Browse Source

Also apply base64 encoding to realm redirect paths and use URL-safe base64

pull/35/head
Kegan Dougal 8 years ago
parent
commit
24a2ffc6bb
  1. 16
      src/github.com/matrix-org/go-neb/api.go
  2. 5
      src/github.com/matrix-org/go-neb/types/types.go

16
src/github.com/matrix-org/go-neb/api.go

@ -63,8 +63,18 @@ type realmRedirectHandler struct {
func (rh *realmRedirectHandler) handle(w http.ResponseWriter, req *http.Request) { func (rh *realmRedirectHandler) handle(w http.ResponseWriter, req *http.Request) {
segments := strings.Split(req.URL.Path, "/") segments := strings.Split(req.URL.Path, "/")
// last path segment is the realm ID which we will pass the incoming request to
realmID := segments[len(segments)-1]
// last path segment is the base64d realm ID which we will pass the incoming request to
base64realmID := segments[len(segments)-1]
bytesRealmID, err := base64.RawURLEncoding.DecodeString(base64realmID)
realmID := string(bytesRealmID)
if err != nil {
log.WithError(err).WithField("base64_realm_id", base64realmID).Print(
"Not a b64 encoded string",
)
w.WriteHeader(400)
return
}
realm, err := rh.db.LoadAuthRealm(realmID) realm, err := rh.db.LoadAuthRealm(realmID)
if err != nil { if err != nil {
log.WithError(err).WithField("realm_id", realmID).Print("Failed to load realm") log.WithError(err).WithField("realm_id", realmID).Print("Failed to load realm")
@ -130,7 +140,7 @@ func (wh *webhookHandler) handle(w http.ResponseWriter, req *http.Request) {
// last path segment is the service ID which we will pass the incoming request to, // last path segment is the service ID which we will pass the incoming request to,
// but we've base64d it. // but we've base64d it.
base64srvID := segments[len(segments)-1] base64srvID := segments[len(segments)-1]
bytesSrvID, err := base64.StdEncoding.DecodeString(base64srvID)
bytesSrvID, err := base64.RawURLEncoding.DecodeString(base64srvID)
srvID := string(bytesSrvID) srvID := string(bytesSrvID)
if err != nil { if err != nil {
log.WithError(err).WithField("base64_service_id", base64srvID).Print( log.WithError(err).WithField("base64_service_id", base64srvID).Print(

5
src/github.com/matrix-org/go-neb/types/types.go

@ -74,7 +74,7 @@ func CreateService(serviceID, serviceType string, serviceJSON []byte) (Service,
return nil, errors.New("Unknown service type: " + serviceType) return nil, errors.New("Unknown service type: " + serviceType)
} }
base64ServiceID := base64.StdEncoding.EncodeToString([]byte(serviceID))
base64ServiceID := base64.RawURLEncoding.EncodeToString([]byte(serviceID))
webhookEndpointURL := baseURL + "services/hooks/" + base64ServiceID webhookEndpointURL := baseURL + "services/hooks/" + base64ServiceID
service := f(serviceID, webhookEndpointURL) service := f(serviceID, webhookEndpointURL)
if err := json.Unmarshal(serviceJSON, service); err != nil { if err := json.Unmarshal(serviceJSON, service); err != nil {
@ -109,7 +109,8 @@ func CreateAuthRealm(realmID, realmType string, realmJSON []byte) (AuthRealm, er
if f == nil { if f == nil {
return nil, errors.New("Unknown realm type: " + realmType) return nil, errors.New("Unknown realm type: " + realmType)
} }
redirectURL := baseURL + "realms/redirects/" + realmID
base64RealmID := base64.RawURLEncoding.EncodeToString([]byte(realmID))
redirectURL := baseURL + "realms/redirects/" + base64RealmID
r := f(realmID, redirectURL) r := f(realmID, redirectURL)
if err := json.Unmarshal(realmJSON, r); err != nil { if err := json.Unmarshal(realmJSON, r); err != nil {
return nil, err return nil, err

Loading…
Cancel
Save