From bea1deebba9e6c157fa9f32738ada8a596757350 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Duffeck?= <andre.duffeck@firondu.de>
Date: Fri, 4 Oct 2024 09:50:58 +0200
Subject: [PATCH] Work around a problem with reverse proxies changing URLs
 being signed

Fixes https://github.com/owncloud/ocis/issues/10180
---
 services/proxy/pkg/middleware/signed_url_auth.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/services/proxy/pkg/middleware/signed_url_auth.go b/services/proxy/pkg/middleware/signed_url_auth.go
index bc2b72aa2..863f7e799 100644
--- a/services/proxy/pkg/middleware/signed_url_auth.go
+++ b/services/proxy/pkg/middleware/signed_url_auth.go
@@ -160,6 +160,16 @@ func (m SignedURLAuthenticator) signatureIsValid(req *http.Request) (err error)
 	if computedSignature == signatureInURL {
 		return nil
 	}
+
+	// try a workaround for https://github.com/owncloud/ocis/issues/10180
+	// Some reverse proxies might replace $ with %24 in the URL leading to a mismatch in the signature
+	u = strings.Replace(u, "$", "%24", 1)
+	computedSignature = m.createSignature(u, signingKey[0].Value)
+	signatureInURL = req.URL.Query().Get(_paramOCSignature)
+	if computedSignature == signatureInURL {
+		return nil
+	}
+
 	return fmt.Errorf("signature mismatch: expected %s != actual %s", computedSignature, signatureInURL)
 }