From fcf1f15e4280419439412a796fd054da37514a92 Mon Sep 17 00:00:00 2001 From: Lowder Date: Tue, 10 Oct 2023 18:26:54 +0500 Subject: [PATCH] fix: use base64url to encode the migration param --- bot/main.py | 8 ++++++-- src/migration/import.ts | 10 +++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/bot/main.py b/bot/main.py index 2a525a9..64e6f88 100644 --- a/bot/main.py +++ b/bot/main.py @@ -19,14 +19,18 @@ async def migrate(update: Update, context: ContextTypes.DEFAULT_TYPE): - data = urllib.parse.quote_plus(update.message.web_app_data.data) + data = update.message.web_app_data.data - qr = qrcode.make(f"otpauth-migration://offline?data={data}") + urlencoded = urllib.parse.quote_plus(data) + + qr = qrcode.make(f"otpauth-migration://offline?data={urlencoded}") qr_bytes = BytesIO() qr_bytes.name = "image.png" qr.save(qr_bytes, "png") qr_bytes.seek(0) + data = data.replace("+", "-").replace("/", "_").replace("=", "") + url = f"{app_tg}?startapp={data}" await context.bot.send_photo(chat_id=update.effective_chat.id, diff --git a/src/migration/import.ts b/src/migration/import.ts index 56ff28d..9ccc091 100644 --- a/src/migration/import.ts +++ b/src/migration/import.ts @@ -7,9 +7,17 @@ export default function decodeGoogleAuthenticator(uri: string): Account[] | null if (!uri.startsWith("otpauth-migration://offline")) return null; const url = new URL(uri); - const dataParam = url.searchParams.get("data"); + let dataParam = url.searchParams.get("data"); if (!dataParam) return null; + // Convert from base64url + dataParam = dataParam + .replace(/-/g, '+') + .replace(/_/g, '/'); + + const pad = dataParam.length % 4; + dataParam += "=".repeat(pad); + const buffer = Uint8Array.from(atob(dataParam), (c) => c.charCodeAt(0)); let payload;