fix(daemon): Don't use the raw path if we need to sanitize filters

Using the raw path sabotages the filter sanitization.
2025-01-08 14:18:08 -05:00 · 2022-02-02 14:41:18 +01:00 · 2022-02-02 14:41:18 +01:00 · c89e87c22a
commit c89e87c22a
parent e5fb0b7f17
1 changed files with 10 additions and 3 deletions
--- a/pantalaimon/daemon.py
+++ b/pantalaimon/daemon.py
@ -460,6 +460,7 @@ class ProxyDaemon:
        data=None,  # type: bytes
        session=None,  # type: aiohttp.ClientSession
        token=None,  # type: str
+        use_raw_path=True,  # type: bool
    ):
        # type: (...) -> aiohttp.ClientResponse
        """Forward the given request to our configured homeserver.
@ -474,6 +475,10 @@ class ProxyDaemon:
                should be used to forward the request.
            token (str, optional): The access token that should be used for the
                request.
+            use_raw_path (str, optional): Should the raw path be used from the
+            request or should we use the path and re-encode it. Some may need
+            their filters to be sanitized, this requires the parsed version of
+            the path, otherise we leave the path as is.
        """
        if not session:
            if not self.default_session:
@ -482,7 +487,7 @@ class ProxyDaemon:

        assert session

-        path = request.raw_path
+        path = request.raw_path if use_raw_path else urllib.parse.quote(request.path)
        method = request.method

        headers = CIMultiDict(request.headers)
@ -761,7 +766,7 @@ class ProxyDaemon:

        try:
            response = await self.forward_request(
-                request, params=query, token=client.access_token
+                request, params=query, token=client.access_token, use_raw_path=False
            )
        except ClientConnectionError as e:
            return web.Response(status=500, text=str(e))
@ -809,7 +814,9 @@ class ProxyDaemon:
            query["filter"] = request_filter

        try:
-            response = await self.forward_request(request, params=query)
+            response = await self.forward_request(
+                request, params=query, use_raw_path=False
+            )
        except ClientConnectionError as e:
            return web.Response(status=500, text=str(e))