fix(secu): don't store komga pwd but authstring

src/app/api/komga/test/route.ts

@@ -1,17 +1,16 @@
 import { NextResponse } from "next/server";
 import { TestService } from "@/lib/services/test.service";
-import { AuthConfig } from "@/types/auth";
+import { ConfigDBService } from "@/lib/services/config-db.service";
 
-export async function POST(request: Request) {
+export async function POST() {
   try {
-    const { serverUrl, username, password } = await request.json();
+    const config = await ConfigDBService.getConfig();
 
-    const config: AuthConfig = {
+    const { libraries } = await TestService.testConnection({
-      serverUrl,
+      serverUrl: config.url,
-      credentials: { username, password },
+      authHeader: config.authHeader,
-    };
+    });
 
-    const { libraries } = await TestService.testConnection(config);
     return NextResponse.json({
       message: "Connexion réussie",
       librariesCount: libraries.length,

src/app/settings/page.tsx

@@ -18,7 +18,6 @@ export default async function SettingsPage() {
       config = {
         url: mongoConfig.url,
         username: mongoConfig.username,
-        password: mongoConfig.password,
         userId: mongoConfig.userId,
       };
     }

src/components/settings/ClientSettings.tsx

@@ -13,7 +13,6 @@ import { CacheModeSwitch } from "@/components/settings/CacheModeSwitch";
 interface KomgaConfig {
   url: string;
   username: string;
-  password: string;
   userId: string;
 }
 

src/lib/models/config.model.ts

@@ -15,7 +15,7 @@ const configSchema = new mongoose.Schema(
       type: String,
       required: true,
     },
-    password: {
+    authHeader: {
       type: String,
       required: true,
     },

src/lib/services/base-api.service.ts

@@ -21,10 +21,7 @@ export abstract class BaseApiService {
       const config = await ConfigDBService.getConfig();
       return {
         serverUrl: config.url,
-        credentials: {
+        authHeader: config.authHeader,
-          username: config.username,
-          password: config.password,
-        },
       };
     } catch (error) {
       console.error("Erreur lors de la récupération de la configuration:", error);
@@ -33,16 +30,12 @@ export abstract class BaseApiService {
   }
 
   protected static getAuthHeaders(config: AuthConfig): Headers {
-    if (!config.credentials?.username || !config.credentials?.password) {
+    if (!config.authHeader) {
       throw new Error("Credentials Komga manquants");
     }
 
-    const auth = Buffer.from(
-      `${config.credentials.username}:${config.credentials.password}`
-    ).toString("base64");
-
     return new Headers({
-      Authorization: `Basic ${auth}`,
+      Authorization: `Basic ${config.authHeader}`,
       Accept: "application/json",
     });
   }

src/lib/services/config-db.service.ts

@@ -13,6 +13,7 @@ interface KomgaConfigData {
   url: string;
   username: string;
   password: string;
+  authHeader: string;
 }
 
 interface TTLConfigData {
@@ -37,13 +38,16 @@ export class ConfigDBService {
     const user = this.getCurrentUser();
     await connectDB();
 
+    const authHeader = Buffer.from(`${data.username}:${data.password}`).toString("base64");
+
     const config = await KomgaConfig.findOneAndUpdate(
       { userId: user.id },
       {
         userId: user.id,
         url: data.url,
         username: data.username,
-        password: data.password,
+        // password: data.password,
+        authHeader,
       },
       { upsert: true, new: true }
     );

src/types/auth.ts

@@ -2,10 +2,7 @@ import { KomgaUser } from "./komga";
 
 export interface AuthConfig {
   serverUrl: string;
-  credentials: {
+  authHeader: string;
-    username: string;
-    password: string;
-  };
 }
 
 export interface AuthState {