REFACTOR (pgpass): Refactor escaping

2026-04-06 00:32:03 +02:00 · 2025-11-27 17:00:26 +03:00
parent d07085c462
commit fa0e3d1ce2
4 changed files with 31 additions and 16 deletions
--- a/backend/internal/features/backups/backups/usecases/postgresql/create_backup_uc.go
+++ b/backend/internal/features/backups/backups/usecases/postgresql/create_backup_uc.go
@@ -719,17 +719,14 @@ func (uc *CreatePostgresqlBackupUsecase) createTempPgpassFile(
 		return "", nil
 	}

-	// Escape special characters in password as per PostgreSQL .pgpass format
-	// Per official PostgreSQL documentation: only backslash and colon need escaping
-	escapedPassword := strings.NewReplacer(
-		"\\", "\\\\",
-		":", "\\:",
-	).Replace(password)
+	escapedHost := tools.EscapePgpassField(pgConfig.Host)
+	escapedUsername := tools.EscapePgpassField(pgConfig.Username)
+	escapedPassword := tools.EscapePgpassField(password)

 	pgpassContent := fmt.Sprintf("%s:%d:*:%s:%s",
-		pgConfig.Host,
+		escapedHost,
 		pgConfig.Port,
-		pgConfig.Username,
+		escapedUsername,
 		escapedPassword,
 	)

--- a/backend/internal/features/restores/usecases/postgresql/restore_backup_uc.go
+++ b/backend/internal/features/restores/usecases/postgresql/restore_backup_uc.go
@@ -564,17 +564,14 @@ func (uc *RestorePostgresqlBackupUsecase) createTempPgpassFile(
 		return "", nil
 	}

-	// Escape special characters in password as per PostgreSQL .pgpass format
-	// Per official PostgreSQL documentation: only backslash and colon need escaping
-	escapedPassword := strings.NewReplacer(
-		"\\", "\\\\",
-		":", "\\:",
-	).Replace(password)
+	escapedHost := tools.EscapePgpassField(pgConfig.Host)
+	escapedUsername := tools.EscapePgpassField(pgConfig.Username)
+	escapedPassword := tools.EscapePgpassField(password)

 	pgpassContent := fmt.Sprintf("%s:%d:*:%s:%s",
-		pgConfig.Host,
+		escapedHost,
 		pgConfig.Port,
-		pgConfig.Username,
+		escapedUsername,
 		escapedPassword,
 	)

--- a/backend/internal/util/tools/postgresql.go
+++ b/backend/internal/util/tools/postgresql.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"strings"

 	env_utils "postgresus-backend/internal/util/env"
 )
@@ -151,6 +152,24 @@ func VerifyPostgresesInstallation(
 	logger.Info("All PostgreSQL version-specific client tools verification completed successfully!")
 }

+// EscapePgpassField escapes special characters in a field value for .pgpass file format.
+// According to PostgreSQL documentation, the .pgpass file format requires:
+// - Backslash (\) must be escaped as \\
+// - Colon (:) must be escaped as \:
+// Additionally, newlines and carriage returns are removed to prevent format corruption.
+func EscapePgpassField(field string) string {
+	// Remove newlines and carriage returns that would break .pgpass format
+	field = strings.ReplaceAll(field, "\r", "")
+	field = strings.ReplaceAll(field, "\n", "")
+
+	// Escape backslashes first (order matters!)
+	// Then escape colons
+	field = strings.ReplaceAll(field, "\\", "\\\\")
+	field = strings.ReplaceAll(field, ":", "\\:")
+
+	return field
+}
+
 func getPostgresqlBasePath(
 	version PostgresqlVersion,
 	envMode env_utils.EnvMode,
--- a/frontend/src/shared/theme/ThemeProvider.tsx
+++ b/frontend/src/shared/theme/ThemeProvider.tsx
@@ -16,10 +16,12 @@ function getSystemTheme(): ResolvedTheme {
 function getStoredTheme(): ThemeMode {
  if (typeof window !== 'undefined') {
    const stored = localStorage.getItem(THEME_STORAGE_KEY);
+
    if (stored === 'light' || stored === 'dark' || stored === 'system') {
      return stored;
    }
  }
+
  return 'system';
 }