This pull request introduces enhancements to how API keys are handled and transmitted between the frontend and backend services, particularly for image URLs and WebSocket connections. The main goal is to ensure that API keys are consistently and securely included in requests, allowing the backend to authenticate browser-driven requests via query parameters. The changes span both frontend TypeScript code and backend C# middleware.
Frontend: API key propagation and cache access
- Added a synchronous
getCachedStartupConfigfunction tostartupConfigCache.tsfor instant access to the cached startup config, enabling API key retrieval without awaiting asynchronous calls. - Updated image URL handling in
ApiService(api.ts) to append the API key as anaccess_tokenquery parameter when present, ensuring authenticated access for image requests. - Modified SignalR connection logic in
SignalRService(signalr.ts) to append the API key as anaccess_tokento the WebSocket handshake URL, supporting server-side authentication for websocket connections. - Imported
getCachedStartupConfiginapi.tsfor use in synchronous API key retrieval.
Backend: Middleware authentication improvements
- Enhanced
ApiKeyMiddleware.csto accept API keys supplied viaaccess_tokenorapikeyquery parameters, in addition to headers, allowing authentication for requests initiated by the browser (such as SignalR and image URLs).
Automated canary build