fix: sanitize tokens for the blacklist (#352)

supabase · Jun 5, 2024 · d0a3f61 · d0a3f61
1 parent d6897df
commit d0a3f61
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.57
+1.1.58
diff --git a/lib/supavisor_web/router.ex b/lib/supavisor_web/router.ex
@@ -89,6 +89,7 @@ defmodule SupavisorWeb.Router do
     blocklist = Application.fetch_env!(:supavisor, blocklist_key)
 
     with ["Bearer " <> token] <- get_req_header(conn, "authorization"),
+         token <- Regex.replace(~r/\s|\n/, URI.decode(token), ""),
          false <- token in blocklist,
          {:ok, _claims} <- Supavisor.Jwt.authorize(token, secret) do
       conn