uqbar-dao/nectar
1
1
Fork 0
mirror of https://github.com/uqbar-dao/nectar.git synced 2024-12-30 03:52:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow :, . in SSDs in auth cookie

Browse Source
This commit is contained in:
dr-frmr 2024-12-04 12:20:32 -05:00
parent 41714aad7b
commit f602811a03
No known key found for this signature in database
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kinode/src/http/server.rs
View File

@ -376,10 +376,12 @@ async fn login_handler(
let cookie = match info.subdomain.unwrap_or_default().as_str() {
"" => format!("kinode-auth_{our}={token};"),
subdomain => {
// enforce that subdomain string only contains a-z, 0-9, and -
// enforce that subdomain string only contains a-z, 0-9, ., :, and -
let subdomain = subdomain
.chars()
.filter(|c| c.is_ascii_alphanumeric() || c == &'-')
.filter(|c| {
c.is_ascii_alphanumeric() || c == &'-' || c == &':' || c == &'.'
})
.collect::<String>();
format!("kinode-auth_{our}@{subdomain}={token};")
}