Ensure that tokens are passed only in the header

2020-11-27 12:22:07 +05:30 · 2020-11-27 12:22:07 +05:30 · cd224e523d
commit cd224e523d
parent 19cb8989fe
3 changed files with 26 additions and 15 deletions
--- a/lib/models/file.dart
+++ b/lib/models/file.dart
@ -107,9 +107,7 @@ class File {
  String getDownloadUrl() {
    return Configuration.instance.getHttpEndpoint() +
        "/files/download/" +
-        uploadedFileID.toString() +
-        "?token=" +
-        Configuration.instance.getToken();
+        uploadedFileID.toString();
  }

  // Passing token within the URL due to https://github.com/flutter/flutter/issues/16466
@ -125,9 +123,7 @@ class File {
  String getThumbnailUrl() {
    return Configuration.instance.getHttpEndpoint() +
        "/files/preview/" +
-        uploadedFileID.toString() +
-        "?token=" +
-        Configuration.instance.getToken();
+        uploadedFileID.toString();
  }

  @override
--- a/lib/ui/settings_page.dart
+++ b/lib/ui/settings_page.dart
@ -2,6 +2,7 @@ import 'dart:io';

 import 'package:archive/archive_io.dart';
 import 'package:crisp/crisp.dart';
+import 'package:dio/dio.dart';
 import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/widgets.dart';
@ -139,14 +140,19 @@ class UsageWidgetState extends State<UsageWidget> {
  }

  void _getUsage() {
-    Network.instance.getDio().get(
-      Configuration.instance.getHttpEndpoint() + "/billing/usage",
-      queryParameters: {
-        "startTime": 0,
-        "endTime": DateTime.now().microsecondsSinceEpoch,
-        "token": Configuration.instance.getToken(),
-      },
-    ).catchError((e) async {
+    Network.instance
+        .getDio()
+        .get(
+          Configuration.instance.getHttpEndpoint() + "/billing/usage",
+          queryParameters: {
+            "startTime": 0,
+            "endTime": DateTime.now().microsecondsSinceEpoch,
+          },
+          options: Options(
+            headers: {"X-Auth-Token": Configuration.instance.getToken()},
+          ),
+        )
+        .catchError((e) async {
      Logger("Settings").severe(e);
    }).then((response) async {
      if (response != null && response.statusCode == 200) {
--- a/lib/utils/file_util.dart
+++ b/lib/utils/file_util.dart
@ -195,6 +195,9 @@ Future<io.File> _downloadAndDecrypt(File file, BaseCacheManager cacheManager,
      .download(
        file.getDownloadUrl(),
        encryptedFilePath,
+        options: Options(
+          headers: {"X-Auth-Token": Configuration.instance.getToken()},
+        ),
        onReceiveProgress: progressCallback,
      )
      .then((response) async {
@ -246,7 +249,13 @@ Future<io.File> _downloadAndDecryptThumbnail(File file) async {
      "_thumbnail.decrypted";
  return Network.instance
      .getDio()
-      .download(file.getThumbnailUrl(), temporaryPath)
+      .download(
+        file.getThumbnailUrl(),
+        temporaryPath,
+        options: Options(
+          headers: {"X-Auth-Token": Configuration.instance.getToken()},
+        ),
+      )
      .then((_) async {
    final encryptedFile = io.File(temporaryPath);
    final thumbnailDecryptionKey = decryptFileKey(file);