Skip auth when loading audio and image input values using secure token

lib/livebook_web/live/output/audio_input_component.ex

@@ -47,7 +47,7 @@ defmodule LivebookWeb.Output.AudioInputComponent do
     # token and then the controller fetches input value from the LV.
     # This is especially important for client-specific inputs in forms.
     token = LivebookWeb.SessionHelpers.generate_input_token(self(), input_id)
-    ~p"/sessions/audio-input/#{token}"
+    ~p"/public/sessions/audio-input/#{token}"
   end
 
   @impl true

lib/livebook_web/live/output/image_input_component.ex

@@ -43,7 +43,7 @@ defmodule LivebookWeb.Output.ImageInputComponent do
     # LV. This is especially important for client-specific inputs in
     # forms.
     token = LivebookWeb.SessionHelpers.generate_input_token(self(), input_id)
-    ~p"/sessions/image-input/#{token}"
+    ~p"/public/sessions/image-input/#{token}"
   end
 
   @impl true

lib/livebook_web/router.ex

@@ -54,6 +54,8 @@ defmodule LivebookWeb.Router do
 
     get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset
     get "/sessions/node/:node_id/assets/:hash/*file_parts", SessionController, :show_cached_asset
+    get "/sessions/audio-input/:token", SessionController, :show_input_audio
+    get "/sessions/image-input/:token", SessionController, :show_input_image
   end
 
   live_session :default,
@@ -121,8 +123,6 @@ defmodule LivebookWeb.Router do
       live "/sessions/:id/package-search", SessionLive, :package_search
       get "/sessions/:id/files/:name", SessionController, :show_file
       get "/sessions/:id/download/files/:name", SessionController, :download_file
-      get "/sessions/audio-input/:token", SessionController, :show_input_audio
-      get "/sessions/image-input/:token", SessionController, :show_input_image
       live "/sessions/:id/settings/custom-view", SessionLive, :custom_view_settings
       live "/sessions/:id/*path_parts", SessionLive, :catch_all
     end

test/livebook_web/controllers/session_controller_test.exs

@@ -345,7 +345,7 @@ defmodule LivebookWeb.SessionControllerTest do
 
       token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)
 
-      conn = get(conn, ~p"/sessions/audio-input/#{token}")
+      conn = get(conn, ~p"/public/sessions/audio-input/#{token}")
 
       assert conn.status == 200
       assert conn.resp_body == "wav content"
@@ -365,7 +365,7 @@ defmodule LivebookWeb.SessionControllerTest do
       conn =
         conn
         |> put_req_header("range", "bytes=4-")
-        |> get(~p"/sessions/audio-input/#{token}")
+        |> get(~p"/public/sessions/audio-input/#{token}")
 
       assert conn.status == 206
       assert conn.resp_body == "content"
@@ -382,7 +382,7 @@ defmodule LivebookWeb.SessionControllerTest do
 
       token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)
 
-      conn = get(conn, ~p"/sessions/audio-input/#{token}")
+      conn = get(conn, ~p"/public/sessions/audio-input/#{token}")
 
       assert conn.status == 200
       assert <<_header::44-binary, "pcm content">> = conn.resp_body
@@ -402,7 +402,7 @@ defmodule LivebookWeb.SessionControllerTest do
       conn =
         conn
         |> put_req_header("range", "bytes=48-")
-        |> get(~p"/sessions/audio-input/#{token}")
+        |> get(~p"/public/sessions/audio-input/#{token}")
 
       assert conn.status == 206
       assert conn.resp_body == "content"
@@ -421,7 +421,7 @@ defmodule LivebookWeb.SessionControllerTest do
 
       token = LivebookWeb.SessionHelpers.generate_input_token(view.pid, input_id)
 
-      conn = get(conn, ~p"/sessions/image-input/#{token}")
+      conn = get(conn, ~p"/public/sessions/image-input/#{token}")
 
       assert conn.status == 200
       assert conn.resp_body == "rgb content"