fix(recording): Limit config key length for request-upload configs#18449
Conversation
|
/backport to stable34 |
|
/backport to stable33 |
|
/backport to stable32 |
danxuliu
left a comment
There was a problem hiding this comment.
Rather than trimming, what about hashing the original key? Due to how the key is used I guess that even despite the trimming there will be no collisions/duplicates, but the hash should reduce the possibility even more.
| private function getUploadShareConfigKey(Room $room, string $fileName): string { | ||
| return self::APPCONFIG_UPLOAD_PREFIX . $room->getToken() . '/' . basename($fileName); | ||
| $originalKey = self::APPCONFIG_UPLOAD_PREFIX . $room->getToken() . '/' . basename($fileName); | ||
| $key = substr($originalKey, 0, 64); |
There was a problem hiding this comment.
Maybe we should extract 64 chars from the right side? If path to recording directory is long, there might be duplicate keys?
53d8754 to
943b7de
Compare
|
|
||
| private function getUploadShareConfigKey(Room $room, string $fileName): string { | ||
| return self::APPCONFIG_UPLOAD_PREFIX . $room->getToken() . '/' . basename($fileName); | ||
| return self::APPCONFIG_UPLOAD_PREFIX . $room->getToken() . '/' . sha1(basename($fileName)); |
There was a problem hiding this comment.
so it's 10 (prefix) + 10 (token) + '/' + 40 (hash) now?
There was a problem hiding this comment.
yes, which is <= 64 and therefor okay
There was a problem hiding this comment.
But tokens can be up to 30 characters long, no? Or am I misunderstanding the entropy parameter? 🤔
Signed-off-by: Joas Schilling <coding@schilljs.com>
943b7de to
a2fb60c
Compare
danxuliu
left a comment
There was a problem hiding this comment.
Temporary blocking the auto-merge until the comment about the token length is clarified.
☑️ Resolves
Upload with a long filename otherwise causes an error:
🛠️ API Checklist
🏁 Checklist
docs/has been updated or is not required