Remove login information from update request

Removed the username and password in the GET /update request. The endpoint does not require authentication and it is unsafe to transmit login credentials over GET requests.
Support SSE for source updates
2025-04-12 23:00:24 +02:00 · 2025-04-12 22:59:48 +02:00
1 changed files with 7 additions and 20 deletions
--- a/shared/src/commonMain/kotlin/bou/amine/apps/readerforselfossv2/rest/SelfossApi.kt
+++ b/shared/src/commonMain/kotlin/bou/amine/apps/readerforselfossv2/rest/SelfossApi.kt
@ -19,6 +19,7 @@ import io.ktor.client.plugins.cookies.HttpCookies
 import io.ktor.client.plugins.logging.LogLevel
 import io.ktor.client.plugins.logging.Logger
 import io.ktor.client.plugins.logging.Logging
+import io.ktor.client.plugins.sse.SSE
 import io.ktor.client.request.get
 import io.ktor.client.request.headers
 import io.ktor.client.request.parameter
@ -89,6 +90,7 @@ class SelfossApi(
                    }
                }
            }
+            install(SSE)
            expectSuccess = false
        }

@ -363,27 +365,12 @@ class SelfossApi(
    suspend fun update(): StatusAndData<String> =
        bodyOrFailure(
            client.tryToGet(url("/update")) {
-                if (!shouldHavePostLogin()) {
-                    parameter("username", appSettingsService.getUserName())
-                    parameter("password", appSettingsService.getPassword())
-                }
-                if (appSettingsService
-                        .getBasicUserName()
-                        .isNotEmpty() &&
-                    appSettingsService.getBasicPassword().isNotEmpty()
-                ) {
                headers {
                    append(
-                            HttpHeaders.Authorization,
-                            constructBasicAuthValue(
-                                BasicAuthCredentials(
-                                    username = appSettingsService.getBasicUserName(),
-                                    password = appSettingsService.getBasicPassword(),
-                                ),
-                            ),
+                        HttpHeaders.Accept,
+                        "text/event-stream",
                    )
                }
-                }
            },
        )
Author	SHA1	Message	Date
davidoskky	4b9899c04e	Remove login information from update request All checks were successful Check PR code / translations (pull_request) Successful in 30s Details Check PR code / Lint (pull_request) Successful in 38s Details Check PR code / build (pull_request) Successful in 24s Details Removed the username and password in the GET /update request. The endpoint does not require authentication and it is unsafe to transmit login credentials over GET requests.	2025-04-12 23:00:24 +02:00
davidoskky	e9e2b6415f	Support SSE for source updates This uses the Server Side Events added in Selfoss API 6.1.0 when calling GET /update This change only supports the new response format but provides no change for the users. The older versions are still supported.	2025-04-12 22:59:48 +02:00