Best way to include apikey for img-source

OllisGit · November 1, 2019, 10:28pm

Hi,
my plugin should load an image via a blueprint-defined API.

<img data-bind="attr: {src: $root.snapshotUrl( snapshotFilename )}" >

In the end it looks like this:

src="http://192.168.178.37/plugin/PrintJobHistory/printJobSnapshot/20191101-195500.jpg"

BUT the server response via 403...of course!

First approach was to use the OctoPrint.options.apikey in the Javacript-Function onAfterBinding, but the result was undefined.

My current solution is to send the APIKey from the server to the client and then I can build a correct image source url:

src="http://192.168.178.37/plugin/PrintJobHistory/printJobSnapshot/20191101-195500.jpg?apikey=12345..."

Do you know other options to add an apikey to the image?

Btw. ajax-calls via jquery works, because octoprint extends these calls and add the X-Api-Key Header. I have no clue how jquery get the current api-key.

OutsourcedGuru · November 1, 2019, 11:29pm

In your plugin's JavaScript file, you should have access to a variable that's pre-supplied:

UI_API_KEY

OllisGit · November 2, 2019, 7:21am

Hi @OutsourcedGuru
thx for your feedback!

The variable is not undefined, but it is an empty string in my development setup. I use Version 1.3.11.
I tested it on my real printer, running 1.3.10 and it is working!

So, I looked into the last changelog (https://github.com/foosel/OctoPrint/blob/8409fdaa48ff692bbb050086e8d7c09940b58c59/CHANGELOG.md#improvements-1) and found this hints:

Remove UI_API_KEY and API disabling. With the inclusion of the ForceLogin plugin that doesn't serve a real purpose anymore in most cases, and it was only ever more of a rate limiting feature than an actual security measure anyhow. Plus it lead to a ton of false security alarms.

Define empty UI_API_KEY for backwards compatibility with third party plugins

hmmm...I think I need to ""stick" on my solution....or is there an other option/flag?

jneilliii · November 2, 2019, 8:09am

How about using a route hook instead of a blueprint? I used that in one of my plugins here and don't get 403 errors.

foosel · November 2, 2019, 5:44pm

What @jneilliii suggests is the clean solution.

OutsourcedGuru · November 4, 2019, 6:17pm

So my gitfiles plugin is broken now...?