fix: Handle special characters in feed name

Author: ybizeul

internal/feed/feed.go

@@ -5,6 +5,7 @@ import (
 	"io"
 	"io/fs"
 	"net/http"
+	"net/url"
 	"os"
 	"path"
 	"path/filepath"
@@ -62,7 +63,7 @@ func NewFeed(basePath string, feedName string) (*Feed, error) {
 	secret := uuid.NewString()
 	err = os.WriteFile(path.Join(basePath, feedName, "secret"), []byte(secret), 0600)
 	if err != nil {
-		log.Errorf("Unable towrite file %s", err.Error())
+		log.Errorf("Unable to write file %s", err.Error())
 		return nil, err
 	}
 	return &Feed{
@@ -340,3 +341,15 @@ func (feed *Feed) SetPIN(pin string) error {
 	}
 	return nil
 }
+
+func FeedNameFromPath(path string) (*string, error) {
+	s := strings.Split(path, "/")
+	if len(s) < 4 {
+		return nil, fmt.Errorf("No feed in URL (not enough components)")
+	}
+	result, err := url.QueryUnescape(s[3])
+	if err != nil {
+		return nil, err
+	}
+	return &result, nil
+}

internal/handlers/handlers.go

@@ -102,19 +102,26 @@ func (api *ApiHandler) feedHandlerFunc(w http.ResponseWriter, r *http.Request) {
 
 	secret, fromURL := utils.GetSecret(r)
 
-	feedName := strings.Split(r.URL.Path, "/")[3]
+	feedName, err := feed.FeedNameFromPath(r.URL.Path)
 
-	f, err := feed.GetFeed(api.BasePath, feedName, secret)
+	if err != nil {
+		utils.CloseWithCodeAndMessage(w, 500, "Unable to unescape feed name")
+	}
+
+	f, err := feed.GetFeed(api.BasePath, *feedName, secret)
 
 	if err != nil {
 		yberr := err.(*feed.FeedError)
 		if yberr.Code == 404 {
-			f, err = feed.NewFeed(api.BasePath, feedName)
-
+			f, err = feed.NewFeed(api.BasePath, *feedName)
+			if err != nil {
+				yberr := err.(*feed.FeedError)
+				utils.CloseWithCodeAndMessage(w, yberr.Code, yberr.Error())
+			}
 			http.SetCookie(w, &http.Cookie{
 				Name:    "Secret",
 				Value:   f.Secret,
-				Path:    fmt.Sprintf("/api/feed/%s", feedName),
+				Path:    fmt.Sprintf("/api/feed/%s", *feedName),
 				Expires: time.Now().Add(time.Hour * 24 * 365 * 10),
 			})
 		} else {
@@ -127,7 +134,7 @@ func (api *ApiHandler) feedHandlerFunc(w http.ResponseWriter, r *http.Request) {
 		http.SetCookie(w, &http.Cookie{
 			Name:    "Secret",
 			Value:   f.Secret,
-			Path:    fmt.Sprintf("/api/feed/%s", feedName),
+			Path:    fmt.Sprintf("/api/feed/%s", *feedName),
 			Expires: time.Now().Add(time.Hour * 24 * 365 * 10),
 		})
 	}
@@ -144,9 +151,9 @@ func (api *ApiHandler) feedPatchHandlerFunc(w http.ResponseWriter, r *http.Reque
 	slog.Default().WithGroup("http").Debug("Feed API Set PIN request", slog.Any("request", r))
 	secret, _ := utils.GetSecret(r)
 
-	feedName := strings.Split(r.URL.Path, "/")[3]
+	feedName, err := feed.FeedNameFromPath(r.URL.Path)
 
-	f, err := feed.GetFeed(api.BasePath, feedName, secret)
+	f, err := feed.GetFeed(api.BasePath, *feedName, secret)
 
 	if err != nil {
 		yberr := err.(*feed.FeedError)
@@ -172,9 +179,9 @@ func (api *ApiHandler) feedItemHandlerFunc(w http.ResponseWriter, r *http.Reques
 
 	secret, _ := utils.GetSecret(r)
 
-	feedName := strings.Split(r.URL.Path, "/")[3]
+	feedName, err := feed.FeedNameFromPath(r.URL.Path)
 
-	f, err := feed.GetFeed(api.BasePath, feedName, secret)
+	f, err := feed.GetFeed(api.BasePath, *feedName, secret)
 
 	if err != nil {
 		yberr := err.(*feed.FeedError)
@@ -205,9 +212,9 @@ func (api *ApiHandler) feedPostHandlerFunc(w http.ResponseWriter, r *http.Reques
 
 	secret, _ := utils.GetSecret(r)
 
-	feedName := strings.Split(r.URL.Path, "/")[3]
+	feedName, err := feed.FeedNameFromPath(r.URL.Path)
 
-	f, err := feed.GetFeed(api.BasePath, feedName, secret)
+	f, err := feed.GetFeed(api.BasePath, *feedName, secret)
 
 	if err != nil {
 		yberr := err.(*feed.FeedError)
@@ -234,9 +241,9 @@ func (api *ApiHandler) feedItemDeleteHandlerFunc(w http.ResponseWriter, r *http.
 
 	secret, _ := utils.GetSecret(r)
 
-	feedName := strings.Split(r.URL.Path, "/")[3]
+	feedName, err := feed.FeedNameFromPath(r.URL.Path)
 
-	f, err := feed.GetFeed(api.BasePath, feedName, secret)
+	f, err := feed.GetFeed(api.BasePath, *feedName, secret)
 
 	if err != nil {
 		yberr := err.(*feed.FeedError)

web/ui/src/YBFeed/YBBreadCrumb.tsx

@@ -15,7 +15,7 @@ export function YBBreadCrumb() {
 
   if (p.length > 1 && p[1] !== "") {
     items.push({
-      title: window.location.pathname.split("/")[1],
+      title: decodeURIComponent(window.location.pathname.split("/")[1]),
     })
   }
   return (

web/ui/src/YBFeed/YBFeedItemImage.tsx

@@ -26,7 +26,7 @@ export function FeedItemImage(props:FeedItemProps) {
             img.onload = imageLoaded
 
         })
-        img.src = "/api/feed/"+feed+"/"+name
+        img.src = "/api/feed/"+encodeURIComponent(feed)+"/"+name
 
         let mime = 'image/png'
         navigator.clipboard.write([new ClipboardItem({[mime]:imageDataPromise})])
@@ -43,7 +43,7 @@ export function FeedItemImage(props:FeedItemProps) {
         <div className="itemContainer">
             <div className="itemImg">
                 <Image
-                src={"/api/feed/"+feed+"/"+name}
+                src={"/api/feed/"+encodeURIComponent(feed)+"/"+name}
                 preview={false}
                 />
                 {showCopyButton?

web/ui/src/YBFeed/YBFeedItemText.tsx

@@ -15,7 +15,7 @@ export function FeedItemText(props:FeedItemProps) {
     }
 
     useEffect(() => {
-        fetch("/api/feed/"+feed+"/"+name,{
+        fetch("/api/feed/"+encodeURIComponent(feed)+"/"+name,{
             credentials: "include"
             })
         .then(r => {

web/ui/src/YBFeed/YBPasteCard.tsx

@@ -39,7 +39,7 @@ export function YBPasteCard(props:PasteCardProps) {
 
         const requestHeaders: HeadersInit = new Headers();
         requestHeaders.set("Content-Type", type)
-        fetch("/api/feed/" + feed,{
+        fetch("/api/feed/" + encodeURIComponent(feed!),{
             method: "POST",
             body: data,
             headers: requestHeaders,
@@ -52,7 +52,7 @@ export function YBPasteCard(props:PasteCardProps) {
     const handleFinish = () => {
         const requestHeaders: HeadersInit = new Headers();
         requestHeaders.set("Content-Type", "text/plain")
-        fetch("/api/feed/" + feed,{
+        fetch("/api/feed/" + encodeURIComponent(feed!),{
             method: "POST",
             body: textFieldValue,
             headers: requestHeaders,

web/ui/src/routes/feed.tsx

@@ -44,7 +44,7 @@ export default function FeedComponent() {
     // Update feed is run every 2s or o, some events
     //
     function update() {
-        fetch("/api/feed/"+feed,{
+        fetch("/api/feed/"+encodeURIComponent(feed!),{
             credentials: "include"
           })
         .then(r => {

web/ui/src/routes/root.tsx

@@ -9,7 +9,7 @@ export default function Root() {
     const [goToPath,setGoToPath] = useState("")
 
     const handleFinish = (values: any) => {
-        setGoToPath("/" + feed)
+        setGoToPath("/" + encodeURIComponent(feed))
     }
 
     if (window.location.pathname !== "/") {