fix(client)!: uri encode path parameters

chore: unknown commit message

Author: stainless-bot

src/internal/utils/path.ts

@@ -0,0 +1,63 @@
+import { OpenAIError } from '../../error';
+
+/**
+ * Percent-encode everything that isn't safe to have in a path without encoding safe chars.
+ *
+ * Taken from https://datatracker.ietf.org/doc/html/rfc3986#section-3.3:
+ * > unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
+ * > sub-delims  = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
+ * > pchar       = unreserved / pct-encoded / sub-delims / ":" / "@"
+ */
+export function encodeURIPath(str: string) {
+  return str.replace(/[^A-Za-z0-9\-._~!$&'()*+,;=:@]+/g, encodeURIComponent);
+}
+
+export const createPathTagFunction = (pathEncoder = encodeURIPath) =>
+  function path(statics: readonly string[], ...params: readonly unknown[]): string {
+    // If there are no params, no processing is needed.
+    if (statics.length === 1) return statics[0]!;
+
+    let postPath = false;
+    const path = statics.reduce((previousValue, currentValue, index) => {
+      if (/[?#]/.test(currentValue)) {
+        postPath = true;
+      }
+      return (
+        previousValue +
+        currentValue +
+        (index === params.length ? '' : (postPath ? encodeURIComponent : pathEncoder)(String(params[index])))
+      );
+    }, '');
+
+    const pathOnly = path.split(/[?#]/, 1)[0]!;
+    const invalidSegments = [];
+    const invalidSegmentPattern = /(?<=^|\/)(?:\.|%2e){1,2}(?=\/|$)/gi;
+    let match;
+
+    // Find all invalid segments
+    while ((match = invalidSegmentPattern.exec(pathOnly)) !== null) {
+      invalidSegments.push({
+        start: match.index,
+        length: match[0].length,
+      });
+    }
+
+    if (invalidSegments.length > 0) {
+      let lastEnd = 0;
+      const underline = invalidSegments.reduce((acc, segment) => {
+        const spaces = ' '.repeat(segment.start - lastEnd);
+        const arrows = '^'.repeat(segment.length);
+        lastEnd = segment.start + segment.length;
+        return acc + spaces + arrows;
+      }, '');
+
+      throw new OpenAIError(`Path parameters result in path with invalid segments:\n${path}\n${underline}`);
+    }
+
+    return path;
+  };
+
+/**
+ * URI-encodes path params and ensures no unsafe /./ or /../ path segments are introduced.
+ */
+export const path = createPathTagFunction(encodeURIPath);

src/resources/batches.ts

@@ -6,6 +6,7 @@ import * as Shared from './shared';
 import { APIPromise } from '../api-promise';
 import { CursorPage, type CursorPageParams, PagePromise } from '../pagination';
 import { RequestOptions } from '../internal/request-options';
+import { path } from '../internal/utils/path';
 
 export class Batches extends APIResource {
   /**
@@ -19,7 +20,7 @@ export class Batches extends APIResource {
    * Retrieves a batch.
    */
   retrieve(batchID: string, options?: RequestOptions): APIPromise<Batch> {
-    return this._client.get(`/batches/${batchID}`, options);
+    return this._client.get(path`/batches/${batchID}`, options);
   }
 
   /**
@@ -38,7 +39,7 @@ export class Batches extends APIResource {
    * (if any) available in the output file.
    */
   cancel(batchID: string, options?: RequestOptions): APIPromise<Batch> {
-    return this._client.post(`/batches/${batchID}/cancel`, options);
+    return this._client.post(path`/batches/${batchID}/cancel`, options);
   }
 }
 

src/resources/beta/assistants.ts

@@ -12,6 +12,7 @@ import { APIPromise } from '../../api-promise';
 import { CursorPage, type CursorPageParams, PagePromise } from '../../pagination';
 import { buildHeaders } from '../../internal/headers';
 import { RequestOptions } from '../../internal/request-options';
+import { path } from '../../internal/utils/path';
 
 export class Assistants extends APIResource {
   /**
@@ -29,7 +30,7 @@ export class Assistants extends APIResource {
    * Retrieves an assistant.
    */
   retrieve(assistantID: string, options?: RequestOptions): APIPromise<Assistant> {
-    return this._client.get(`/assistants/${assistantID}`, {
+    return this._client.get(path`/assistants/${assistantID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -39,7 +40,7 @@ export class Assistants extends APIResource {
    * Modifies an assistant.
    */
   update(assistantID: string, body: AssistantUpdateParams, options?: RequestOptions): APIPromise<Assistant> {
-    return this._client.post(`/assistants/${assistantID}`, {
+    return this._client.post(path`/assistants/${assistantID}`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -64,7 +65,7 @@ export class Assistants extends APIResource {
    * Delete an assistant.
    */
   delete(assistantID: string, options?: RequestOptions): APIPromise<AssistantDeleted> {
-    return this._client.delete(`/assistants/${assistantID}`, {
+    return this._client.delete(path`/assistants/${assistantID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });

src/resources/beta/threads/messages.ts

@@ -7,13 +7,14 @@ import { APIPromise } from '../../../api-promise';
 import { CursorPage, type CursorPageParams, PagePromise } from '../../../pagination';
 import { buildHeaders } from '../../../internal/headers';
 import { RequestOptions } from '../../../internal/request-options';
+import { path } from '../../../internal/utils/path';
 
 export class Messages extends APIResource {
   /**
    * Create a message.
    */
   create(threadID: string, body: MessageCreateParams, options?: RequestOptions): APIPromise<Message> {
-    return this._client.post(`/threads/${threadID}/messages`, {
+    return this._client.post(path`/threads/${threadID}/messages`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -25,7 +26,7 @@ export class Messages extends APIResource {
    */
   retrieve(messageID: string, params: MessageRetrieveParams, options?: RequestOptions): APIPromise<Message> {
     const { thread_id } = params;
-    return this._client.get(`/threads/${thread_id}/messages/${messageID}`, {
+    return this._client.get(path`/threads/${thread_id}/messages/${messageID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -36,7 +37,7 @@ export class Messages extends APIResource {
    */
   update(messageID: string, params: MessageUpdateParams, options?: RequestOptions): APIPromise<Message> {
     const { thread_id, ...body } = params;
-    return this._client.post(`/threads/${thread_id}/messages/${messageID}`, {
+    return this._client.post(path`/threads/${thread_id}/messages/${messageID}`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -51,7 +52,7 @@ export class Messages extends APIResource {
     query: MessageListParams | null | undefined = {},
     options?: RequestOptions,
   ): PagePromise<MessagesPage, Message> {
-    return this._client.getAPIList(`/threads/${threadID}/messages`, CursorPage<Message>, {
+    return this._client.getAPIList(path`/threads/${threadID}/messages`, CursorPage<Message>, {
       query,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -67,7 +68,7 @@ export class Messages extends APIResource {
     options?: RequestOptions,
   ): APIPromise<MessageDeleted> {
     const { thread_id } = params;
-    return this._client.delete(`/threads/${thread_id}/messages/${messageID}`, {
+    return this._client.delete(path`/threads/${thread_id}/messages/${messageID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });

src/resources/beta/threads/runs/runs.ts

@@ -40,6 +40,7 @@ import { RequestOptions } from '../../../../internal/request-options';
 import { AssistantStream, RunCreateParamsBaseStream } from '../../../../lib/AssistantStream';
 import { sleep } from '../../../../internal/utils/sleep';
 import { RunSubmitToolOutputsParamsStream } from '../../../../lib/AssistantStream';
+import { path } from '../../../../internal/utils/path';
 
 export class Runs extends APIResource {
   steps: StepsAPI.Steps = new StepsAPI.Steps(this._client);
@@ -64,7 +65,7 @@ export class Runs extends APIResource {
     options?: RequestOptions,
   ): APIPromise<Run> | APIPromise<Stream<AssistantsAPI.AssistantStreamEvent>> {
     const { include, ...body } = params;
-    return this._client.post(`/threads/${threadID}/runs`, {
+    return this._client.post(path`/threads/${threadID}/runs`, {
       query: { include },
       body,
       ...options,
@@ -78,7 +79,7 @@ export class Runs extends APIResource {
    */
   retrieve(runID: string, params: RunRetrieveParams, options?: RequestOptions): APIPromise<Run> {
     const { thread_id } = params;
-    return this._client.get(`/threads/${thread_id}/runs/${runID}`, {
+    return this._client.get(path`/threads/${thread_id}/runs/${runID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -89,7 +90,7 @@ export class Runs extends APIResource {
    */
   update(runID: string, params: RunUpdateParams, options?: RequestOptions): APIPromise<Run> {
     const { thread_id, ...body } = params;
-    return this._client.post(`/threads/${thread_id}/runs/${runID}`, {
+    return this._client.post(path`/threads/${thread_id}/runs/${runID}`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -104,7 +105,7 @@ export class Runs extends APIResource {
     query: RunListParams | null | undefined = {},
     options?: RequestOptions,
   ): PagePromise<RunsPage, Run> {
-    return this._client.getAPIList(`/threads/${threadID}/runs`, CursorPage<Run>, {
+    return this._client.getAPIList(path`/threads/${threadID}/runs`, CursorPage<Run>, {
       query,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -116,7 +117,7 @@ export class Runs extends APIResource {
    */
   cancel(runID: string, params: RunCancelParams, options?: RequestOptions): APIPromise<Run> {
     const { thread_id } = params;
-    return this._client.post(`/threads/${thread_id}/runs/${runID}/cancel`, {
+    return this._client.post(path`/threads/${thread_id}/runs/${runID}/cancel`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -239,7 +240,7 @@ export class Runs extends APIResource {
     options?: RequestOptions,
   ): APIPromise<Run> | APIPromise<Stream<AssistantsAPI.AssistantStreamEvent>> {
     const { thread_id, ...body } = params;
-    return this._client.post(`/threads/${thread_id}/runs/${runID}/submit_tool_outputs`, {
+    return this._client.post(path`/threads/${thread_id}/runs/${runID}/submit_tool_outputs`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),

src/resources/beta/threads/runs/steps.ts

@@ -7,14 +7,15 @@ import { APIPromise } from '../../../../api-promise';
 import { CursorPage, type CursorPageParams, PagePromise } from '../../../../pagination';
 import { buildHeaders } from '../../../../internal/headers';
 import { RequestOptions } from '../../../../internal/request-options';
+import { path } from '../../../../internal/utils/path';
 
 export class Steps extends APIResource {
   /**
    * Retrieves a run step.
    */
   retrieve(stepID: string, params: StepRetrieveParams, options?: RequestOptions): APIPromise<RunStep> {
     const { thread_id, run_id, ...query } = params;
-    return this._client.get(`/threads/${thread_id}/runs/${run_id}/steps/${stepID}`, {
+    return this._client.get(path`/threads/${thread_id}/runs/${run_id}/steps/${stepID}`, {
       query,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -26,7 +27,7 @@ export class Steps extends APIResource {
    */
   list(runID: string, params: StepListParams, options?: RequestOptions): PagePromise<RunStepsPage, RunStep> {
     const { thread_id, ...query } = params;
-    return this._client.getAPIList(`/threads/${thread_id}/runs/${runID}/steps`, CursorPage<RunStep>, {
+    return this._client.getAPIList(path`/threads/${thread_id}/runs/${runID}/steps`, CursorPage<RunStep>, {
       query,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),

src/resources/beta/threads/threads.ts

@@ -72,6 +72,7 @@ import { Stream } from '../../../streaming';
 import { buildHeaders } from '../../../internal/headers';
 import { RequestOptions } from '../../../internal/request-options';
 import { AssistantStream, ThreadCreateAndRunParamsBaseStream } from '../../../lib/AssistantStream';
+import { path } from '../../../internal/utils/path';
 
 export class Threads extends APIResource {
   runs: RunsAPI.Runs = new RunsAPI.Runs(this._client);
@@ -92,7 +93,7 @@ export class Threads extends APIResource {
    * Retrieves a thread.
    */
   retrieve(threadID: string, options?: RequestOptions): APIPromise<Thread> {
-    return this._client.get(`/threads/${threadID}`, {
+    return this._client.get(path`/threads/${threadID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -102,7 +103,7 @@ export class Threads extends APIResource {
    * Modifies a thread.
    */
   update(threadID: string, body: ThreadUpdateParams, options?: RequestOptions): APIPromise<Thread> {
-    return this._client.post(`/threads/${threadID}`, {
+    return this._client.post(path`/threads/${threadID}`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -113,7 +114,7 @@ export class Threads extends APIResource {
    * Delete a thread.
    */
   delete(threadID: string, options?: RequestOptions): APIPromise<ThreadDeleted> {
-    return this._client.delete(`/threads/${threadID}`, {
+    return this._client.delete(path`/threads/${threadID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });

src/resources/beta/vector-stores/file-batches.ts

@@ -11,6 +11,7 @@ import { RequestOptions } from '../../../internal/request-options';
 import { sleep } from '../../../internal/utils/sleep';
 import { type Uploadable } from '../../../uploads';
 import { allSettledWithThrow } from '../../../lib/Util';
+import { path } from '../../../internal/utils/path';
 
 export class FileBatches extends APIResource {
   /**
@@ -21,7 +22,7 @@ export class FileBatches extends APIResource {
     body: FileBatchCreateParams,
     options?: RequestOptions,
   ): APIPromise<VectorStoreFileBatch> {
-    return this._client.post(`/vector_stores/${vectorStoreID}/file_batches`, {
+    return this._client.post(path`/vector_stores/${vectorStoreID}/file_batches`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -37,7 +38,7 @@ export class FileBatches extends APIResource {
     options?: RequestOptions,
   ): APIPromise<VectorStoreFileBatch> {
     const { vector_store_id } = params;
-    return this._client.get(`/vector_stores/${vector_store_id}/file_batches/${batchID}`, {
+    return this._client.get(path`/vector_stores/${vector_store_id}/file_batches/${batchID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -53,7 +54,7 @@ export class FileBatches extends APIResource {
     options?: RequestOptions,
   ): APIPromise<VectorStoreFileBatch> {
     const { vector_store_id } = params;
-    return this._client.post(`/vector_stores/${vector_store_id}/file_batches/${batchID}/cancel`, {
+    return this._client.post(path`/vector_stores/${vector_store_id}/file_batches/${batchID}/cancel`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -81,7 +82,7 @@ export class FileBatches extends APIResource {
   ): PagePromise<VectorStoreFilesPage, FilesAPI.VectorStoreFile> {
     const { vector_store_id, ...query } = params;
     return this._client.getAPIList(
-      `/vector_stores/${vector_store_id}/file_batches/${batchID}/files`,
+      path`/vector_stores/${vector_store_id}/file_batches/${batchID}/files`,
       CursorPage<FilesAPI.VectorStoreFile>,
       { query, ...options, headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]) },
     );

src/resources/beta/vector-stores/files.ts

@@ -8,6 +8,7 @@ import { buildHeaders } from '../../../internal/headers';
 import { RequestOptions } from '../../../internal/request-options';
 import { sleep } from '../../../internal/utils';
 import { Uploadable } from '../../../uploads';
+import { path } from '../../../internal/utils/path';
 
 export class Files extends APIResource {
   /**
@@ -20,7 +21,7 @@ export class Files extends APIResource {
     body: FileCreateParams,
     options?: RequestOptions,
   ): APIPromise<VectorStoreFile> {
-    return this._client.post(`/vector_stores/${vectorStoreID}/files`, {
+    return this._client.post(path`/vector_stores/${vectorStoreID}/files`, {
       body,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -36,7 +37,7 @@ export class Files extends APIResource {
     options?: RequestOptions,
   ): APIPromise<VectorStoreFile> {
     const { vector_store_id } = params;
-    return this._client.get(`/vector_stores/${vector_store_id}/files/${fileID}`, {
+    return this._client.get(path`/vector_stores/${vector_store_id}/files/${fileID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });
@@ -50,7 +51,7 @@ export class Files extends APIResource {
     query: FileListParams | null | undefined = {},
     options?: RequestOptions,
   ): PagePromise<VectorStoreFilesPage, VectorStoreFile> {
-    return this._client.getAPIList(`/vector_stores/${vectorStoreID}/files`, CursorPage<VectorStoreFile>, {
+    return this._client.getAPIList(path`/vector_stores/${vectorStoreID}/files`, CursorPage<VectorStoreFile>, {
       query,
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
@@ -69,7 +70,7 @@ export class Files extends APIResource {
     options?: RequestOptions,
   ): APIPromise<VectorStoreFileDeleted> {
     const { vector_store_id } = params;
-    return this._client.delete(`/vector_stores/${vector_store_id}/files/${fileID}`, {
+    return this._client.delete(path`/vector_stores/${vector_store_id}/files/${fileID}`, {
       ...options,
       headers: buildHeaders([{ 'OpenAI-Beta': 'assistants=v2' }, options?.headers]),
     });