Skip to content

Fix Base64 encoding mismatch for complex keys in OpenAPI endpoints #5506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix Base64 encoding mismatch for complex keys in OpenAPI endpoints #5506

Copilot wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 2, 2025
edited
Loading

What's the purpose of this PR

OpenAPI calls with complex configuration keys containing special characters (@, /, etc.) fail with 404 errors due to inconsistent Base64 encoding between portal and admin service layers.

Which issue(s) this PR fixes:

Fixes #5361

Brief changelog

Root cause: Mixed use of standard and URL-safe Base64 variants across the stack:

  • Portal → Admin service: standard encoder (Base64.getEncoder())
  • Admin service decoder: URL-safe decoder (Base64.getUrlDecoder())
  • OpenAPI controller: standard decoder (Base64.getDecoder())

Standard Base64 uses + and / which break when passed in URL paths.

Changes:

  • AdminServiceAPI.loadItemByEncodeKey(): Use Base64.getUrlEncoder().withoutPadding()
  • ItemController (OpenAPI): Use Base64.getUrlDecoder() in getItemByEncodedKey(), updateItemByEncodedKey(), deleteItemByEncodedKey()
  • Added tests for simple and complex keys including wonfu.soa.circuit-breaker.enable.gitea-svc@/api/v1/fetchWorkflows

Example:

// Before: Failed with 404
String complexKey = "service@/api/v1/endpoint";
String encoded = Base64.getEncoder().encodeToString(complexKey.getBytes()); // Contains '/'
// URL routing breaks

// After: Works correctly  
String encoded = Base64.getUrlEncoder().withoutPadding().encodeToString(complexKey.getBytes()); // No '/' or '='

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Read the Contributing Guide before making this pull request.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit tests to verify the code.
  • Run mvn clean test to make sure this pull request doesn't break anything.
  • Run mvn spotless:apply to format your code.
  • Update the CHANGES log.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • central.sonatype.com
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -classpath /home/REDACTED/work/apollo/apollo/.mvn/wrapper/maven-wrapper.jar -Dmaven.home=/home/REDACTED/work/apollo -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/apollo/apollo org.apache.maven.wrapper.MavenWrapperMain dependency:tree -pl apollo-portal (dns block)
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -classpath /home/REDACTED/work/apollo/apollo/.mvn/wrapper/maven-wrapper.jar -Dmaven.home=/home/REDACTED/work/apollo -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/apollo/apollo org.apache.maven.wrapper.MavenWrapperMain clean compile -DskipTests -pl apollo-portal -am (dns block)
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -classpath /home/REDACTED/work/apollo/apollo/.mvn/wrapper/maven-wrapper.jar -Dmaven.home=/home/REDACTED/work/apollo -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/apollo/apollo org.apache.maven.wrapper.MavenWrapperMain test-compile -DskipTests -pl apollo-adminservice (dns block)
  • www.puppycrawl.com
    • Triggering command: /opt/hostedtoolcache/CodeQL/2.23.3/x64/codeql/tools/linux64/java/bin/java /opt/hostedtoolcache/CodeQL/2.23.3/x64/codeql/tools/linux64/java/bin/java -jar /opt/hostedtoolcache/CodeQL/2.23.3/x64/codeql/xml/tools/xml-extractor.jar --fileList=/home/REDACTED/work/apollo/.codeql-scratch/dbs/java/working/files-to-index9376146935169518576.list --sourceArchiveDir=/home/REDACTED/work/apollo/.codeql-scratch/dbs/java/src --outputDir=/home/REDACTED/work/apollo/.codeql-scratch/dbs/java/trap/java (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>复杂key的openapi调用会有问题么</issue_title>
<issue_description>

描述bug

(v2.4.2) 版本,使用java sdk 调用 openapi的 新增或更新配置
 ```java
     @Test
void updateItem() throws UnsupportedEncodingException {
    OpenItemDTO openItemDTO = new OpenItemDTO();
    openItemDTO.setDataChangeCreatedBy("apollo");
    String key = "wonfu.soa.circuit-breaker.enable.gitea-svc@/api/v1/fetchWorkflows";
    openItemDTO.setKey(key);  // foo 是正确的 复杂key有问题
    openItemDTO.setValue("bar");
    apolloOpenApiClient.createOrUpdateItem("wonfu-orbit",
            "dev", "default", Constants.GOVERNANCE_NAMESPACE_LOCAL, openItemDTO);
}


**复现**

通过如下步骤可以复现:
 1. 执行以上测试方法
 2. 报错:
 ```
  Caused by: com.ctrip.framework.apollo.openapi.client.exception.ApolloOpenApiException: Request to apollo open api failed, status code: 404, reason: , message: {"timestamp":"2025-11-25T14:52:15.876+0800","status":404,"error":"Not Found","message":"","path":"/openapi/v1/envs/dev/apps/wonfu-orbit/clusters/default/namespaces/wonfu.governance.local/encodedItems/d29uZnUuc29hLmNpcmN1aXQtYnJlYWtlci5lbmFibGUuZ2l0ZWEtc3ZjQC9hcGkvdjEvZmV0Y2hXb3JrZmxvd3M\u003d"}
at com.ctrip.framework.apollo.openapi.client.service.AbstractOpenApiService.checkHttpResponseStatus(AbstractOpenApiService.java:97)
at com.ctrip.framework.apollo.openapi.client.service.AbstractOpenApiService.execute(AbstractOpenApiService.java:79)

期望

我看了源码,是会对复杂key 进行 base64编码处理的

截图

Image

额外的细节和日志

  • 版本:
  • 错误日志
  • 配置:
  • 平台和操作系统</issue_description>

<agent_instructions>Please analyze and resolve this issue.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 2, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI changed the title [WIP] Fix issue with complex key in OpenAPI calls Fix Base64 encoding mismatch for complex keys in OpenAPI endpoints Dec 2, 2025
Copilot AI requested a review from nobodyiam December 2, 2025 01:48
Copilot finished work on behalf of nobodyiam December 2, 2025 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nobodyiam nobodyiam Awaiting requested review from nobodyiam

At least 1 approving review is required to merge this pull request.

Assignees

@nobodyiam nobodyiam

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

复杂key的openapi调用会有问题么

2 participants

@nobodyiam