Commit Graph

4 Commits

Author SHA1 Message Date
Authensor
f67f4ac76d fix: mask sensitive headers in API request logs
The API request logger writes request/response details to persistent
plaintext files in the temp/api_logs directory. Without masking, the
Authorization header (which carries the user's Comfy API bearer token for
paid nodes like Grok, Bria, Runway, Gemini, and Rodin) is written verbatim
to every log file. These files are never cleaned up, so tokens accumulate
on disk indefinitely.

Fix: mask Authorization, X-API-Key, Cookie, Set-Cookie, and
Proxy-Authorization headers before writing to log files. Non-sensitive
headers pass through unchanged.

9 tests: masking behavior, case-insensitivity, non-mutation of original,
and end-to-end verification that the token does not appear in the log file.

Signed-off-by: John Kearney <johndanielkearney@gmail.com>
2026-07-02 17:10:51 -05:00
Alexander Piskun
4a93a62371
fix(api-nodes): add separate retry budget for 429 rate limit responses (#12421)
Some checks are pending
Python Linting / Run Ruff (push) Waiting to run
Python Linting / Run Pylint (push) Waiting to run
Full Comfy CI Workflow Runs / test-stable (12.1, , linux, 3.10, [self-hosted Linux], stable) (push) Waiting to run
Full Comfy CI Workflow Runs / test-stable (12.1, , linux, 3.11, [self-hosted Linux], stable) (push) Waiting to run
Full Comfy CI Workflow Runs / test-stable (12.1, , linux, 3.12, [self-hosted Linux], stable) (push) Waiting to run
Full Comfy CI Workflow Runs / test-unix-nightly (12.1, , linux, 3.11, [self-hosted Linux], nightly) (push) Waiting to run
Execution Tests / test (macos-latest) (push) Waiting to run
Execution Tests / test (ubuntu-latest) (push) Waiting to run
Execution Tests / test (windows-latest) (push) Waiting to run
Test server launches without errors / test (push) Waiting to run
Unit Tests / test (macos-latest) (push) Waiting to run
Unit Tests / test (ubuntu-latest) (push) Waiting to run
Unit Tests / test (windows-2022) (push) Waiting to run
2026-02-12 01:38:51 -08:00
Alexander Piskun
3c8456223c
[API Nodes]: fixes and refactor (#11104)
* chore(api-nodes): applied ruff's pyupgrade(python3.10) to api-nodes client's to folder

* chore(api-nodes): add validate_video_frame_count function from LTX PR

* chore(api-nodes): replace deprecated V1 imports

* fix(api-nodes): the types returned by the "poll_op" function are now correct.
2025-12-04 14:05:28 -08:00
Alexander Piskun
bda0eb2448
feat(API-nodes): move Rodin3D nodes to new client; removed old api client.py (#10645) 2025-11-05 02:16:00 -08:00