encode uri components · leaflet.pub/leaflet@e55e0a5

leaflet.pub / leaflet

fork atom

a tool for shared writing and social publishing

fork atom

encode uri components

awarm.space 9 months ago e55e0a53 3fbb03d9

+11 -7

1 changed file

expand all

middleware.ts

+11 -7

middleware.ts

··· 81 81 let payload = btoa(JSON.stringify(token)); 82 82 let signature = await signCrossSiteToken(payload); 83 83 return NextResponse.redirect( 84 - `https://leaflet.pub${auth_callback_route}?payload=${payload}&signature=${signature}`, 84 + `https://leaflet.pub${auth_callback_route}?payload=${encodeURIComponent(payload)}&signature=${encodeURIComponent(signature)}`, 85 85 ); 86 86 } 87 87 ··· 92 92 if (typeof payload !== "string" || typeof signature !== "string") 93 93 return new NextResponse("Payload or Signature not string", { status: 401 }); 94 94 95 - let verifySig = await signCrossSiteToken(decodeURIComponent(payload)); 96 - if (verifySig !== decodeURIComponent(signature)) 95 + payload = decodeURIComponent(payload); 96 + signature = decodeURIComponent(signature); 97 + 98 + let verifySig = await signCrossSiteToken(payload); 99 + if (verifySig !== signature) 97 100 return new NextResponse("Incorrect Signature", { status: 401 }); 98 101 99 102 let token: CROSS_SITE_AUTH_REQUEST = JSON.parse(atob(payload)); ··· 108 111 let response_payload = btoa(JSON.stringify(response_token)); 109 112 let sig = await signCrossSiteToken(response_payload); 110 113 return NextResponse.redirect( 111 - `https://${redirect_url.host}${receive_auth_callback_route}?payload=${response_payload}&signature=${sig}`, 114 + `https://${redirect_url.host}${receive_auth_callback_route}?payload=${encodeURIComponent(response_payload)}&signature=${encodeURIComponent(sig)}`, 112 115 ); 113 116 } 114 117 ··· 118 121 119 122 if (typeof payload !== "string" || typeof signature !== "string") 120 123 return new NextResponse(null, { status: 401 }); 124 + payload = decodeURIComponent(payload); 125 + signature = decodeURIComponent(signature); 121 126 122 - let verifySig = await signCrossSiteToken(decodeURIComponent(payload)); 123 - if (verifySig !== decodeURIComponent(signature)) 124 - return new NextResponse(null, { status: 401 }); 127 + let verifySig = await signCrossSiteToken(payload); 128 + if (verifySig !== signature) return new NextResponse(null, { status: 401 }); 125 129 126 130 let token: CROSS_SITE_AUTH_RESPONSE = JSON.parse(atob(payload)); 127 131