Better hashed iv from the queryString;

homebase-id · Dec 11, 2023 · 04a8cec · 04a8cec
1 parent 201f2a0
commit 04a8cec
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/js-lib/src/core/InterceptionEncryptionUtil.ts b/packages/js-lib/src/core/InterceptionEncryptionUtil.ts
@@ -30,8 +30,17 @@ export const encryptData = async (data: string, iv: Uint8Array, ss: Uint8Array)
 export const buildIvFromQueryString = async (querystring: string) => {
   const searchParams = new URLSearchParams(querystring);
 
-  const uniqueQueryKey =
-    searchParams.get('fileId') || (searchParams.has('alias') ? querystring : undefined);
+  const uniqueQueryKey = (() => {
+    // Check if it's a direct file request
+    if (searchParams.has('fileId'))
+      return `${searchParams.get('fileId')} ${
+        searchParams.get('key') || searchParams.get('payloadKey')
+      }-${searchParams.get('height')}x${searchParams.get('width')}`;
+    // Check if it's a query-batch/modifed request; Queries on a single drive (alias)
+    else if (searchParams.has('alias')) return querystring;
+    // undefined => and we'll use a random IV
+    else return undefined;
+  })();
 
   const hashedQueryKey =
     uniqueQueryKey && typeof crypto.subtle.digest !== 'undefined'