Login

minsk832 · 06-18-2024, 08:55 PM

Hey! Assuming I use the following in a self-created OpenAI library:

PHP Code:
<?php
namespace App\Libraries;

class OpenAILibrary
{
    public function __construct()
    {
        $this->apiKey = getenv('OPENAI_API_KEY');
        $this->curl = service(
            'curlrequest',
            [
                'baseURI' => 'https://api.openai.com/v1/',
                'headers' => [
                    'Authorization' => 'Bearer ' . $this->apiKey,
                    'Content-Type' => 'application/json',
                ],
            ]
        );
    }
} 

If I then use the curlrequest service elsewhere in the application, this could potentially cause my API key to be accidentally sent to other servers (shared instance - https://codeigniter.com/user_guide/conce...vices.html). Or do I understand the information under https://codeigniter.com/user_guide/libra...quest.html since version 4.4.0 correctly, that $shareOptions = false by default ensures that I don't need to worry about this?

Are there other things to keep in mind here?

Thanks for your help!

***kenjis*** · 06-18-2024, 09:24 PM

Don't forget about `$shareOptions`. The setting reproduces the past incorrect behavior (= bug).

You still need to worry about that.
If you send request to other sites, you should not share the CURLRequest instance.
https://codeigniter.com/user_guide/conce...le-service

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

minsk832 · 06-19-2024, 04:55 PM

Thank you: Here I read: https://www.codeigniter.com/user_guide/l...ng-options

Quote:"Since v4.4.0, the default value has been changed to false."

system/Config/Service.php

PHP Code:
    /**
    * The CURL Request class acts as a simple HTTP client for interacting
    * with other servers, typically through APIs.
    *
    * @return CURLRequest
    */
    public static function curlrequest(array $options = [], ?ResponseInterface $response = null, ?App $config = null, bool $getShared = true)
    {
        if ($getShared === true) {
            return static::getSharedInstance('curlrequest', $options, $response, $config);
        }

        $config ??= config(App::class);
        $response ??= new Response($config);

        return new CURLRequest(
            $config,
            new URI($options['base_uri'] ?? null),
            $response,
            $options
        );
    } 

So there is no need to specifically use single_service() in my libraries that use curl requests? The options for curl requests passed to the constructor are usually not shared?

***kenjis*** · 06-19-2024, 06:25 PM

(06-19-2024, 04:55 PM)minsk832 Wrote: So there is no need to specifically use single_service() in my libraries that use curl requests? The options for curl requests passed to the constructor are usually not shared?

No! You should use single_service() to protect sensitive data.

The options for curl requests passed to the constructor are always shared.

The options to the request() method are not shared.
See https://www.codeigniter.com/user_guide/l...ml#headers
In the sample code, the headers are not shared in the next request.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper