mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2026-07-03 13:19:23 +08:00
The API request logger writes request/response details to persistent plaintext files in the temp/api_logs directory. Without masking, the Authorization header (which carries the user's Comfy API bearer token for paid nodes like Grok, Bria, Runway, Gemini, and Rodin) is written verbatim to every log file. These files are never cleaned up, so tokens accumulate on disk indefinitely. Fix: mask Authorization, X-API-Key, Cookie, Set-Cookie, and Proxy-Authorization headers before writing to log files. Non-sensitive headers pass through unchanged. 9 tests: masking behavior, case-insensitivity, non-mutation of original, and end-to-end verification that the token does not appear in the log file. Signed-off-by: John Kearney <johndanielkearney@gmail.com> |
||
|---|---|---|
| .. | ||
| compare | ||
| execution | ||
| inference | ||
| test | ||
| __init__.py | ||
| conftest.py | ||
| README.md | ||
| test_asset_seeder.py | ||
Automated Testing
Running tests locally
Additional requirements for running tests:
pip install pytest
pip install websocket-client==1.6.1
opencv-python==4.6.0.66
scikit-image==0.21.0
Run inference tests:
pytest tests/inference
Quality regression test
Compares images in 2 directories to ensure they are the same
- Run an inference test to save a directory of "ground truth" images
pytest tests/inference --output_dir tests/inference/baseline
-
Make code edits
-
Run inference and quality comparison tests
pytest