Ensure that tokens are passed only in the header

lib/models/file.dart

@@ -107,9 +107,7 @@ class File {
   String getDownloadUrl() {
     return Configuration.instance.getHttpEndpoint() +
         "/files/download/" +
-        uploadedFileID.toString() +
-        "?token=" +
-        Configuration.instance.getToken();
+        uploadedFileID.toString();
   }
 
   // Passing token within the URL due to https://github.com/flutter/flutter/issues/16466
@@ -125,9 +123,7 @@ class File {
   String getThumbnailUrl() {
     return Configuration.instance.getHttpEndpoint() +
         "/files/preview/" +
-        uploadedFileID.toString() +
-        "?token=" +
-        Configuration.instance.getToken();
+        uploadedFileID.toString();
   }
 
   @override

lib/ui/settings_page.dart

@@ -2,6 +2,7 @@ import 'dart:io';
 
 import 'package:archive/archive_io.dart';
 import 'package:crisp/crisp.dart';
+import 'package:dio/dio.dart';
 import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/widgets.dart';
@@ -139,14 +140,19 @@ class UsageWidgetState extends State<UsageWidget> {
   }
 
   void _getUsage() {
-    Network.instance.getDio().get(
-      Configuration.instance.getHttpEndpoint() + "/billing/usage",
-      queryParameters: {
-        "startTime": 0,
-        "endTime": DateTime.now().microsecondsSinceEpoch,
-        "token": Configuration.instance.getToken(),
-      },
-    ).catchError((e) async {
+    Network.instance
+        .getDio()
+        .get(
+          Configuration.instance.getHttpEndpoint() + "/billing/usage",
+          queryParameters: {
+            "startTime": 0,
+            "endTime": DateTime.now().microsecondsSinceEpoch,
+          },
+          options: Options(
+            headers: {"X-Auth-Token": Configuration.instance.getToken()},
+          ),
+        )
+        .catchError((e) async {
       Logger("Settings").severe(e);
     }).then((response) async {
       if (response != null && response.statusCode == 200) {

lib/utils/file_util.dart

@@ -195,6 +195,9 @@ Future<io.File> _downloadAndDecrypt(File file, BaseCacheManager cacheManager,
       .download(
         file.getDownloadUrl(),
         encryptedFilePath,
+        options: Options(
+          headers: {"X-Auth-Token": Configuration.instance.getToken()},
+        ),
         onReceiveProgress: progressCallback,
       )
       .then((response) async {
@@ -246,7 +249,13 @@ Future<io.File> _downloadAndDecryptThumbnail(File file) async {
       "_thumbnail.decrypted";
   return Network.instance
       .getDio()
-      .download(file.getThumbnailUrl(), temporaryPath)
+      .download(
+        file.getThumbnailUrl(),
+        temporaryPath,
+        options: Options(
+          headers: {"X-Auth-Token": Configuration.instance.getToken()},
+        ),
+      )
       .then((_) async {
     final encryptedFile = io.File(temporaryPath);
     final thumbnailDecryptionKey = decryptFileKey(file);