quak/src/crypto/encoding.ts

import sodium from "libsodium-wrappers-sumo";

export const toBase64 = (b: Uint8Array): string =>
    sodium.to_base64(b, sodium.base64_variants.ORIGINAL);

export const toBase64URL = (b: Uint8Array): string =>
    sodium.to_base64(b, sodium.base64_variants.URLSAFE_NO_PADDING);

// Ente uses standard base64 for most fields, URL-safe (with padding stripped)
// for the auth token. Rather than make callers specify, fromBase64 accepts
// any of the four variants libsodium understands and returns the bytes.
const VARIANTS = [
    sodium.base64_variants.ORIGINAL,
    sodium.base64_variants.ORIGINAL_NO_PADDING,
    sodium.base64_variants.URLSAFE,
    sodium.base64_variants.URLSAFE_NO_PADDING,
] as const;

export const fromBase64 = (s: string): Uint8Array => {
    let lastError: unknown;
    for (const variant of VARIANTS) {
        try {
            return sodium.from_base64(s, variant);
        } catch (err) {
            lastError = err;
        }
    }
    throw lastError instanceof Error
        ? lastError
        : new Error("invalid base64 input");
};