Skip to content

fix: Use aiohttp for RetroAchievements API calls #1956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 9, 2025
Merged

fix: Use aiohttp for RetroAchievements API calls #1956

merged 1 commit into from
Jun 9, 2025

Conversation

adamantike
Copy link
Contributor

@adamantike adamantike commented Jun 9, 2025
edited
Loading

Description
This change replaces the httpx client with aiohttp for the RetroAchievements API service.

The main reason for this change is that httpx has an unavoidable log line with INFO level, which includes the request full URL, containing the user's API key.

httpx has had an open discussion regarding this security issue for almost two years.

The change to aiohttp is painless, and would allow us to migrate more of the codebase to it in the future, to avoid leaking sensitive information in logs.

Checklist

  • I've tested the changes locally
  • I've updated relevant comments
  • I've assigned reviewers for this PR
  • I've added unit tests that cover the changes

@adamantike
fix: Use aiohttp for RetroAchievements API calls
fe1a9ce 
This change replaces the `httpx` client with `aiohttp` for the
RetroAchievements API service.

The main reason for this change is that `httpx` has an unavoidable log
line with `INFO` level, which includes the request full URL, containing
the user's API key.

`httpx` has had an
[open discussion](encode/httpx#2765)
regarding this security issue for almost two years.

The change to `aiohttp` is painless, and would allow us to migrate more
of the codebase to it in the future, to avoid leaking sensitive
information in logs.
@adamantike adamantike requested review from gantoine and zurdi15 June 9, 2025 13:06
@trunk-io Trunk.io
Copy link

trunk-io bot commented Jun 9, 2025

Running Code Quality on PRs by uploading data to Trunk will soon be removed. You can still run checks on your PRs using trunk-action - see the migration guide for more information.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2025

Test Results

92 tests  ±0   92 ✅ ±0   31s ⏱️ +3s
 1 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit fe1a9ce. ± Comparison against base commit dddea58.

gantoine
gantoine approved these changes Jun 9, 2025
View reviewed changes
Copy link
Member

@gantoine gantoine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@adamantike adamantike merged commit 6768e25 into master Jun 9, 2025
9 checks passed
@adamantike adamantike deleted the fix/retroachievements-api-use-aiohttp branch June 9, 2025 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gantoine gantoine gantoine approved these changes

@zurdi15 zurdi15 Awaiting requested review from zurdi15

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamantike @gantoine