chore: remove ACLED_EMAIL/ACLED_PASSWORD credential validation (#1530)

ACLED migrated to token-based auth (ACLED_ACCESS_TOKEN). The email/password OAuth flow is no longer used. Remove the dead validation cases and drop both keys from ALLOWED_ENV_KEYS. Extracted from PR #1522 (scope split). Co-authored-by: Jon Torrez <jrtorrez31337@users.noreply.github.com>
2026-04-25 17:14:57 +02:00 · 2026-03-13 20:26:03 +04:00
parent b5941301c4
commit 15121f2092
1 changed files with 1 additions and 46 deletions
--- a/src-tauri/sidecar/local-api-server.mjs
+++ b/src-tauri/sidecar/local-api-server.mjs
@@ -137,7 +137,7 @@ globalThis.fetch = async function ipv4Fetch(input, init) {

 const ALLOWED_ENV_KEYS = new Set([
  'GROQ_API_KEY', 'OPENROUTER_API_KEY', 'TAVILY_API_KEYS', 'BRAVE_API_KEYS', 'SERPAPI_API_KEYS', 'FRED_API_KEY', 'EIA_API_KEY',
-  'CLOUDFLARE_API_TOKEN', 'ACLED_ACCESS_TOKEN', 'ACLED_EMAIL', 'ACLED_PASSWORD', 'URLHAUS_AUTH_KEY',
+  'CLOUDFLARE_API_TOKEN', 'ACLED_ACCESS_TOKEN', 'URLHAUS_AUTH_KEY',
  'OTX_API_KEY', 'ABUSEIPDB_API_KEY', 'WINGBITS_API_KEY', 'WS_RELAY_URL',
  'VITE_OPENSKY_RELAY_URL', 'OPENSKY_CLIENT_ID', 'OPENSKY_CLIENT_SECRET',
  'AISSTREAM_API_KEY', 'VITE_WS_RELAY_URL', 'FINNHUB_API_KEY', 'NASA_FIRMS_API_KEY',
@@ -806,51 +806,6 @@ async function validateSecretAgainstProvider(key, rawValue, context = {}) {
      return ok('ACLED token verified');
    }

-    case 'ACLED_EMAIL':
-      // Email is validated together with ACLED_PASSWORD; store it for now.
-      return ok('ACLED email stored');
-
-    case 'ACLED_PASSWORD': {
-      // Validate ACLED credentials via OAuth token exchange.
-      // Uses the same /oauth/token endpoint as server/_shared/acled-auth.ts.
-      // Requires ACLED_EMAIL to be set first (via local-env-update).
-      const email = String(context.ACLED_EMAIL || process.env.ACLED_EMAIL || '').trim();
-      if (!email) {
-        return fail('Set ACLED_EMAIL before verifying the password');
-      }
-      const oauthBody = new URLSearchParams({
-        username: email,
-        password: value,
-        grant_type: 'password',
-        client_id: 'acled',
-      });
-      const loginResponse = await fetchWithTimeout('https://acleddata.com/oauth/token', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-          Accept: 'application/json',
-          'User-Agent': CHROME_UA,
-        },
-        body: oauthBody.toString(),
-      });
-      const loginText = await loginResponse.text();
-      if (isCloudflareChallenge403(loginResponse, loginText)) {
-        return ok('ACLED credentials stored (Cloudflare blocked verification)');
-      }
-      if (isAuthFailure(loginResponse.status, loginText)) {
-        return fail('ACLED rejected these credentials');
-      }
-      if (!loginResponse.ok) return fail(`ACLED OAuth probe failed (${loginResponse.status})`);
-      let loginPayload = null;
-      try { loginPayload = JSON.parse(loginText); } catch { /* ignore */ }
-      if (loginPayload?.access_token) {
-        // Store the obtained OAuth token so API handlers can use it.
-        process.env.ACLED_ACCESS_TOKEN = loginPayload.access_token;
-        return ok('ACLED credentials verified (OAuth token obtained)');
-      }
-      return ok('ACLED credentials accepted');
-    }
-
    case 'URLHAUS_AUTH_KEY': {
      const response = await fetchWithTimeout('https://urlhaus-api.abuse.ch/v1/urls/recent/limit/1/', {
        headers: {