From 980a6daca29571bce1375cd9a58992b99e2c690f Mon Sep 17 00:00:00 2001
From: Julien Froidefond <julien.froidefond@cdbdx.biz>
Date: Mon, 24 Feb 2025 08:28:43 +0100
Subject: [PATCH] fix(secu): don't store komga pwd but authstring

---
 src/app/api/komga/test/route.ts            | 15 +++++++--------
 src/app/settings/page.tsx                  |  1 -
 src/components/settings/ClientSettings.tsx |  1 -
 src/lib/models/config.model.ts             |  2 +-
 src/lib/services/base-api.service.ts       | 13 +++----------
 src/lib/services/config-db.service.ts      |  6 +++++-
 src/types/auth.ts                          |  5 +----
 7 files changed, 17 insertions(+), 26 deletions(-)

diff --git a/src/app/api/komga/test/route.ts b/src/app/api/komga/test/route.ts
index c586b4b..cc9df9c 100644
--- a/src/app/api/komga/test/route.ts
+++ b/src/app/api/komga/test/route.ts
@@ -1,17 +1,16 @@
 import { NextResponse } from "next/server";
 import { TestService } from "@/lib/services/test.service";
-import { AuthConfig } from "@/types/auth";
+import { ConfigDBService } from "@/lib/services/config-db.service";
 
-export async function POST(request: Request) {
+export async function POST() {
   try {
-    const { serverUrl, username, password } = await request.json();
+    const config = await ConfigDBService.getConfig();
 
-    const config: AuthConfig = {
-      serverUrl,
-      credentials: { username, password },
-    };
+    const { libraries } = await TestService.testConnection({
+      serverUrl: config.url,
+      authHeader: config.authHeader,
+    });
 
-    const { libraries } = await TestService.testConnection(config);
     return NextResponse.json({
       message: "Connexion réussie",
       librariesCount: libraries.length,
diff --git a/src/app/settings/page.tsx b/src/app/settings/page.tsx
index e7be094..f0741cc 100644
--- a/src/app/settings/page.tsx
+++ b/src/app/settings/page.tsx
@@ -18,7 +18,6 @@ export default async function SettingsPage() {
       config = {
         url: mongoConfig.url,
         username: mongoConfig.username,
-        password: mongoConfig.password,
         userId: mongoConfig.userId,
       };
     }
diff --git a/src/components/settings/ClientSettings.tsx b/src/components/settings/ClientSettings.tsx
index 7680eb0..91ad3a8 100644
--- a/src/components/settings/ClientSettings.tsx
+++ b/src/components/settings/ClientSettings.tsx
@@ -13,7 +13,6 @@ import { CacheModeSwitch } from "@/components/settings/CacheModeSwitch";
 interface KomgaConfig {
   url: string;
   username: string;
-  password: string;
   userId: string;
 }
 
diff --git a/src/lib/models/config.model.ts b/src/lib/models/config.model.ts
index 04ace86..704713b 100644
--- a/src/lib/models/config.model.ts
+++ b/src/lib/models/config.model.ts
@@ -15,7 +15,7 @@ const configSchema = new mongoose.Schema(
       type: String,
       required: true,
     },
-    password: {
+    authHeader: {
       type: String,
       required: true,
     },
diff --git a/src/lib/services/base-api.service.ts b/src/lib/services/base-api.service.ts
index 06480d7..e94b459 100644
--- a/src/lib/services/base-api.service.ts
+++ b/src/lib/services/base-api.service.ts
@@ -21,10 +21,7 @@ export abstract class BaseApiService {
       const config = await ConfigDBService.getConfig();
       return {
         serverUrl: config.url,
-        credentials: {
-          username: config.username,
-          password: config.password,
-        },
+        authHeader: config.authHeader,
       };
     } catch (error) {
       console.error("Erreur lors de la récupération de la configuration:", error);
@@ -33,16 +30,12 @@ export abstract class BaseApiService {
   }
 
   protected static getAuthHeaders(config: AuthConfig): Headers {
-    if (!config.credentials?.username || !config.credentials?.password) {
+    if (!config.authHeader) {
       throw new Error("Credentials Komga manquants");
     }
 
-    const auth = Buffer.from(
-      `${config.credentials.username}:${config.credentials.password}`
-    ).toString("base64");
-
     return new Headers({
-      Authorization: `Basic ${auth}`,
+      Authorization: `Basic ${config.authHeader}`,
       Accept: "application/json",
     });
   }
diff --git a/src/lib/services/config-db.service.ts b/src/lib/services/config-db.service.ts
index ec4a0d6..4f44eab 100644
--- a/src/lib/services/config-db.service.ts
+++ b/src/lib/services/config-db.service.ts
@@ -13,6 +13,7 @@ interface KomgaConfigData {
   url: string;
   username: string;
   password: string;
+  authHeader: string;
 }
 
 interface TTLConfigData {
@@ -37,13 +38,16 @@ export class ConfigDBService {
     const user = this.getCurrentUser();
     await connectDB();
 
+    const authHeader = Buffer.from(`${data.username}:${data.password}`).toString("base64");
+
     const config = await KomgaConfig.findOneAndUpdate(
       { userId: user.id },
       {
         userId: user.id,
         url: data.url,
         username: data.username,
-        password: data.password,
+        // password: data.password,
+        authHeader,
       },
       { upsert: true, new: true }
     );
diff --git a/src/types/auth.ts b/src/types/auth.ts
index 7397e6e..ae98dfd 100644
--- a/src/types/auth.ts
+++ b/src/types/auth.ts
@@ -2,10 +2,7 @@ import { KomgaUser } from "./komga";
 
 export interface AuthConfig {
   serverUrl: string;
-  credentials: {
-    username: string;
-    password: string;
-  };
+  authHeader: string;
 }
 
 export interface AuthState {