0chain · dabasov · Dec 5, 2023 · Dec 4, 2023 · Dec 4, 2023 · Dec 4, 2023
@@ -4,6 +4,7 @@
 package handler
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -482,7 +483,7 @@ func TestHandlers_Download(t *testing.T) {
 					r.Header.Set("X-Verify-Download", fmt.Sprint(true))
 					r.Header.Set("X-Connection-ID", connectionID)
 					r.Header.Set("X-Mode", DownloadContentFull)
-					r.Header.Set("X-Auth-Token", authTicket)
+					r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
 					r.Header.Set(common.ClientSignatureHeader, sign)
 					r.Header.Set(common.ClientHeader, guestClient.ClientID)
 					r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
@@ -563,7 +564,7 @@ func TestHandlers_Download(t *testing.T) {
 					r.Header.Set("X-Verify-Download", fmt.Sprint(true))
 					r.Header.Set("X-Connection-ID", connectionID)
 					r.Header.Set("X-Mode", DownloadContentFull)
-					r.Header.Set("X-Auth-Token", authTicket)
+					r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
 					r.Header.Set(common.ClientSignatureHeader, sign)
 					r.Header.Set(common.ClientHeader, guestClient.ClientID)
 					r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
@@ -677,7 +678,7 @@ func TestHandlers_Download(t *testing.T) {
 					r.Header.Set("X-Verify-Download", fmt.Sprint(true))
 					r.Header.Set("X-Connection-ID", connectionID)
 					r.Header.Set("X-Mode", DownloadContentFull)
-					r.Header.Set("X-Auth-Token", authTicket)
+					r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
 					r.Header.Set(common.ClientSignatureHeader, sign)
 					r.Header.Set(common.ClientHeader, guestClient.ClientID)
 					r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
@@ -797,7 +798,7 @@ func TestHandlers_Download(t *testing.T) {
 					r.Header.Set("X-Verify-Download", fmt.Sprint(true))
 					r.Header.Set("X-Connection-ID", connectionID)
 					r.Header.Set("X-Mode", DownloadContentFull)
-					r.Header.Set("X-Auth-Token", authTicket)
+					r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
 					r.Header.Set(common.ClientSignatureHeader, sign)
 					r.Header.Set(common.ClientHeader, guestClient.ClientID)
 					r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
@@ -916,7 +917,7 @@ func TestHandlers_Download(t *testing.T) {
 					r.Header.Set("X-Verify-Download", fmt.Sprint(true))
 					r.Header.Set("X-Connection-ID", connectionID)
 					r.Header.Set("X-Mode", DownloadContentFull)
-					r.Header.Set("X-Auth-Token", authTicket)
+					r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
 					r.Header.Set(common.ClientSignatureHeader, sign)
 					r.Header.Set(common.ClientHeader, guestClient.ClientID)
 					r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"context"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
@@ -316,12 +317,15 @@ func (fsh *StorageHandler) DownloadFile(ctx context.Context, r *http.Request) (i
 	var shareInfo *reference.ShareInfo
 
 	if !isOwner {
-		authTokenString := dr.AuthToken
-		if authTokenString == "" {
+		if dr.AuthToken == "" {
 			return nil, common.NewError("invalid_authticket", "authticket is required")
 		}
+		authTokenString, err := base64.StdEncoding.DecodeString(dr.AuthToken)
+		if err != nil {
+			return nil, common.NewError("invalid_authticket", err.Error())
+		}
 
-		if authToken, err = fsh.verifyAuthTicket(ctx, authTokenString, alloc, fileref, clientID, false); authToken == nil {
+		if authToken, err = fsh.verifyAuthTicket(ctx, string(authTokenString), alloc, fileref, clientID, false); authToken == nil {
 			return nil, common.NewErrorf("invalid_authticket", "cannot verify auth ticket: %v", err)
 		}
 

@@ -3,6 +3,7 @@ package handler
 import (
 	"context"
 	"database/sql/driver"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -127,7 +128,8 @@ func TestDownloadFile(t *testing.T) {
 			require.NoError(t, authTicket.Sign())
 			require.NoError(t, client.PopulateClient(mockClientWallet, "bls0chain"))
 			authTicketBytes, _ := json.Marshal(authTicket)
-			req.Header.Set("X-Auth-Token", string(authTicketBytes))
+			auth := base64.StdEncoding.EncodeToString(authTicketBytes)
+			req.Header.Set("X-Auth-Token", auth)
 		}
 		if len(p.inData.contentMode) > 0 {
 			req.Header.Set("X-Mode", p.inData.contentMode)