Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-24 02:02:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use Base64Url form for paths. (#556)

Browse Source
This commit is contained in:
Zoe Roux 2024-06-30 16:02:38 +07:00 committed by GitHub
parent 5b8cebfc21
commit df8b5658a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
back/src/Kyoo.Core/Views/Helper/Transcoder.cs
View File

@ -27,6 +27,7 @@ using Kyoo.Abstractions.Models.Permissions;
using Kyoo.Abstractions.Models.Utils; using Kyoo.Abstractions.Models.Utils;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.WebUtilities;
namespace Kyoo.Core.Api; namespace Kyoo.Core.Api;
@ -54,7 +55,7 @@ public abstract class TranscoderApi<T>(IRepository<T> repository) : CrudThumbsAp
private async Task<string> _GetPath64(Identifier identifier) private async Task<string> _GetPath64(Identifier identifier)
{ {
string path = await GetPath(identifier); string path = await GetPath(identifier);
return Convert.ToBase64String(Encoding.UTF8.GetBytes(path)); return WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(path));
} }
/// <summary> /// <summary>

4
transcoder/utils.go
View File

@ -24,9 +24,9 @@ func GetPath(c echo.Context) (string, string, error) {
if key == "" { if key == "" {
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Missing resouce path.") return "", "", echo.NewHTTPError(http.StatusBadRequest, "Missing resouce path.")
} }
pathb, err := base64.StdEncoding.DecodeString(key) pathb, err := base64.RawURLEncoding.DecodeString(key)
if err != nil { if err != nil {
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64 encoded.") return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64url (without padding) encoded.")
} }
path := filepath.Clean(string(pathb)) path := filepath.Clean(string(pathb))
if !filepath.IsAbs(path) { if !filepath.IsAbs(path) {