From 43ab20c841bdf43c2e7496a069279882edbc37b4 Mon Sep 17 00:00:00 2001 From: prk-Jr Date: Thu, 29 Jan 2026 20:46:16 +0530 Subject: [PATCH] Replace unwrap_or_default with documented expect in http_util The base64 decode in compute_encrypted_sha256_token cannot fail because it operates on data just encoded by encode_url. Changed from silent error recovery to an explicit expect with documentation explaining the invariant. Resolves: #192 --- crates/common/src/http_util.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/crates/common/src/http_util.rs b/crates/common/src/http_util.rs index 1bfa4441..a93c694d 100644 --- a/crates/common/src/http_util.rs +++ b/crates/common/src/http_util.rs @@ -126,12 +126,19 @@ pub fn verify_clear_url_signature(settings: &Settings, clear_url: &str, token: & /// 2) Base64-decode the `x1||nonce||ciphertext+tag` bytes /// 3) Compute SHA-256 over those bytes /// 4) Return Base64 URL-safe (no padding) digest as `tstoken` +/// +/// # Panics +/// +/// This function will not panic under normal circumstances. The internal base64 decode +/// cannot fail because it operates on data that was just encoded by `encode_url`. #[must_use] pub fn compute_encrypted_sha256_token(settings: &Settings, full_url: &str) -> String { // Encrypt deterministically using existing helper let enc = encode_url(settings, full_url); // Decode to raw bytes (x1 + nonce + ciphertext+tag) - let raw = URL_SAFE_NO_PAD.decode(enc.as_bytes()).unwrap_or_default(); + let raw = URL_SAFE_NO_PAD + .decode(enc.as_bytes()) + .expect("decode must succeed for just-encoded data"); let digest = Sha256::digest(&raw); URL_SAFE_NO_PAD.encode(digest) }