fix: URL percent encoding (#798)

Fixes the issues with special characters encoding in the request URLs.
- Percent encodes `/` character in the path components
- Updates the url parameters percent encoding using the approach from the previous major version of the client
- Percent encodes url parameters names

Author: VladislavFitz

Sources/AlgoliaSearchClient/Models/Internal/URL+Convenience.swift

@@ -24,11 +24,11 @@ extension URL {
   static var task = Self(string: "/1/task")!
 
   func appending<R: RawRepresentable>(_ rawRepresentable: R) -> Self where R.RawValue == String {
-    return appendingPathComponent(rawRepresentable.rawValue, isDirectory: false)
+    return appendingPathComponent(rawRepresentable.rawValue.addingPercentEncoding(withAllowedCharacters: .urlPathComponentAllowed)!, isDirectory: false)
   }
 
   func appending(_ pathComponent: PathComponent) -> Self {
-    return appendingPathComponent(pathComponent.rawValue, isDirectory: false)
+    return appendingPathComponent(pathComponent.rawValue.addingPercentEncoding(withAllowedCharacters: .urlPathComponentAllowed)!, isDirectory: false)
   }
 
   enum PathComponent: String {

Sources/AlgoliaSearchClient/Models/Search/Query/Query+URLEncodable.swift

@@ -102,7 +102,7 @@ extension Query {
 
     func encode() -> String? {
       return queryItems
-        .map { "\($0.name)=\($0.value?.addingPercentEncoding(withAllowedCharacters: .urlAllowed) ?? "")" }
+        .map { "\($0.name.addingPercentEncoding(withAllowedCharacters: .urlParameterAllowed)!)=\($0.value?.addingPercentEncoding(withAllowedCharacters: .urlParameterAllowed) ?? "")" }
         .joined(separator: "&")
     }
 

Sources/AlgoliaSearchClient/Transport/URLSession/URLRequest+Convenience.swift

@@ -14,7 +14,24 @@ extension URLRequest: Builder {}
 
 extension CharacterSet {
 
-  static let urlAllowed: CharacterSet = .alphanumerics.union(.init(charactersIn: "-._~")) // as per RFC 3986
+  // Allowed characters taken from [RFC 3986](https://tools.ietf.org/html/rfc3986) (cf. §2 "Characters"):
+  // - unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
+  // - gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"
+  // - sub-delims  = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
+  //
+  // ... with these further restrictions:
+  // - ampersand ('&') and equal sign ('=') removed because they are used as delimiters for the parameters;
+  // - question mark ('?') and hash ('#') removed because they mark the beginning and the end of the query string.
+  // - plus ('+') is removed because it is interpreted as a space by Algolia's servers.
+  //
+  static let urlParameterAllowed: CharacterSet = .alphanumerics.union(.init(charactersIn: "-._~:/[]@!$'()*,;"))
+
+  static let urlPathComponentAllowed: CharacterSet = {
+    var characterSet = CharacterSet()
+    characterSet.formUnion(CharacterSet.urlPathAllowed)
+    characterSet.remove(charactersIn: "/")
+    return characterSet
+  }()
 
 }
 
@@ -36,7 +53,7 @@ extension URLRequest {
 
     var urlComponents = URLComponents()
     urlComponents.scheme = "https"
-    urlComponents.path = command.path.absoluteString.removingPercentEncoding!
+    urlComponents.percentEncodedPath = command.path.path
 
     if let urlParameters = command.requestOptions?.urlParameters {
       urlComponents.queryItems = urlParameters.map { (key, value) in .init(name: key.rawValue, value: value) }

Tests/AlgoliaSearchClientTests/Unit/PathTests.swift

@@ -16,7 +16,7 @@ import FoundationNetworking
 class PathTests: XCTestCase {
 
   func testIndexNameEncoding() {
-    let path = URL(string: "/1/indexes/")!.appendingPathComponent("Index name with spaces")
+    let path = URL(string: "/1/indexes/")!.appendingPathComponent("Index name with spaces".addingPercentEncoding(withAllowedCharacters: .urlPathComponentAllowed)!)
     let request = URLRequest(command: Command.Custom(method: .post, callType: .write, path: path, body: nil, requestOptions: nil))
     XCTAssertEqual(request.url?.absoluteString, "https:/1/indexes/Index%20name%20with%20spaces")
   }

Tests/AlgoliaSearchClientTests/Unit/QueryTests.swift

@@ -93,23 +93,23 @@ class QueryTests: XCTestCase {
       "distinct=5",
       "getRankingInfo=true",
       "explainModules=match.alternatives",
-      "attributesToRetrieve=attr1%2Cattr2%2Cattr3",
-      "restrictSearchableAttributes=rattr1%2Crattr2",
-      "filters=%28color%3Ared%20OR%20color%3Ayellow%29%20AND%20on-sale%20AND%2012%2B%20AND%20%28test%3A%22Hello%20%26%20World%22%29",
-      "facetFilters=%5B%5B%22color%3Ared%22%2C%22color%3Ablue%22%5D%2C%22size%3AM%22%5D",
-      "optionalFilters=%5B%5B%22color%3Ared%22%2C%22color%3Ayellow%22%5D%2C%22on-sale%22%5D",
-      "numericFilters=%5B%5B%22price%3E100%22%2C%22length%3C1000%22%5D%2C%22metrics%3E5%22%5D",
-      "tagFilters=%5B%5B%22tag1%22%2C%22tag2%22%5D%2C%22tag3%22%5D",
+      "attributesToRetrieve=attr1,attr2,attr3",
+      "restrictSearchableAttributes=rattr1,rattr2",
+      "filters=(color:red%20OR%20color:yellow)%20AND%20on-sale%20AND%2012%2B%20AND%20(test:%22Hello%20%26%20World%22)",
+      "facetFilters=[[%22color:red%22,%22color:blue%22],%22size:M%22]",
+      "optionalFilters=[[%22color:red%22,%22color:yellow%22],%22on-sale%22]",
+      "numericFilters=[[%22price%3E100%22,%22length%3C1000%22],%22metrics%3E5%22]",
+      "tagFilters=[[%22tag1%22,%22tag2%22],%22tag3%22]",
       "sumOrFiltersScores=false",
-      "facets=facet1%2Cfacet2%2Cfacet3",
+      "facets=facet1,facet2,facet3",
       "maxValuesPerFacet=10",
       "facetingAfterDistinct=true",
       "sortFacetValuesBy=count",
       "maxFacetHits=100",
-      "attributesToHighlight=hattr1%2Chattr2%2Chattr3",
-      "attributesToSnippet=sattr1%3A10%2Csattr2",
+      "attributesToHighlight=hattr1,hattr2,hattr3",
+      "attributesToSnippet=sattr1:10,sattr2",
       "highlightPreTag=%3Chl%3E",
-      "highlightPostTag=%3C%2Fhl%3E",
+      "highlightPostTag=%3C/hl%3E",
       "snippetEllipsisText=read%20more",
       "restrictHighlightAndSnippetArrays=true",
       "page=15",
@@ -120,41 +120,41 @@ class QueryTests: XCTestCase {
       "minWordSizefor2Typos=4",
       "typoTolerance=strict",
       "allowTyposOnNumericTokens=false",
-      "disableTypoToleranceOnAttributes=dtattr1%2Cdtattr2",
-      "aroundLatLng=79.5%2C10.5",
+      "disableTypoToleranceOnAttributes=dtattr1,dtattr2",
+      "aroundLatLng=79.5,10.5",
       "aroundLatLngViaIP=true",
       "aroundRadius=80",
-      "aroundPrecision=%5B%7B%22from%22%3A0%2C%22value%22%3A1000%7D%2C%7B%22from%22%3A0%2C%22value%22%3A100000%7D%5D",
+      "aroundPrecision=[%7B%22from%22:0,%22value%22:1000%7D,%7B%22from%22:0,%22value%22:100000%7D]",
       "minimumAroundRadius=40",
-      "insideBoundingBox=%5B%5B0.0%2C10.0%2C20.0%2C30.0%5D%2C%5B40.0%2C50.0%2C60.0%2C70.0%5D%5D",
-      "insidePolygon=%5B%5B0.0%2C10.0%2C20.0%2C30.0%2C40.0%2C50.0%5D%2C%5B10.0%2C20.0%2C30.0%2C40.0%2C50.0%2C60.0%5D%5D",
+      "insideBoundingBox=[[0.0,10.0,20.0,30.0],[40.0,50.0,60.0,70.0]]",
+      "insidePolygon=[[0.0,10.0,20.0,30.0,40.0,50.0],[10.0,20.0,30.0,40.0,50.0,60.0]]",
       "queryType=prefixLast",
       "removeWordsIfNoResults=lastWords",
       "advancedSyntax=false",
-      "advancedSyntaxFeatures=exactPhrase%2CexcludeWords",
-      "optionalWords=optWord1%2CoptWord2",
-      "removeStopWords=ar%2Cfr",
-      "disableExactOnAttributes=deAttr1%2CdeAttr2",
+      "advancedSyntaxFeatures=exactPhrase,excludeWords",
+      "optionalWords=optWord1,optWord2",
+      "removeStopWords=ar,fr",
+      "disableExactOnAttributes=deAttr1,deAttr2",
       "exactOnSingleWordQuery=word",
-      "alternativesAsExact=ignorePlurals%2CsingleWordSynonym",
+      "alternativesAsExact=ignorePlurals,singleWordSynonym",
       "ignorePlurals=false",
-      "queryLanguages=hi%2Csq",
+      "queryLanguages=hi,sq",
       "decompoundQuery=false",
       "enableRules=true",
-      "ruleContexts=rc1%2Crc2",
+      "ruleContexts=rc1,rc2",
       "enablePersonalization=false",
       "personalizationImpact=5",
       "userToken=testUserToken",
       "analytics=true",
-      "analyticsTags=at1%2Cat2%2Cat3",
+      "analyticsTags=at1,at2,at3",
       "enableABTest=false",
       "clickAnalytics=true",
       "synonyms=false",
       "replaceSynonymsInHighlight=true",
       "minProximity=3",
-      "responseFields=facets_stats%2Chits",
+      "responseFields=facets_stats,hits",
       "percentileComputation=false",
-      "naturalLanguages=mi%2Cta",
+      "naturalLanguages=mi,ta",
       "enableReRanking=true",
       "custom1=val1",
       "custom2=2.0",

Tests/AlgoliaSearchClientTests/Unit/SecuredAPIKeyRestrictionTests.swift

@@ -22,7 +22,7 @@ class SecuredAPIKeyRestrictionTests: XCTestCase {
                                                validUntil: validUntil,
                                                userToken: "testUserToken")
 
-    XCTAssertEqual(restriction.urlEncodedString, "query=testQuery&clickAnalytics=true&restrictIndices=index1%2Cindex2&restrictSources=127.0.0.1%2C127.0.0.2&userToken=testUserToken&validUntil=\(Int(validUntil))")
+    XCTAssertEqual(restriction.urlEncodedString, "query=testQuery&clickAnalytics=true&restrictIndices=index1,index2&restrictSources=127.0.0.1,127.0.0.2&userToken=testUserToken&validUntil=\(Int(validUntil))")
   }
 
 }

Tests/AlgoliaSearchClientTests/Unit/Transport/URLRequestConstructionTests.swift

@@ -77,5 +77,19 @@ class URLRequestConstructionTests: XCTestCase {
     }
 
   }
+  
+  func testPathPercentEncoding() {
+    let command = Command.Indexing.GetObject(indexName: "myIndex",
+                                             objectID: "gid://shopify/Collection/1122334455",
+                                             attributesToRetrieve: [],
+                                             requestOptions: nil)
+    XCTAssertEqual(URLRequest(command: command).url?.absoluteString, "https:/1/indexes/myIndex/gid:%2F%2Fshopify%2FCollection%2F1122334455")
+  }
+  
+  func testFiltersEncoding() {
+    let query = Query("test")
+      .set(\.filters, to: "\"manufacturer\":\"&Quirky\"")
+    XCTAssertEqual(query.urlEncodedString, "query=test&filters=%22manufacturer%22:%22%26Quirky%22")
+  }
 
 }