Allow routes to accept nested assets.#515
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c166da45c0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| raise | ||
|
|
||
| @blueprint.route('/jobs/<job_id>/results/items/<user_base64>/<secure_key>/<item_id>', methods=['GET']) | ||
| @blueprint.route("/jobs/<job_id>/results/items/<user_base64>/<secure_key>/<path:item_id>", methods=["GET"]) |
There was a problem hiding this comment.
With the signed rule now using <path:item_id> and being registered before the bearer-auth item route below, an unsigned nested item ID with three or more components (for example tiles/2024/01.tif) matches this signed route as user_base64=tiles, secure_key=2024, item_id=01.tif instead of reaching the bearer-auth handler. That makes deeper nested results fail signature/base64 verification even when the caller supplies normal bearer auth; the same pattern on the items11 signed route has the same effect.
Useful? React with 👍 / 👎.
1 participant
@copilot review without making code changes
I did not change the
/results/aux/routes, as I don't know what they are