From f01c25efce2c4b93014da77cc27b5f0dc23b727b Mon Sep 17 00:00:00 2001
From: Laurin Quast <laurinquast@googlemail.com>
Date: Wed, 8 Feb 2023 10:20:58 +0100
Subject: [PATCH] fix: gracefully handle base64 decoding error in case of
 invalid access token (#1302)

---
 packages/services/cdn-worker/src/cdn-token.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/services/cdn-worker/src/cdn-token.ts b/packages/services/cdn-worker/src/cdn-token.ts
index 9e21d94d5..df964f43b 100644
--- a/packages/services/cdn-worker/src/cdn-token.ts
+++ b/packages/services/cdn-worker/src/cdn-token.ts
@@ -38,7 +38,14 @@ export function decodeCdnAccessTokenSafe(token: string) {
 
   token = token.slice(keyPrefix.length);
 
-  const str = globalThis.atob(token);
+  let str: string;
+
+  try {
+    str = globalThis.atob(token);
+  } catch (error) {
+    return decodeError;
+  }
+
   const [keyId, privateKey] = str.split(':');
   if (keyId && privateKey) {
     return { type: 'success', token: { keyId, privateKey } } as const;