mai
/
posimai-atlas
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: move Atlas scan tokens from query params to Authorization header 

github-scan / vercel-scan / tailscale-scan の3エンドポイントで
?token=... 方式を廃止し Authorization: Bearer <token> ヘッダーへ移行。
サーバーログ・ブラウザ履歴へのトークン露出を防ぐ。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
posimai 2026-04-11 00:05:24 +09:00
parent 0bd5cd9374
commit 09dd315c5f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
index.html
View File

@ -2314,7 +2314,7 @@ async function runTailscaleScan() {
try {
const apiBase = 'https://api.soar-enrich.com/brain/api';
const res = await fetch(`${apiBase}/atlas/tailscale-scan?token=${encodeURIComponent(token)}`);
const res = await fetch(`${apiBase}/atlas/tailscale-scan`, { headers: { Authorization: `Bearer ${token}` } });
if (!res.ok) {
const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
throw new Error(err.error || `HTTP ${res.status}`);
@ -2380,8 +2380,8 @@ async function runGithubScan() {
try {
const apiBase = 'https://api.soar-enrich.com/brain/api';
const url = `${apiBase}/atlas/github-scan?token=${encodeURIComponent(token)}${org ? '&org=' + encodeURIComponent(org) : ''}`;
const res = await fetch(url);
const url = `${apiBase}/atlas/github-scan${org ? '?org=' + encodeURIComponent(org) : ''}`;
const res = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
if (!res.ok) { const e = await res.json().catch(() => ({})); throw new Error(e.error || `HTTP ${res.status}`); }
const raw = await res.json();
const repos = Array.isArray(raw) ? raw : (raw.repos || []);
@ -2442,7 +2442,7 @@ async function runVercelScan() {
try {
const apiBase = 'https://api.soar-enrich.com/brain/api';
const res = await fetch(`${apiBase}/atlas/vercel-scan?token=${encodeURIComponent(token)}`);
const res = await fetch(`${apiBase}/atlas/vercel-scan`, { headers: { Authorization: `Bearer ${token}` } });
if (!res.ok) { const e = await res.json().catch(() => ({})); throw new Error(e.error || `HTTP ${res.status}`); }
const data = await res.json();
const projects = data.projects || [];