redis-commander icon indicating copy to clipboard operation
redis-commander copied to clipboard

Published 20 hours ago verified publisher icon joeferner

fix proxy pass parsing on some keys #393

Open cbazureau opened this issue 3 years ago • 5 comments

Fix issues due to nginx proxy pass rewriting (https://serverfault.com/questions/459369/disabling-url-decoding-in-nginx-proxy)

For example if your key is a:b:{"url","https,//c.com"}

then redis-commander will call /key/<some-connectionId>/a%3Ab%3A%7B"url"%2C"https%2C%2F%2Fc.com"%7D that will become /key/<some-connectionId>/a:b:{"url","https,/c.com"} (with one slash) when received by redis-commander server.

See more on https://github.com/joeferner/redis-commander/issues/393

cbazureau avatar Nov 08 '21 13:11 cbazureau

Thanks for the PR - i was thinking about something similar too...

Do you checked https://developer.mozilla.org/de/docs/Web/API/btoa ? MDN mentions some browsers having problems with Unicode chars in btoa (and linked from this page https://developer.mozilla.org/en-US/docs/Glossary/Base64#solution_.232_.e2.80.93_rewriting_atob()_and_btoa()_using_typedarrays_and_utf-8) therefore the solution shall work too for all types of keys if possible.

It does not mention the browsers itself, tests with the most used ones is needed... And I did not implement it until know because base64 adds additional length to the strings, maybe there is a solution without this additional costs i did not thought of by now...

sseide avatar Nov 08 '21 13:11 sseide

Thanks for the feedback, i will look for a better solution (or an adjustment on current one)

cbazureau avatar Nov 08 '21 14:11 cbazureau

Do you found some time to test different browsers with your patch? Do the code versiones mentioned at MDN work too? This fix may (potentially) help on other cases too - having redis keys with binary data in it...

sseide avatar Nov 15 '21 08:11 sseide

I've got access to browserstack if needed but for me, as you said before, i think it can create/leave other problems (utf8 char, urls too long). For me the best way to fix it is to give up on the strict REST API and to use a POST /key/:connectionId/manipulate endpoint for get/edit/delete action. key and action will be on the body which eliminate all the problems once for all.

ex :

POST /key/:connectionId/manipulate
{
   "action": "get",
   "key": "a:b:{\"ur\l",\"https,//c.com\"}"
}

Ps: Do you get a purpose in keeping all apiv1 routes (they seem only used twice https://github.com/joeferner/redis-commander/search?q=apiv1) ?

cbazureau avatar Nov 15 '21 15:11 cbazureau

Regarding the v1 api - not really. Can be removed by now i think...

sseide avatar Jan 13 '22 12:01 sseide