Merge pull request #102 from AnyMindGroup/fix/signed-url-path-encoding

fix signed url path encoding with special characters

Author: rolang

tests/shared/src/test/scala/V4CanonicalRequestBuilderSpec.scala

@@ -92,7 +92,7 @@ object V4CanonicalRequestBuilderSpec extends ZIOSpecDefault:
                    method = Method.GET,
                    timestamp = Instant.parse("2019-12-01T19:08:59Z"),
                    // all characters from the docs https://cloud.google.com/storage/docs/authentication/canonical-requests#about-resource-path
-                   resourcePath = List("test", """?=!#$&'()*+,:;@[]".png"""),
+                   resourcePath = List("test", """?=!#$&'()*+,:;@[]"~.png"""),
                    contentType = Some(MediaType.ImagePng),
                    bucket = "test-bucket",
                    serviceAccountEmail = "test@gcp.iam.gserviceaccount.com",
@@ -104,7 +104,7 @@ object V4CanonicalRequestBuilderSpec extends ZIOSpecDefault:
           assertTrue(
             req.payloadPlain.linesIterator
               .drop(1)
-              .next == """/test-bucket/test/%3F%3D%21%23%24%26%27%28%29*%2B%2C%3A%3B%40%5B%5D%22.png"""
+              .next == """/test-bucket/test/%3F%3D%21%23%24%26%27%28%29%2A%2B%2C%3A%3B%40%5B%5D%22~.png"""
           )
       } yield assertCompletes
     },

tests/shared/src/test/scala/V4SignUrlRequestBuilderSpec.scala

@@ -14,7 +14,7 @@ object V4SignUrlRequestBuilderSpec extends ZIOSpecDefault:
   override def spec: Spec[Any, Any] = suite("V4SignUrlRequestBuilderSpec")(
     test("return signed url") {
       val testBucket        = "example-bucket"
-      val testResource      = List("test", """cat_?=!#$&'()*+,:;@[]".jpeg""")
+      val testResource      = List("test", """cat_?=!#$&'()*+,:;@[]"~.jpeg""")
       val signatureResponse =
         "PszqKoIc7Q3TU22ouo9YWxtMk9jtKZBWMdqEwKb57+XlritZsYnaBiNhRaE5YvARf421zqS/M2kKPuPbYJc9c2GyEk66Y/J8o2QFpo65tKaFIvADvkBUiNg6IXSs3YL4udg+roLeMPi6r5NJqjp3Rf+7FT6xN8xImtw33DGjbffkp6BhUuHSt9USOCzbDOSmjTAiTuuo5eNUSbL6f5xZroKq07wTj3ETDDICV/QkB6VlxGffi1TVKF14dgrBuE0jwATsWyVBFFVXJ7pB+uUc8UDgZQzAVTjahJUFWAevg9+QgA2HQlc5a0u3Cs+/tJZjWnsx3hm0S8NJqGIOa8mO0w=="
       val expectedSignature =
@@ -32,7 +32,7 @@ object V4SignUrlRequestBuilderSpec extends ZIOSpecDefault:
                                 signAlgorithm = V4SignAlgorithm.`GOOG4-RSA-SHA256`,
                                 expiresInSeconds = V4SignatureExpiration.inSeconds(900),
                               )
-        expectedPath = "/example-bucket/test/cat_%3F%3D%21%23%24%26%27%28%29*%2B%2C%3A%3B%40%5B%5D%22.jpeg"
+        expectedPath = "/example-bucket/test/cat_%3F%3D%21%23%24%26%27%28%29%2A%2B%2C%3A%3B%40%5B%5D%22~.jpeg"
         _           <- assertTrue(canonicalRequest.payloadPlain.linesIterator.drop(1).next == expectedPath)
         signedUrl   <- ZIO.fromEither:
                        V4SignUrlRequestBuilder

zio-gcp-storage/shared/src/main/scala/V4CanonicalRequestBuilder.scala

@@ -7,6 +7,7 @@ import java.time.temporal.ChronoField
 import java.time.{Instant, ZoneOffset}
 
 import sttp.model.Uri.{QuerySegmentEncoding, Segment}
+import sttp.model.internal.Rfc3986
 import sttp.model.{MediaType, Method, QueryParams}
 
 // https://cloud.google.com/storage/docs/authentication/canonical-requests
@@ -109,8 +110,22 @@ private[storage] class V4CanonicalRequestBuilder(
   }
 }
 
+private[storage] val resourcePathAllowedChars =
+  Rfc3986.Query --
+    // https://docs.cloud.google.com/storage/docs/authentication/canonical-requests#about-resource-path
+    Set('?', '=', '!', '#', '$', '&', '\'', '(', ')', '*', '+', ',', ':', ';', '@', '[', ']')
+
 private[storage] def toResourcePathSegments(resourcePath: Seq[String]) =
-  resourcePath.map(p => Segment(p, QuerySegmentEncoding.All))
+  resourcePath.map(p =>
+    Segment(
+      p,
+      Rfc3986.encode(
+        allowedCharacters = resourcePathAllowedChars,
+        spaceAsPlus = false,
+        encodePlus = true,
+      ),
+    )
+  )
 
 private[storage] object V4CanonicalRequestBuilder:
   def apply(): V4CanonicalRequestBuilder =