lobsterboard 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lobsterboard.css +1 -1
- package/dist/lobsterboard.esm.js +1 -1
- package/dist/lobsterboard.esm.min.js +1 -1
- package/dist/lobsterboard.umd.js +1 -1
- package/dist/lobsterboard.umd.min.js +1 -1
- package/package.json +1 -1
- package/server.cjs +13 -2
- package/templates/full-screen-focus-on-openclaw-systems/config.json +5 -4
package/dist/lobsterboard.css
CHANGED
package/dist/lobsterboard.esm.js
CHANGED
package/dist/lobsterboard.umd.js
CHANGED
package/package.json
CHANGED
package/server.cjs
CHANGED
|
@@ -1276,7 +1276,9 @@ const server = http.createServer(async (req, res) => {
|
|
|
1276
1276
|
|
|
1277
1277
|
const sensitiveKeys = ['apiKey', 'api_key', 'token', 'secret', 'password'];
|
|
1278
1278
|
const privateIpRegex = /^https?:\/\/(10\.\d+\.\d+\.\d+|192\.168\.\d+\.\d+|localhost|127\.0\.0\.1)/i;
|
|
1279
|
-
|
|
1279
|
+
// URLs that may contain private auth tokens — strip them in templates
|
|
1280
|
+
const privateUrlKeys = ['icalUrl'];
|
|
1281
|
+
const privateUrlPatterns = [/[?&/]private[-_]?[a-f0-9]/i, /caldav\.icloud\.com/i, /\/private\//i];
|
|
1280
1282
|
|
|
1281
1283
|
function stripSensitive(props) {
|
|
1282
1284
|
if (!props || typeof props !== 'object') return props;
|
|
@@ -1289,7 +1291,16 @@ const server = http.createServer(async (req, res) => {
|
|
|
1289
1291
|
} else if ((key === 'url' || key === 'endpoint') && typeof result[key] === 'string' && privateIpRegex.test(result[key])) {
|
|
1290
1292
|
result[key] = 'http://your-server:port/path';
|
|
1291
1293
|
stripped = true;
|
|
1292
|
-
} else if (
|
|
1294
|
+
} else if (privateUrlKeys.includes(key) && typeof result[key] === 'string') {
|
|
1295
|
+
// Always strip private calendar/feed URLs — they contain auth tokens
|
|
1296
|
+
if (result[key] && (result[key].length > 0)) {
|
|
1297
|
+
const hasPrivateToken = privateUrlPatterns.some(p => p.test(result[key]));
|
|
1298
|
+
if (hasPrivateToken) {
|
|
1299
|
+
result[key] = '';
|
|
1300
|
+
stripped = true;
|
|
1301
|
+
}
|
|
1302
|
+
}
|
|
1303
|
+
} else if (typeof result[key] === 'object' && result[key] !== null) {
|
|
1293
1304
|
const inner = stripSensitive(result[key]);
|
|
1294
1305
|
result[key] = inner.result;
|
|
1295
1306
|
if (inner.stripped) stripped = true;
|
|
@@ -269,10 +269,11 @@
|
|
|
269
269
|
"height": 200,
|
|
270
270
|
"properties": {
|
|
271
271
|
"title": "Calendar",
|
|
272
|
-
"icalUrl": "
|
|
272
|
+
"icalUrl": "",
|
|
273
273
|
"maxEvents": 5,
|
|
274
274
|
"refreshInterval": 300
|
|
275
|
-
}
|
|
275
|
+
},
|
|
276
|
+
"_templateNote": "\u26a0\ufe0f Configure this widget's settings after import"
|
|
276
277
|
},
|
|
277
278
|
{
|
|
278
279
|
"id": "widget-48",
|
|
@@ -300,7 +301,7 @@
|
|
|
300
301
|
"apiKey": "YOUR_API_KEY_HERE",
|
|
301
302
|
"repo": "LobsterBoard"
|
|
302
303
|
},
|
|
303
|
-
"_templateNote": "
|
|
304
|
+
"_templateNote": "\u26a0\ufe0f Configure this widget's settings after import"
|
|
304
305
|
},
|
|
305
306
|
{
|
|
306
307
|
"id": "widget-50",
|
|
@@ -329,7 +330,7 @@
|
|
|
329
330
|
"apiKeyNote": "Get a free key at finnhub.io/register",
|
|
330
331
|
"refreshInterval": 60
|
|
331
332
|
},
|
|
332
|
-
"_templateNote": "
|
|
333
|
+
"_templateNote": "\u26a0\ufe0f Configure this widget's settings after import"
|
|
333
334
|
}
|
|
334
335
|
]
|
|
335
336
|
}
|