[Hotfix] Fixing direct link encoding (#6131)

2022-12-20 20:00:33 -03:00 · 2022-12-20 20:00:33 -03:00 · 7a6349b4c0
parent 3b51fff88d
commit 7a6349b4c0
5 changed files with 16 additions and 8 deletions
--- a/apps/web/package.json
+++ b/apps/web/package.json
@ -64,6 +64,7 @@
    "@vercel/og": "^0.0.21",
    "accept-language-parser": "^1.5.0",
    "async": "^3.2.4",
+    "base64url": "^3.0.1",
    "bcryptjs": "^2.4.3",
    "classnames": "^2.3.1",
    "dotenv-cli": "^6.0.0",
--- a/apps/web/pages/booking/direct/[...link].tsx
+++ b/apps/web/pages/booking/direct/[...link].tsx
@ -1,6 +1,6 @@
 import { BookingStatus } from "@prisma/client";
+import base64url from "base64url";
 import { createHmac } from "crypto";
-import { instance } from "gaxios";
 import { GetServerSidePropsContext } from "next";
 import { useRouter } from "next/router";
 import { useState } from "react";
@ -46,13 +46,13 @@ const requestSchema = z.object({
    .superRefine((data, ctx) => {
      refineParse(actionSchema.safeParse(data[0]), ctx);
      const signedData = `${data[1]}/${data[2]}`;
-      const sig = createHmac("sha1", CALENDSO_ENCRYPTION_KEY).update(signedData).digest("base64");
+      const sha1 = createHmac("sha1", CALENDSO_ENCRYPTION_KEY).update(signedData).digest();
+      const sig = base64url(sha1);
      if (data[3] !== sig) {
        ctx.addIssue({
          message: pageErrors.signature_mismatch,
          code: "custom",
        });
-        console.log(signedData, data, data[3], "==", sig);
      }
    }),
  reason: z.string().optional(),
@ -175,7 +175,7 @@ export default function Directlink({ booking, reason, status }: inferSSRProps<ty
                        {t(getRecipientStart("MMMM").toLowerCase())} {getRecipientStart("D, YYYY")}
                        <br />
                        {getRecipientStart("h:mma")} - {getRecipientEnd("h:mma")}{" "}
-                        <span style={{ color: "#888888" }}>({booking.attendees[0].timeZone})</span>
+                        <span style={{ color: "#888888" }}>({booking?.user?.timeZone})</span>
                      </div>
                      {(booking?.user || booking?.attendees) && (
                        <>
--- a/packages/emails/src/components/CallToAction.tsx
+++ b/packages/emails/src/components/CallToAction.tsx
@ -27,7 +27,7 @@ export const CallToAction = (props: { label: string; href: string; secondary?: b
      target="_blank"
      rel="noreferrer">
      {props.label}
-      <LinkIcon secondary />
+      <LinkIcon secondary={props.secondary} />
    </a>
  </p>
 );
--- a/packages/emails/src/templates/OrganizerRequestEmail.tsx
+++ b/packages/emails/src/templates/OrganizerRequestEmail.tsx
@ -1,3 +1,4 @@
+import base64url from "base64url";
 import { createHmac } from "crypto";

 import { CallToAction, CallToActionTable, Separator } from "../components";
@ -7,7 +8,8 @@ const CALENDSO_ENCRYPTION_KEY = process.env.CALENDSO_ENCRYPTION_KEY || "";

 export const OrganizerRequestEmail = (props: React.ComponentProps<typeof OrganizerScheduledEmail>) => {
  const signedData = `${props.attendee.email}/${props.calEvent.uid}`;
-  const signature = createHmac("sha1", CALENDSO_ENCRYPTION_KEY).update(signedData).digest("base64");
+  const sha1 = createHmac("sha1", CALENDSO_ENCRYPTION_KEY).update(signedData).digest();
+  const signature = base64url(sha1);
  return (
    <OrganizerScheduledEmail
      title={
@ -24,7 +26,7 @@ export const OrganizerRequestEmail = (props: React.ComponentProps<typeof Organiz
            label={props.calEvent.organizer.language.translate("accept")}
            href={`${process.env.NEXT_PUBLIC_WEBAPP_URL}/booking/direct/accept/${encodeURIComponent(
              props.attendee.email
-            )}/${encodeURIComponent(props.calEvent.uid as string)}/${encodeURIComponent(signature)}`}
+            )}/${encodeURIComponent(props.calEvent.uid as string)}/${signature}`}
          />
          <Separator />
          <CallToAction
@ -32,7 +34,7 @@ export const OrganizerRequestEmail = (props: React.ComponentProps<typeof Organiz
            secondary
            href={`${process.env.NEXT_PUBLIC_WEBAPP_URL}/booking/direct/reject/${encodeURIComponent(
              props.attendee.email
-            )}/${encodeURIComponent(props.calEvent.uid as string)}/${encodeURIComponent(signature)}`}
+            )}/${encodeURIComponent(props.calEvent.uid as string)}/${signature}`}
          />
        </CallToActionTable>
      }
--- a/yarn.lock
+++ b/yarn.lock
@ -10237,6 +10237,11 @@ base64-url@^2.2.0:
  resolved "https://registry.yarnpkg.com/base64-url/-/base64-url-2.3.3.tgz#645b71455c75109511f27d98450327e455f488ec"
  integrity sha512-dLMhIsK7OplcDauDH/tZLvK7JmUZK3A7KiQpjNzsBrM6Etw7hzNI1tLEywqJk9NnwkgWuFKSlx/IUO7vF6Mo8Q==

+base64url@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
+  integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
+
 base@^0.11.1:
  version "0.11.2"
  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"