Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preview tokens 8: New structure for preview tokens #6836

Merged
merged 1 commit into from
Dec 6, 2024
Merged

Preview tokens 8: New structure for preview tokens #6836

merged 1 commit into from
Dec 6, 2024

Conversation

lukasbestle
Copy link
Member

@lukasbestle lukasbestle commented Dec 5, 2024
edited by bastianallgeier
Loading

Description

Summary of changes & Reasoning

  • Use URI instead of ID + template to be able to generate tokens for arbitrary custom blueprint preview URIs
  • Include version ID (in a secure way wrapped in JSON) to differentiate preview access by version
  • Shorten the token to 10 characters to make the preview URLs more manageable

Additional context

PR 9 will build on the URI-based tokens to implement preview tokens for custom blueprint preview options.

Coverage: One line in the previewTokenFromUrl method is not tested by this PR. This is because this case is prepared for PR 9 and will be tested there.

Changelog

Enhancements

  • Preview authentication tokens of drafts and (new in Kirby 5) versions have been shortened to 10 characters to make the preview URLs more manageable.

Breaking changes

  • Closures defined for the content.salt option will no longer receive a model when generating a salt for preview authentication tokens of drafts and versions as those tokens are now only based on the URI. Thus the salt callback instead receives null and is expected to return a fixed model-independent salt in this case. When generating a salt for a file media token, the file object is still passed as model.

Docs

Replacing https://getkirby.com/docs/reference/system/options/content#salt-for-drafts-and-media-files:

Salt for page previews and media files

URLs of page previews and media files contain a hashed token that should be hard to guess. The tokens are based on the page URI or file ID and are authenticated with a salt value. In the way Kirby uses this salt value, it should ideally be a secret. By default, Kirby uses the filesystem path of the content folder. You can define your own salt that will be used instead:

return [
  'content' => [
    'salt' => '...'
  ]
];

You can also dynamically generate a salt based on the model that needs a token:

return [
  'content' => [
    'salt' => function ($model) {
      return '...';
    }
  ]
];

<since v="5.0.0">
The $model value is set to the File object when generating a media token for a file. For page preview tokens, $model is always passed as null. Your callback should return a fixed model-independent salt in this case.
</since>

Ready?

  • In-code documentation (wherever needed)
  • Unit tests for fixed bug/feature
  • Tests and CI checks all pass

For review team

  • Add lab and/or sandbox examples (wherever helpful)
  • Add changes & docs to release notes draft in Notion

@lukasbestle
New structure for preview tokens
c452ffc 
- Use URI instead of ID + template to be able to generate tokens for arbitrary custom blueprint preview URIs
- Include version ID (in a secure way wrapped in JSON) to differentiate preview access by version
- Shorten the token to 10 characters to make the preview URLs more manageable
@lukasbestle lukasbestle added the type: enhancement ✨ Suggests an enhancement; improves Kirby label Dec 5, 2024
@lukasbestle lukasbestle added this to the 5.0.0-beta.1 milestone Dec 5, 2024
@lukasbestle lukasbestle self-assigned this Dec 5, 2024
@lukasbestle lukasbestle mentioned this pull request Dec 5, 2024
Merged
5 tasks
@bastianallgeier bastianallgeier merged commit 249c269 into v5/develop Dec 6, 2024
10 of 11 checks passed
@bastianallgeier bastianallgeier deleted the v5/changes/preview-tokens-8 branch December 6, 2024 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastianallgeier bastianallgeier bastianallgeier approved these changes

@distantnative distantnative Awaiting requested review from distantnative

Assignees

@lukasbestle lukasbestle

Labels
type: enhancement ✨ Suggests an enhancement; improves Kirby
Projects
None yet
Milestone
5.0.0-beta.1
Development

Successfully merging this pull request may close these issues.
2 participants
@lukasbestle @bastianallgeier