Skip to content

diactric fix #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Apr 2, 2024
Merged

diactric fix #63

merged 12 commits into from
Apr 2, 2024

Conversation

ankur-dwivedi
Copy link

@ankur-dwivedi ankur-dwivedi commented Feb 26, 2024
edited
Loading

@codecov Codecov
Copy link

codecov bot commented Feb 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.79%. Comparing base (0125fd2) to head (ae6dcb2).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #63      +/-   ##
==========================================
+ Coverage   93.74%   93.79%   +0.05%     
==========================================
  Files          63       63              
  Lines        1630     1644      +14     
==========================================
+ Hits         1528     1542      +14     
  Misses        102      102

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

aman051197
aman051197 reviewed Feb 28, 2024
View reviewed changes
imagekitio/url.py Outdated
encoded_path = Url.encode_string_if_required(path)
encoded_url = url[:last_slash_pos + 1] + encoded_path + url[question_mark_pos:] if question_mark_pos != -1 else url[:last_slash_pos + 1] + encoded_path
url = encoded_url
print(url)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unnecessary print statement.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@aman051197 aman051197 mentioned this pull request Feb 28, 2024
Merged
aman051197
aman051197 reviewed Feb 28, 2024
View reviewed changes
imagekitio/url.py Outdated
Comment on lines 133 to 138
last_slash_pos = url.rfind('/')
question_mark_pos = url.find('?', last_slash_pos)
path = url[last_slash_pos + 1:question_mark_pos] if question_mark_pos != -1 else url[last_slash_pos + 1:]
encoded_path = Url.encode_string_if_required(path)
encoded_url = url[:last_slash_pos + 1] + encoded_path + url[question_mark_pos:] if question_mark_pos != -1 else url[:last_slash_pos + 1] + encoded_path
url = encoded_url
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic is wrong. Please refer this document on how to generate signed Url: https://docs.imagekit.io/features/security/signed-urls#generating-signed-urls

This will generate wrong signature for any asset not in root i.e. if url is
https://ik.imagekit.io/test_url_endpoint/folder,test/four-penguins-with-é.webp?q=rt it will only encode four-penguins-with-é.webp and not /folder,test/four-penguins-with-é.webp.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have updated the logic with relevant test cases

aman051197
aman051197 reviewed Mar 1, 2024
View reviewed changes
imagekitio/url.py Outdated
return Default.CHAIN_TRANSFORM_DELIMITER.value.join(parsed_transforms)

@staticmethod
def custom_encodeURIComponent(url_str):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rename it to "encodeURI" because the functionality is similar to "encodeURI" in javascript and not "encodeURIComponent".

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

aman051197
aman051197 reviewed Mar 1, 2024
View reviewed changes
imagekitio/url.py Outdated
encoded_url = f"{parsed_url.scheme}://{parsed_url.netloc}"
encoded_url +=quote(parsed_url.path, safe='~@#$&()*!+=:;,?/\'')
if(parsed_url.query):
encoded_url = encoded_url+"?"+quote(unquote(parsed_url.query), safe='~@#$&()*!+=:;?/\'')
Copy link

@aman051197 aman051197 Mar 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide a comment explaining the reasoning behind quote(unquote(parsed_url.query), safe='~@#$&()*!+=:;?/\'') for future reference and also mention the reference/link used for the logic of this custom "encodeURI" function.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

imagekitio/url.py Outdated
def custom_encodeURIComponent(url_str):
parsed_url = urlparse(url_str)
encoded_url = f"{parsed_url.scheme}://{parsed_url.netloc}"
encoded_url +=quote(parsed_url.path, safe='~@#$&()*!+=:;,?/\'')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is encoding imagekitId as well. We need to keep the logic exactly same as given here: https://docs.imagekit.io/features/security/signed-urls#pseudo-code-for-signed-url-generation, i.e. use url_endpoint to extract the string to encode from url in get_signature function above.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

imagekitio/url.py Outdated

@staticmethod
def get_signature(private_key, url, url_endpoint, expiry_timestamp: int) -> str:
url = Url.encode_string_if_required(url)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be better to call Url.encode_string_if_required(url) this down the line when on the replaced_url which we actually used for signature generation? It would save the unnecessary logic in custom_encodeURIComponent of replacing url_endpoint from url, thereby simplifying the code.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

aman051197
aman051197 reviewed Mar 1, 2024
View reviewed changes
imagekitio/url.py Outdated
# This function ensures that characters in the query are properly encoded. While some characters are already encoded, others require encoding for correct processing.
encoded_url = quote(url_str.split('?')[0], safe='~@#$&()*!+=:;,?/\'')+"?"+quote(unquote(url_str.split('?')[1]), safe='~@#$&()*!+=:;?/\'')
else:
encoded_url = quote(url_str.split('?')[0], safe='~@#$&()*!+=:;,?/\'')
Copy link

@aman051197 aman051197 Mar 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why we are splitting on ? here in else condition?
Replace url_str.split('?')[0] with url_str.
Also make '~@#$&()*!+=:;?/\'' a separate variable and use that for better code readability.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

@imagekitio imagekitio merged commit 694c7b9 into master Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahnv ahnv ahnv approved these changes

+1 more reviewer

@aman051197 aman051197 aman051197 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ankur-dwivedi @ahnv @aman051197 @imagekitio