Open
Description
While developing a client library for Rust, I've faced a problem.
When a template hash contains a /, there is no way to finalize the template, because Integresql doesn't use URL decoding when reads parameter :hash from an URL
Example
Template initialization
Request:
curl --location 'http://127.0.0.1:5000/api/v1/templates' \
--header 'Content-Type: application/json' \
--data '{
"hash": "aa/bb"
}'Response:
{
"database": {
"templateHash": "aa/bb",
"config": {
"host": "postgres",
"port": 5432,
"username": "user",
"password": "password",
"database": "integresql_template_aa/bb"
}
}
}Template finalization
Request:
curl --location --request PUT 'http://localhost:5000/api/v1/templates/aa/bb'Response:
{
"message": "Not Found"
}Template finalization with / encoded as %2F
Resquest:
```sh
curl --location --request PUT 'http://localhost:5000/api/v1/templates/aa%2Fbb'
```
Response:
{
"message": "template not found"
}Potential solution 1
Integresql must decode percent-encoded characters from parameters in URLs
Potential solution 2
Integresql must restrict the allowed character set for template hashes to only URL-safe symbols
Temporal solution
Restrict the allowed character set on the client side
Metadata
Assignees
Labels
No labels