Skip to content

Commit

Permalink
chore: safe base64 decode ipa name
Browse files Browse the repository at this point in the history
  • Loading branch information
@xhofe
xhofe committed Sep 18, 2022
1 parent 24d58f2 commit 2185839
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 14 deletions.
19 changes: 19 additions & 0 deletions pkg/utils/hash.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package utils
import (
"crypto/md5"
"crypto/sha1"
"encoding/base64"
"encoding/hex"
"strings"
)

func GetSHA1Encode(data string) string {
Expand All @@ -17,3 +19,20 @@ func GetMD5Encode(data string) string {
h.Write([]byte(data))
return hex.EncodeToString(h.Sum(nil))
}

var DEC = map[string]string{
"-": "+",
"_": "/",
".": "=",
}

func SafeAtob(data string) (string, error) {
for k, v := range DEC {
data = strings.ReplaceAll(data, k, v)
}
bytes, err := base64.StdEncoding.DecodeString(data)
if err != nil {
return "", err
}
return string(bytes), err
}
24 changes: 10 additions & 14 deletions server/handles/helper.go
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
package handles

import (
"encoding/base64"
"fmt"
"net/url"
"strings"

"github.com/alist-org/alist/v3/internal/conf"
"github.com/alist-org/alist/v3/internal/setting"
"github.com/alist-org/alist/v3/pkg/utils"
"github.com/alist-org/alist/v3/server/common"
"github.com/gin-gonic/gin"
)
Expand All @@ -16,30 +16,26 @@ func Favicon(c *gin.Context) {
c.Redirect(302, setting.GetStr(conf.Favicon))
}

var DEC = map[string]string{
"-": "+",
"_": "/",
".": "=",
}

func Plist(c *gin.Context) {
link := c.Param("link")
for k, v := range DEC {
link = strings.ReplaceAll(link, k, v)
}
u, err := base64.StdEncoding.DecodeString(link)
u, err := utils.SafeAtob(link)
if err != nil {
common.ErrorResp(c, err, 500)
common.ErrorResp(c, err, 400)
return
}
uUrl, err := url.Parse(string(u))
uUrl, err := url.Parse(u)
if err != nil {
common.ErrorResp(c, err, 500)
common.ErrorResp(c, err, 400)
return
}
fullName := c.Param("name")
Url := uUrl.String()
fullName = strings.TrimSuffix(fullName, ".plist")
fullName, err = utils.SafeAtob(fullName)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
name := fullName
identifier := fmt.Sprintf("ci.nn.%s", url.PathEscape(fullName))
sep := "@"
Expand Down

0 comments on commit 2185839

Please sign in to comment.