Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Response contains my API key #82

Closed
melissamcewen opened this issue Mar 12, 2019 · 7 comments
Closed

Response contains my API key #82

melissamcewen opened this issue Mar 12, 2019 · 7 comments

Comments

@melissamcewen
Copy link

Right now when I do:

base('mybase').select({
    // Selecting the first 3 records in Grid view:
    maxRecords: 3,
    view: "Grid view"
}).eachPage(function page(records, fetchNextPage) {
    // This function (`page`) will get called for each page of records.

    records.forEach(function(record) {
        console.log('Retrieved', record.get('Ingredient'));
    });

    // To fetch the next page of records, call `fetchNextPage`.
    // If there are more records, `page` will get called again.
    // If there are no more records, `done` will get called.
    fetchNextPage();

}, function done(err) {
    if (err) { console.error(err); return; }
});

The response (that's console logged here) contains something that looks like this:

{
      "_table": {
        "_base": {
          "_airtable": {
            "_apiKey": "myrealapikey",
            "_endpointUrl": "https://api.airtable.com",
            "_apiVersion": "0.1.0",
            "_apiVersionMajor": "0",
            "_allowUnauthorizedSsl": false,
            "_noRetryIfRateLimited": false,
            "requestTimeout": 300000
          },
          "_id": "something"
        },
        "id": null,
        "name": "something"
      },

This causes some issues when I'm working on for example doing live coding or demo projects (I work in developer education). This happened to a colleague of mine and he had to reset his key.
@EvanHahn
Copy link
Contributor

That's surprising! Is that happening from this line?

console.log('Retrieved', record.get('Ingredient'));

Or another one?

@melissamcewen
Copy link
Author

Yes, if I console log the whole record. Here's a working example. If you could see the console logs you could see my API key https://glitch.com/edit/#!/scaretable-page-request?path=server.js:43:51

@melissamcewen
Copy link
Author

melissamcewen commented Mar 12, 2019
edited
Loading

ahh it's not the server response, it's just the way the SDK is formatting the stuff for me to use.

@syrnick
Copy link
Contributor

syrnick commented Mar 12, 2019
edited
Loading

Correct, that's not in the server response, but rather in the in-memory representation on the client.

That said, it is fixable. I.e. we can probably fix it so that accidentally logging any objects returned by the SDK does not reveal the API key.

@melissamcewen
Copy link
Author

Ah cool, yeah that would be a great service for us using the API to teach and livestream.

EvanHahn pushed a commit that referenced this issue Mar 23, 2019
Make API key less likely to be logged
4f58655 
Before this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { _apiKey: 'keyXyz', ... }

After this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { ... }

This is accomplished with `Object.defineProperties`. By default,
properties defined this way aren't enumerable, making it more difficult
to accidentally log them.

Addresses <#82>.
@EvanHahn EvanHahn mentioned this issue Mar 23, 2019
Merged
EvanHahn added a commit that referenced this issue Mar 25, 2019
@EvanHahn
Make API key less likely to be logged (#83)
45661dd 
Before this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { _apiKey: 'keyXyz', ... }

After this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { ... }

This is accomplished with `Object.defineProperties`. By default,
properties defined this way aren't enumerable, making it more difficult
to accidentally log them.

Addresses <#82>.
@EvanHahn
Copy link
Contributor

We believe we've fixed this in #83 and will deploy a new version of Airtable.js soon!

@EvanHahn
Copy link
Contributor

A fix for this has been published in [email protected]. Let us know if this helps!

PeterPan627 added a commit to PeterPan627/airtable.js that referenced this issue May 28, 2023
@PeterPan627
Make API key less likely to be logged (#83)
8372b46 
Before this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { _apiKey: 'keyXyz', ... }

After this change:

    const at = new Airtable({ apiKey: 'keyXyz' })
    console.log(at)
    // => Class { ... }

This is accomplished with `Object.defineProperties`. By default,
properties defined this way aren't enumerable, making it more difficult
to accidentally log them.

Addresses <Airtable/airtable.js#82>.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@syrnick @EvanHahn @melissamcewen