shrine icon indicating copy to clipboard operation
shrine copied to clipboard
verified publisher icon shrinerb

Download Endpoint returns http 500 for invalid urls

Open claasz opened this issue 3 years ago • 0 comments

Using the download_endpoint plugin, files can be accessed via /attachments/eyJpZCI6ImFkdzlyeTM.... As far as I understand, eyJpZCI6ImFkdzlyeTM... is some base64 encoded data.

However, when a client calls the app with some invalid url like /attachments/dontwork, /attachments/dont%20work etc., Base64 or even JSON exceptions would happen, causing in the end a HTTP 500 response.

Expected behavior

Since it's the client's fault to provide the invalid url, response code should be in the 4xx range, e.g. 400 or 404.

Workaround

Similar to https://github.com/shrinerb/shrine/issues/145#issuecomment-284223082, you could wrap mount in a constraints block like

  constraints(AttachmentConstraint) do
    mount Shrine::DownloadEndpoint => "/attachments"
  end

copy the code from UrlsafeSerialization into AttachmentConstraint, catch the exception, and prevent the route matching. This doesn't look like a good solution.

claasz avatar Aug 02 '22 12:08 claasz