert conn.resp_body == "wav content"
Expand All @@ -365,7 +365,7 @@ defmodule LivebookWeb.SessionControllerTest do
conn =
conn
|> put_req_header("range", "bytes=4-")
|> get(~p"/sessions/audio-input/#{token}")
|> get(~p"/public/sessions/audio-input/#{token}")

assert conn.status == 206
assert conn.resp_body == "content"
Expand All @@ -382,7 +382,7 @@ defmodule LivebookWeb.SessionControllerTest do

token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)

conn = get(conn, ~p"/sessions/audio-input/#{token}")
conn = get(conn, ~p"/public/sessions/audio-input/#{token}")

assert conn.status == 200
assert <<_header::44-binary, "pcm content">> = conn.resp_body
Expand All @@ -402,7 +402,7 @@ defmodule LivebookWeb.SessionControllerTest do
conn =
conn
|> put_req_header("range", "bytes=48-")
|> get(~p"/sessions/audio-input/#{token}")
|> get(~p"/public/sessions/audio-input/#{token}")

assert conn.status == 206
assert conn.resp_body == "content"
Expand All @@ -421,7 +421,7 @@ defmodule LivebookWeb.SessionControllerTest do

token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)

conn = get(conn, ~p"/sessions/image-input/#{token}")
conn = get(conn, ~p"/public/sessions/image-input/#{token}")

assert conn.status == 200
assert conn.resp_body == "rgb content"
Expand Down

0 comments on commit 9b1c898

Please sign in to comment.