fix(visu): redact kamera secrets from API responses#42
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c9326f089a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| access=row["access"], | ||
| access_pin=None, # PIN-Hash niemals in der API zurückgeben | ||
| page_config=PageConfig(**pc) if pc else None, | ||
| page_config=_sanitize_page_config(PageConfig(**pc) if pc else None), |
There was a problem hiding this comment.
Redacting secrets inside _row_to_node means every internal consumer now receives scrubbed data, not just public API responses. copy_node loads the source via _get_node_or_404 and then persists source.page_config, so copied pages will store password/apiKeyValue as empty strings and Kamera widgets lose working credentials after copy. Sanitization should be applied at response serialization boundaries, not in the shared row-mapping path used for write operations.
Useful? React with 👍 / 👎.
| raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Zugriff verweigert") | ||
|
|
||
| return node.page_config or PageConfig() | ||
| return _sanitize_page_config(node.page_config) or PageConfig() |
There was a problem hiding this comment.
GET /pages/{node_id} now always returns a redacted page_config, while save_page still overwrites the full stored JSON with whatever the client posts. In a normal edit flow (load page, change layout, save), the redacted empty password/apiKeyValue values are written back and permanently erase existing Kamera credentials even when the user did not intend to rotate them. This needs either a non-redacted privileged read path or server-side merge logic that retains existing secret fields when clients submit placeholders.
Useful? React with 👍 / 👎.
| cfg = dict(widget.config or {}) | ||
| for key in _CAMERA_SECRET_KEYS: | ||
| if key in cfg: | ||
| cfg[key] = "" |
There was a problem hiding this comment.
Blanking password and apiKeyValue in _sanitize_widget_config breaks live Kamera widgets that rely on those fields to build authenticated stream URLs (frontend/src/widgets/Kamera/Widget.vue reads props.config.password/apiKeyValue directly). Because sanitization is applied on read paths, cameras using basic/apikey auth can fail immediately at runtime even when no page edit/save occurs.
Useful? React with 👍 / 👎.
1 participant
Motivation
password,apiKeyValue) inpage_config, and existing visu endpoints returnedpage_configverbatim which could leak credentials to unauthenticated or low-privilege callers.Description
_CAMERA_SECRET_KEYSand a_sanitize_widget_confighelper that blanks configured secret keys inWidgetInstance.configand returns a model copy._sanitize_page_configto apply widget-level sanitization to all widgets in aPageConfigwhile preserving non-secret fields._sanitize_page_configin_row_to_node, inGET /visu/pages/{node_id}, and inGET /visu/widget-ref/{page_id}so existing unauthenticated/low-auth endpoints no longer expose camera secrets.Testing
python -m compileall obs/api/v1/visu.pywhich completed successfully.Codex Task