github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): mask saved webhook URLs instead of returning encrypted values

Browse Source 
Encrypted webhook URLs are no longer returned to the frontend. Both user
and admin webhook fields now show '••••••••' as a placeholder when a URL
is already saved, and the sentinel value is skipped on save/test so the
stored secret is never exposed or accidentally overwritten.
This commit is contained in:
jubnl
2026-04-05 06:08:30 +02:00
parent d8ee545002
commit 959015928f
7 changed files with 38 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/src/api/client.ts
View File

@@ -331,7 +331,7 @@ export const notificationsApi = {
getPreferences: () => apiClient.get('/notifications/preferences').then(r => r.data),
updatePreferences: (prefs: Record<string, Record<string, boolean>>) => apiClient.put('/notifications/preferences', prefs).then(r => r.data),
testSmtp: (email?: string) => apiClient.post('/notifications/test-smtp', { email }).then(r => r.data),
testWebhook: (url: string) => apiClient.post('/notifications/test-webhook', { url }).then(r => r.data),
testWebhook: (url?: string) => apiClient.post('/notifications/test-webhook', { url }).then(r => r.data),
}
export const inAppNotificationsApi = {