From df8b5658a727a431ef228df7c14784aaea2ed561 Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sun, 30 Jun 2024 16:02:38 +0700 Subject: [PATCH] Use Base64Url form for paths. (#556) --- back/src/Kyoo.Core/Views/Helper/Transcoder.cs | 3 ++- transcoder/utils.go | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/back/src/Kyoo.Core/Views/Helper/Transcoder.cs b/back/src/Kyoo.Core/Views/Helper/Transcoder.cs index 43f25a8d..6a7ceb84 100644 --- a/back/src/Kyoo.Core/Views/Helper/Transcoder.cs +++ b/back/src/Kyoo.Core/Views/Helper/Transcoder.cs @@ -27,6 +27,7 @@ using Kyoo.Abstractions.Models.Permissions; using Kyoo.Abstractions.Models.Utils; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.WebUtilities; namespace Kyoo.Core.Api; @@ -54,7 +55,7 @@ public abstract class TranscoderApi(IRepository repository) : CrudThumbsAp private async Task _GetPath64(Identifier identifier) { string path = await GetPath(identifier); - return Convert.ToBase64String(Encoding.UTF8.GetBytes(path)); + return WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(path)); } /// diff --git a/transcoder/utils.go b/transcoder/utils.go index 9feaee4f..cd88c545 100644 --- a/transcoder/utils.go +++ b/transcoder/utils.go @@ -24,9 +24,9 @@ func GetPath(c echo.Context) (string, string, error) { if key == "" { return "", "", echo.NewHTTPError(http.StatusBadRequest, "Missing resouce path.") } - pathb, err := base64.StdEncoding.DecodeString(key) + pathb, err := base64.RawURLEncoding.DecodeString(key) if err != nil { - return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64 encoded.") + return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64url (without padding) encoded.") } path := filepath.Clean(string(pathb)) if !filepath.IsAbs(path) {