Skip to content

Commit

Permalink
fix(updater): encode version when making requests (#1816)
Browse files Browse the repository at this point in the history
* fix(updater): encode version when making requests

ref: tauri-apps/tauri#10908

* Update .changes/updater-endpoint-version-encoded.md

* only skip `+`

* fmt

* use normal const
  • Loading branch information
amrbashir authored Sep 20, 2024
1 parent 6bf1bd8 commit 221f50f
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 5 deletions.
5 changes: 5 additions & 0 deletions .changes/updater-endpoint-version-encoded.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'updater': 'patch'
---

Encode `+` when making updater requests which can be cause incorrectly interpolating the endpoint when using `{{current_version}}` in the endpoint where the current version contains a build number, for example `1.8.0+1`.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions plugins/updater/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ semver = { version = "1", features = ["serde"] }
futures-util = "0.3"
tempfile = "3"
infer = "0.16"
percent-encoding = "2.3"

[target."cfg(target_os = \"windows\")".dependencies]
zip = { version = "2", default-features = false, optional = true }
Expand Down
14 changes: 9 additions & 5 deletions plugins/updater/src/updater.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ use base64::Engine;
use futures_util::StreamExt;
use http::HeaderName;
use minisign_verify::{PublicKey, Signature};
use percent_encoding::{AsciiSet, CONTROLS};
use reqwest::{
header::{HeaderMap, HeaderValue},
ClientBuilder, StatusCode,
Expand Down Expand Up @@ -322,17 +323,20 @@ impl Updater {
// https://releases.myapp.com/update/darwin/aarch64/1.0.0
// The main objective is if the update URL is defined via the Cargo.toml
// the URL will be generated dynamically
let version = self.current_version.to_string();
let version = version.as_bytes();
const CONTROLS_ADD: &AsciiSet = &CONTROLS.add(b'+');
let encoded_version = percent_encoding::percent_encode(version, CONTROLS_ADD);
let encoded_version = encoded_version.to_string();

let url: Url = url
.to_string()
// url::Url automatically url-encodes the path components
.replace(
"%7B%7Bcurrent_version%7D%7D",
&self.current_version.to_string(),
)
.replace("%7B%7Bcurrent_version%7D%7D", &encoded_version)
.replace("%7B%7Btarget%7D%7D", &self.target)
.replace("%7B%7Barch%7D%7D", self.arch)
// but not query parameters
.replace("{{current_version}}", &self.current_version.to_string())
.replace("{{current_version}}", &encoded_version)
.replace("{{target}}", &self.target)
.replace("{{arch}}", self.arch)
.parse()?;
Expand Down

0 comments on commit 221f50f

Please sign in to comment.