integresql icon indicating copy to clipboard operation
integresql copied to clipboard
verified publisher icon allaboutapps

Non-URL-safe symbols in hashes

Open Rudomitori opened this issue 11 months ago • 0 comments

While developing a client library for Rust, I've faced a problem. When a template hash contains a /, there is no way to finalize the template, because Integresql doesn't use URL decoding when reads parameter :hash from an URL

Example

Template initialization

Request:

curl --location 'http://127.0.0.1:5000/api/v1/templates' \
--header 'Content-Type: application/json' \
--data '{
    "hash": "aa/bb"
}'

Response:

{
    "database": {
        "templateHash": "aa/bb",
        "config": {
            "host": "postgres",
            "port": 5432,
            "username": "user",
            "password": "password",
            "database": "integresql_template_aa/bb"
        }
    }
}
Template finalization

Request:

curl --location --request PUT 'http://localhost:5000/api/v1/templates/aa/bb'

Response:

{
    "message": "Not Found"
}
Template finalization with / encoded as %2F Resquest: ```sh curl --location --request PUT 'http://localhost:5000/api/v1/templates/aa%2Fbb' ```

Response:

{
    "message": "template not found"
}

Potential solution 1

Integresql must decode percent-encoded characters from parameters in URLs

Potential solution 2

Integresql must restrict the allowed character set for template hashes to only URL-safe symbols

Temporal solution

Restrict the allowed character set on the client side

Rudomitori avatar Jan 19 '25 08:01 Rudomitori