Only select valid characters from the authenticate header (#8)

sulusolutions · May 9, 2024 · 2c0d348 · 2c0d348
1 parent fd23fd4
commit 2c0d348
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/client/axios.ts b/src/client/axios.ts
@@ -66,8 +66,8 @@ export function setupL402Interceptor(instance: AxiosInstance, wallet: Wallet, st
  */
 function parseHeader(header: string): { header_key: string; invoice: string; macaroon: string } | null {
   const headerKeyMatch = /^(LSAT|L402)/.exec(header);
-  const invoiceMatch = /invoice="([^"]+)"/.exec(header);
-  const macaroonMatch = /macaroon="([^"]+)"/.exec(header);
+  const invoiceMatch = /invoice="([\w|\d]+)"/.exec(header); // Lightning invoice only use alphanumeric characters, see: https://github.com/lightning/bolts/blob/master/11-payment-encoding.md
+  const macaroonMatch = /macaroon="([\w|\d\+\/=_-]+)"/.exec(header); // Base64 URL-safe characters
 
   if (invoiceMatch && macaroonMatch) {
     return {

diff --git a/test/client/axios.spec.js b/test/client/axios.spec.js
@@ -72,7 +72,7 @@ class MockWallet extends Wallet {
       const url = 'https://example.com/resource';
       nock('https://example.com')
         .get('/resource')
-        .reply(402, '', { 'www-authenticate': 'L402 invoice="mock-invoice" macaroon="mock-macaroon"' });
+        .reply(402, '', { 'www-authenticate': 'L402 invoice="mockinvoice" macaroon="mock-macaroon"' });
 
       // Mock the successful retry response
       nock('https://example.com')