encode paseto payloads as json (#1146)

1 files changed, 11 insertions, 2 deletions

diff --git a/atuin-client/src/record/encryption.rs b/atuin-client/src/record/encryption.rs
index 6760d97b..3074a9c2 100644
--- a/atuin-client/src/record/encryption.rs
+++ b/atuin-client/src/record/encryption.rs
@@ -72,7 +72,10 @@ impl Encryption for PASETO_V4 {
         let assertions = Assertions::from(ad).encode();
 
         // build the payload and encrypt the token
-        let payload = general_purpose::URL_SAFE_NO_PAD.encode(data.0);
+        let payload = serde_json::to_string(&AtuinPayload {
+            data: general_purpose::URL_SAFE_NO_PAD.encode(data.0),
+        })
+        .expect("json encoding can't fail");
         let nonce = DataKey::<32>::try_new_random().expect("could not source from random");
         let nonce = PasetoNonce::<V4, LocalPurpose>::from(&nonce);
 
@@ -104,7 +107,8 @@ impl Encryption for PASETO_V4 {
         )
         .context("could not decrypt entry")?;
 
-        let data = general_purpose::URL_SAFE_NO_PAD.decode(payload)?;
+        let payload: AtuinPayload = serde_json::from_str(&payload)?;
+        let data = general_purpose::URL_SAFE_NO_PAD.decode(payload.data)?;
         Ok(DecryptedData(data))
     }
 }
@@ -147,6 +151,11 @@ impl PASETO_V4 {
 }
 
 #[derive(Serialize, Deserialize)]
+struct AtuinPayload {
+    data: String,
+}
+
+#[derive(Serialize, Deserialize)]
 /// Well-known footer claims for decrypting. This is not encrypted but is stored in the record.
 /// <https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/04-Claims.md#optional-footer-claims>
 struct AtuinFooter {