[Core] Improve security

janishutz · janishutz · commit b5fdee2dd452 · 2026-03-18T14:47:58.000+01:00
diff --git a/src/main.ts b/src/main.ts
@@ -2,6 +2,9 @@ import '@fortawesome/fontawesome-free/css/all.css';
 import 'vue-color/style.css';
 import App from './App.vue';
 import Notifications from '@kyvg/vue3-notification';
+import {
+    backend
+} from './ts/util/url';
 import {
     createApp
 } from 'vue';
@@ -21,14 +24,14 @@ app.use( Notifications );
 
 if ( import.meta.env.VITE_BACKEND_URL ) {
     console.warn( 'Env var VITE_BACKEND_URL set: Backend at', import.meta.env.VITE_BACKEND_URL );
-    localStorage.setItem( 'url', import.meta.env.VITE_BACKEND_URL );
+    backend.url = import.meta.env.VITE_BACKEND_URL;
 } else if ( import.meta.env.MODE === 'production' || import.meta.env.VITE_OVERRIDE_PROD === 'true' ) {
     if ( import.meta.env.VITE_OVERRIDE_PROD === 'true' ) console.warn( 'Env var VITE_OVERRIDE_PROD set: using production backend' );
 
-    localStorage.setItem( 'url', 'https://api.' + location.host );
+    backend.url = 'https://api.' + location.host;
 } else {
     console.warn( 'Running against local backend' );
-    localStorage.setItem( 'url', 'http://localhost:8080' );
+    backend.url = 'http://localhost:8080';
 }
 
 if ( import.meta.env.VITE_DISABLE_LOGIN_CHECK || import.meta.env.VITE_DEV_MODE ) {
diff --git a/src/ts/auth/index.ts b/src/ts/auth/index.ts
@@ -1,6 +1,9 @@
 import type {
     JWT
 } from '@/types/jwt';
+import {
+    backend
+} from '../util/url';
 import magicLinks from './magic-links';
 import {
     ref
@@ -23,7 +26,7 @@ const login = async ( id: string, password: string ): Promise<void> => {
     const status = useStatusStore();
 
     try {
-        const res = await fetch( localStorage.getItem( 'url' ) + '/auth/login', {
+        const res = await fetch( backend.url + '/auth/login', {
             'method': 'POST',
             'headers': {
                 'Content-Type': 'application/json'
@@ -166,7 +169,7 @@ const logout = (): void => {
 
 const signup = ( username: string, email: string, pw: string, type: 'SURVEY_ADMIN' | 'CROWD_SOURCE' ): Promise<boolean> => {
     return new Promise( ( resolve, reject ) => {
-        fetch( localStorage.getItem( 'url' ) + '/auth/register', {
+        fetch( backend.url + '/auth/register', {
             'method': 'POST',
             'headers': {
                 'Content-Type': 'application/json'
diff --git a/src/ts/util/request.ts b/src/ts/util/request.ts
@@ -1,3 +1,6 @@
+import {
+    backend
+} from './url';
 import router from '@/ts/router';
 import {
     useNotification
@@ -104,7 +107,7 @@ const requestWithOpts = ( url: string, opts: RequestInit, noRedirect = false ):
         return Promise.reject( 'NO_AUTH' );
     }
 
-    const baseUrl = localStorage.getItem( 'url' );
+    const baseUrl = backend.url;
 
     if ( !baseUrl ) {
         return Promise.reject( 'NO_URL' );
diff --git a/src/ts/util/url.ts b/src/ts/util/url.ts
@@ -0,0 +1,3 @@
+export const backend = {
+    'url': 'https://api.eyetap.ivia.ch'
+};

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export const backend = {`
	`2`	`+ 'url': 'https://api.eyetap.ivia.ch'`
	`3`	`+};`