From f6508dfcadddf69a4c393520ceed301a29cf2452 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Wed, 2 Feb 2022 12:53:21 +0000
Subject: [PATCH] Attempts at string escaping

---
 lib/logic/api_maps/hetzner.dart | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/lib/logic/api_maps/hetzner.dart b/lib/logic/api_maps/hetzner.dart
index 6a40199f..6fa0f4c5 100644
--- a/lib/logic/api_maps/hetzner.dart
+++ b/lib/logic/api_maps/hetzner.dart
@@ -130,17 +130,34 @@ class HetznerApi extends ApiMap {
       hostname = 'selfprivacy-server';
     }
 
+    print("hostname: $hostname");
+
     /// add ssh key when you need it: e.g. "ssh_keys":["kherel"]
     /// check the branch name, it could be "development" or "master".
+    /// 
+    final userdataString = "#cloud-config\\nruncmd:\\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/master/nixos-infect | PROVIDER=hetzner NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${escapeQuotes(rootUser.login)}' PASSWORD='${escapeQuotes(rootUser.password)}' CF_TOKEN=$cloudFlareKey DB_PASSWORD=${escapeQuotes(dbPassword)} API_TOKEN=$apiToken HOSTNAME=${escapeQuotes(hostname)} bash 2>&1 | tee /tmp/infect.log";
+    print(userdataString);
 
-    var data = jsonDecode(
-        '''{"name":"$hostname","server_type":"cx11","start_after_create":false,"image":"ubuntu-20.04", "volumes":[$dbId], "networks":[], "user_data":"#cloud-config\\nruncmd:\\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/master/nixos-infect | PROVIDER=hetzner NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${escapeSingleQuotes(rootUser.login)}' PASSWORD='${escapeSingleQuotes(rootUser.password)}' CF_TOKEN=$cloudFlareKey DB_PASSWORD=${escapeSingleQuotes(dbPassword)} API_TOKEN=$apiToken HOSTNAME=${escapeSingleQuotes(hostname)} bash 2>&1 | tee /tmp/infect.log","labels":{},"automount":true, "location": "fsn1"}''');
+    final data = {
+      "name": hostname,
+      "server_type": "cx11",
+      "start_after_create": false,
+      "image": "ubuntu-20.04",
+      "volumes": [dbId],
+      "networks": [],
+      "user_data": userdataString,
+      "labels": {},
+      "automount": true,
+      "location": "fsn1"
+    };
+    print("Decoded data: $data");
 
     Response serverCreateResponse = await client.post(
       '/servers',
       data: data,
     );
 
+    print(serverCreateResponse.data);
     client.close();
     return HetznerServerDetails(
       id: serverCreateResponse.data['server']['id'],
@@ -240,7 +257,10 @@ class HetznerApi extends ApiMap {
   }
 }
 
-String escapeSingleQuotes(String str) {
+String escapeQuotes(String str) {
   // replace all single quotes with escaped single quotes for bash strong quotes (i.e. '\'' )
+  print("Escaping single quotes for bash: $str");
+  print("Escaping result: ${str.replaceAll(RegExp(r"'"), "'\\''")}");
+  // also escape all double quotes for json
   return str.replaceAll(RegExp(r"'"), "'\\''");
 }