Merge pull request #147 from basecamp/fix-sgid-decoding

monorkin · web-flow · commit 71ffeeea7895 · 2025-12-15T17:05:01.000+01:00
Try to decodde SGIDs in multiple ways
diff --git a/lib/rails_ext/action_text_attachables.rb b/lib/rails_ext/action_text_attachables.rb
@@ -12,15 +12,15 @@ def from_node(node, attachable = nil)
 
         def attachable_from_possibly_expired_sgid(sgid)
           if message = sgid&.split("--")&.first
-            encoded_message = JSON.parse Base64.strict_decode64(message)
+            encoded_message = JSON.parse(decode_base64(message))
 
             decoded_gid = if data = encoded_message.dig("_rails", "data")
               data
             elsif data = encoded_message.dig("_rails", "message")
               # Rails 7 used an older format of GID that serialized the payload using Marshall
               # Since we intentionally skip signature verification, we can't safely unmarshal the data
               # To work around this, we manually extract the GID from the marshaled data
-              Base64.urlsafe_decode64(data).match(%r{(gid://campfire/[^/]+/\d+)})&.to_s
+              decode_base64(data).match(%r{(gid://campfire/[^/]+/\d+)})&.to_s
             else
               nil
             end
@@ -32,6 +32,12 @@ def attachable_from_possibly_expired_sgid(sgid)
         rescue ActiveRecord::RecordNotFound
           nil
         end
+
+        def decode_base64(message)
+          Base64.strict_decode64(message)
+        rescue => _e
+          Base64.urlsafe_decode64(message)
+        end
     end
   end
 end
