aboutsummaryrefslogtreecommitdiff
path: root/src/routes/settings
diff options
context:
space:
mode:
Diffstat (limited to 'src/routes/settings')
-rw-r--r--src/routes/settings/+page.server.ts14
-rw-r--r--src/routes/settings/+page.svelte2
2 files changed, 15 insertions, 1 deletions
diff --git a/src/routes/settings/+page.server.ts b/src/routes/settings/+page.server.ts
new file mode 100644
index 00000000..321e5cfd
--- /dev/null
+++ b/src/routes/settings/+page.server.ts
@@ -0,0 +1,14 @@
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
+import { encryptFeedToken } from "$lib/Utility/feedToken";
+
+// Mint the RSS feed token server-side: the encryption key never reaches the
+// client, so the URL is built here from the refresh token already in the cookie
+// rather than from tokens handed to the browser.
+export const load = async ({ cookies }) => {
+ const cookie = cookies.get("user");
+ const user = cookie ? decodeAuthCookieOrNull(cookie) : null;
+
+ return {
+ feedToken: user ? await encryptFeedToken(user.refreshToken) : undefined,
+ };
+};
diff --git a/src/routes/settings/+page.svelte b/src/routes/settings/+page.svelte
index 79642944..9a3bf990 100644
--- a/src/routes/settings/+page.svelte
+++ b/src/routes/settings/+page.svelte
@@ -55,7 +55,7 @@ export let data: PageData;
<SettingSync />
</Category>
<Category title={$locale().settings.rssFeeds.title} id="feeds" newLine={false}>
- <RssFeeds user={data.user} />
+ <RssFeeds feedToken={data.feedToken} />
</Category>
</div>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-02 19:30:38 +0000