tweak to use alt URL-compatible base64 encoding

pkg/server/hooks.go

@@ -101,14 +101,19 @@ func PostHook(c *gin.Context) {
 	if repo.Params != nil && len(repo.Params) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), repo.Params))
 	}
-	encrypted, _ := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
+	encrypted, err := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
+	if err != nil {
+		log.Errorf("failure to decrypt secure parameters for %s. %s", repo.FullName, err)
+		c.Fail(400, err)
+		return
+	}
 	if encrypted != nil && len(encrypted) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), encrypted))
 	}
 	axes, err := matrix.Parse(string(raw))
 	if err != nil {
 		log.Errorf("failure to calculate matrix for %s. %s", repo.FullName, err)
-		c.Fail(404, err)
+		c.Fail(400, err)
 		return
 	}
 	if len(axes) == 0 {

pkg/utils/sshutil/sshutil.go

@@ -56,19 +56,17 @@ func UnMarshalPrivateKey(privateKeyPEM []byte) *rsa.PrivateKey {
 // an RSA public key.
 func Encrypt(hash hash.Hash, pubkey *rsa.PublicKey, msg string) (string, error) {
 	src, err := rsa.EncryptOAEP(hash, rand.Reader, pubkey, []byte(msg), nil)
-
-	return base64.StdEncoding.EncodeToString(src), err
+	return base64.RawURLEncoding.EncodeToString(src), err
 }
 
 // Decrypt is helper function to encrypt a plain-text string using
 // an RSA public key.
 func Decrypt(hash hash.Hash, privkey *rsa.PrivateKey, secret string) (string, error) {
-	decoded, err := base64.StdEncoding.DecodeString(secret)
+	decoded, err := base64.RawURLEncoding.DecodeString(secret)
 	if err != nil {
 		return "", err
 	}
 
 	out, err := rsa.DecryptOAEP(hash, rand.Reader, privkey, decoded, nil)
-
 	return string(out), err
 }