Closed CodingDoug closed 1 year ago
Another observation: we don't seem to be doing URL string escaping at all, which could be prone to bugs:
$ go run cmd/turso/main.go auth api-tokens create "%2b%2b"
$ go run cmd/turso/main.go auth api-tokens list
NAME
++
Edit: could someone delete this token for me, or tell me how? I can't easily figure out how to do it using the CLI.
I can create a token with nothing but invisible characters:
I now have no easy way of identifying it in the list.
I can also attempt to embed other whitespace characters into the name. Here are two tabs:
It would be reasonable to place the same restrictions on token names as the names of databases.