Add support for Unframing SigV4 signed messages for Servers (#4356)

# SigV4 Event Stream Support for Server SDK

## Problem

Clients wrap event stream messages in SigV4 envelopes with signature
headers (`:chunk-signature`, `:date`), but servers couldn't parse these
signed messages because they expected the raw event shape, not the
envelope.

## Solution

Added server-side SigV4 event stream unsigning support that
automatically extracts inner messages from signed envelopes while
maintaining compatibility with unsigned messages.

## Implementation

### Type System Changes

Event stream types are wrapped to handle both signed and unsigned
messages:

- `Receiver<Events, Error>` → `Receiver<SignedEvent<Events>,
SignedEventError<Error>>`
- `SignedEvent<T>` provides access to both the inner message and
signature information
- `SignedEventError<E>` wraps both extraction errors and underlying
event errors

### Runtime Components

**SigV4Unmarshaller**: Wraps the base event stream unmarshaller to
handle SigV4 extraction:

```rust
impl<T: UnmarshallMessage> UnmarshallMessage for SigV4Unmarshaller<T> {
    type Output = SignedEvent<T::Output>;
    type Error = SignedEventError<T::Error>;
    
    fn unmarshall(&self, message: &Message) -> Result<...> {
        match extract_signed_message(message) {
            Ok(Signed { message: inner, signature }) => {
                // Process inner message with base unmarshaller
                self.inner.unmarshall(&inner).map(|event| SignedEvent {
                    message: event,
                    signature: Some(signature),
                })
            }
            Ok(Unsigned) => {
                // Process unsigned message directly  
                self.inner.unmarshall(message).map(|event| SignedEvent {
                    message: event,
                    signature: None,
                })
            }
            Err(err) => Ok(SignedEventError::InvalidSignedEvent(err))
        }
    }
}
```

### Code Generation Integration

**SigV4EventStreamDecorator**: 
- Detects services with `@sigv4` trait and event streams
- Wraps event stream types using `SigV4EventStreamSymbolProvider`
- Generates support structures (`SignedEvent`, `SigV4Unmarshaller`,
etc.)
- Injects unmarshaller wrapping via HTTP binding customizations

**HTTP Binding Customization**:
- Added `BeforeCreatingEventStreamReceiver` section to
`HttpBindingGenerator`
- Allows decorators to wrap the unmarshaller before `Receiver` creation
- Generates: `let unmarshaller = SigV4Unmarshaller::new(unmarshaller);`

### Usage

Server handlers receive `SignedEvent<T>` and extract the inner message:

```rust
async fn streaming_operation_handler(input: StreamingOperationInput) -> Result<...> {
    let event = input.events.recv().await?;
    if let Some(signed_event) = event {
        let actual_event = &signed_event.message;  // Extract inner message
        let signature_info = &signed_event.signature;  // Access signature if present
        // Process actual_event...
    }
}
```

## Testing

- Added `test_sigv4_signed_event_stream` that sends SigV4-wrapped events
- Verifies both signed and unsigned messages work correctly
- All existing event stream tests continue to pass

## Architecture Benefits

- **Backward Compatible**: Unsigned messages work unchanged
- **Type Safe**: Compile-time guarantees about message structure  
- **Extensible**: Pattern can be applied to other authentication schemes
- **Minimal Impact**: Only affects services with `@sigv4` trait and
event streams

## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [ ] For changes to the smithy-rs codegen or runtime crates, I have
created a changelog entry Markdown file in the `.changelog` directory,
specifying "client," "server," or both in the `applies_to` key.
- [ ] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._

Author: rcoh

.changelog/1761080224.md

@@ -0,0 +1,13 @@
+---
+applies_to:
+- server
+authors:
+- rcoh
+references: ["smithy-rs#4356"]
+breaking: true
+new_feature: true
+bug_fix: false
+---
+Parse EventStream signed-frames for servers marked with `@sigv4`.
+
+This is a breaking change, because events from SigV4 services are wrapped in a SignedEvent frame.

AGENTS.md

@@ -48,6 +48,26 @@ operation MyOperation {
 - **`codegen-core/common-test-models/constraints.smithy`** - Constraint validation tests with restJson1
 - **`codegen-client-test/model/main.smithy`** - awsJson1_1 protocol tests
 
+### httpQueryParams Bug Investigation
+
+When investigating the `@httpQueryParams` bug (where query parameters weren't appearing in requests), the issue was in `RequestBindingGenerator.kt` line 173. The bug occurred when:
+
+1. An operation had ONLY `@httpQueryParams` (no regular `@httpQuery` parameters)
+2. The condition `if (dynamicParams.isEmpty() && literalParams.isEmpty() && mapParams.isEmpty())` would skip generating the `uri_query` function
+
+The fix was to ensure `mapParams.isEmpty()` was included in the condition check. The current implementation correctly generates query parameters for `@httpQueryParams` even when no other query parameters exist.
+
+**Testing httpQueryParams**: Create operations with only `@httpQueryParams` to ensure they generate proper query strings in requests.
+
+## rustTemplate Formatting
+
+**CRITICAL**: Because `#` is the formatting character in `rustTemplate`, Rust attributes must be escaped:
+
+❌ Wrong: `#[derive(Debug)]`
+✅ Correct: `##[derive(Debug)]`
+
+This applies to ALL Rust attributes: `##[non_exhaustive]`, `##[derive(...)]`, `##[cfg(...)]`, etc.
+
 ## preludeScope: Rust Prelude Types
 
 **Always use `preludeScope` for Rust prelude types:**

codegen-core/common-test-models/rpcv2Cbor-extras.smithy

@@ -6,8 +6,10 @@ use smithy.framework#ValidationException
 use smithy.protocols#rpcv2Cbor
 use smithy.test#httpResponseTests
 use smithy.test#httpMalformedRequestTests
+use aws.auth#sigv4
 
 @rpcv2Cbor
+@sigv4(name: "rpcv2-cbor")
 service RpcV2CborService {
     operations: [
         SimpleStructOperation

codegen-core/src/main/kotlin/software/amazon/smithy/rust/codegen/core/smithy/SymbolExt.kt

@@ -83,9 +83,14 @@ fun Symbol.makeMaybeConstrained(): Symbol =
  * WARNING: This function does not update any symbol references (e.g., `symbol.addReference()`) on the
  * returned symbol. You will have to add those yourself if your logic relies on them.
  **/
-fun Symbol.mapRustType(f: (RustType) -> RustType): Symbol {
+fun Symbol.mapRustType(
+    vararg dependencies: RuntimeType,
+    f: (RustType) -> RustType,
+): Symbol {
     val newType = f(this.rustType())
-    return Symbol.builder().rustType(newType)
+    val builder = this.toBuilder()
+    dependencies.forEach { builder.addReference(it.toSymbol()) }
+    return builder.rustType(newType)
         .name(newType.name)
         .build()
 }

codegen-core/src/main/kotlin/software/amazon/smithy/rust/codegen/core/smithy/generators/http/HttpBindingGenerator.kt

@@ -96,6 +96,12 @@ sealed class HttpBindingSection(name: String) : Section(name) {
 
     data class AfterDeserializingIntoADateTimeOfHttpHeaders(val memberShape: MemberShape) :
         HttpBindingSection("AfterDeserializingIntoADateTimeOfHttpHeaders")
+
+    data class BeforeCreatingEventStreamReceiver(
+        val operationShape: OperationShape,
+        val unionShape: UnionShape,
+        val unmarshallerVariableName: String,
+    ) : HttpBindingSection("BeforeCreatingEventStreamReceiver")
 }
 
 typealias HttpBindingCustomization = NamedCustomization<HttpBindingSection>
@@ -272,11 +278,27 @@ class HttpBindingGenerator(
         rustTemplate(
             """
             let unmarshaller = #{unmarshallerConstructorFn}();
+            """,
+            "unmarshallerConstructorFn" to unmarshallerConstructorFn,
+        )
+
+        // Allow customizations to wrap the unmarshaller
+        for (customization in customizations) {
+            customization.section(
+                HttpBindingSection.BeforeCreatingEventStreamReceiver(
+                    operationShape,
+                    targetShape,
+                    "unmarshaller",
+                ),
+            )(this)
+        }
+
+        rustTemplate(
+            """
             let body = std::mem::replace(body, #{SdkBody}::taken());
             Ok(#{receiver:W})
             """,
             "SdkBody" to RuntimeType.sdkBody(runtimeConfig),
-            "unmarshallerConstructorFn" to unmarshallerConstructorFn,
             "receiver" to
                 writable {
                     if (codegenTarget == CodegenTarget.SERVER) {

codegen-server-test/integration-tests/Cargo.lock

@@ -143,13 +143,15 @@ async fn streaming_operation_handler(
     state.lock().unwrap().streaming_operation.num_calls += 1;
     let ev = input.events.recv().await;
 
-    if let Ok(Some(event)) = &ev {
+    if let Ok(Some(signed_event)) = &ev {
+        // Extract the actual event from the SignedEvent wrapper
+        let actual_event = &signed_event.message;
         state
             .lock()
             .unwrap()
             .streaming_operation
             .events
-            .push(event.clone());
+            .push(actual_event.clone());
     }
 
     Ok(output::StreamingOperationOutput::builder()
@@ -174,13 +176,15 @@ async fn streaming_operation_with_initial_data_handler(
 
     let ev = input.events.recv().await;
 
-    if let Ok(Some(event)) = &ev {
+    if let Ok(Some(signed_event)) = &ev {
+        // Extract the actual event from the SignedEvent wrapper
+        let actual_event = &signed_event.message;
         state
             .lock()
             .unwrap()
             .streaming_operation_with_initial_data
             .events
-            .push(event.clone());
+            .push(actual_event.clone());
     }
 
     Ok(output::StreamingOperationWithInitialDataOutput::builder()
@@ -229,7 +233,7 @@ async fn streaming_operation_with_optional_data_handler(
             .unwrap()
             .streaming_operation_with_optional_data
             .events
-            .push(event.clone());
+            .push(event.message.clone());
     }
 
     Ok(output::StreamingOperationWithOptionalDataOutput::builder()
@@ -348,6 +352,39 @@ fn build_event(event_type: &str) -> Message {
     Message::new_from_parts(headers, empty_cbor)
 }
 
+fn build_sigv4_signed_event(event_type: &str) -> Message {
+    use aws_smithy_eventstream::frame::write_message_to;
+    use std::time::{SystemTime, UNIX_EPOCH};
+
+    // Build the inner event message
+    let inner_event = build_event(event_type);
+
+    // Serialize the inner message to bytes
+    let mut inner_bytes = Vec::new();
+    write_message_to(&inner_event, &mut inner_bytes).unwrap();
+
+    // Create the SigV4 envelope with signature headers
+    let timestamp = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap()
+        .as_secs();
+
+    let headers = vec![
+        Header::new(
+            ":chunk-signature",
+            HeaderValue::ByteArray(Bytes::from(
+                "example298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+            )),
+        ),
+        Header::new(
+            ":date",
+            HeaderValue::Timestamp(aws_smithy_types::DateTime::from_secs(timestamp as i64)),
+        ),
+    ];
+
+    Message::new_from_parts(headers, Bytes::from(inner_bytes))
+}
+
 fn get_event_type(msg: &Message) -> &str {
     msg.headers()
         .iter()
@@ -439,6 +476,24 @@ async fn test_streaming_operation_with_initial_data_missing() {
     );
 }
 
+/// Test that the server can handle SigV4 signed event stream messages.
+/// The client wraps the actual event in a SigV4 envelope with signature headers.
+#[tokio::test]
+async fn test_sigv4_signed_event_stream() {
+    let mut harness = TestHarness::new("StreamingOperation").await;
+
+    // Send a SigV4 signed event - the inner message is wrapped in an envelope
+    let signed_event = build_sigv4_signed_event("A");
+    harness.client.send(signed_event).await.unwrap();
+
+    let resp = harness.expect_message().await;
+    assert_eq!(get_event_type(&resp), "A");
+    assert_eq!(
+        harness.server.streaming_operation_events(),
+        vec![Events::A(Event {})]
+    );
+}
+
 /// Test that when alwaysSendEventStreamInitialResponse is disabled, no initial-response is sent
 #[tokio::test]
 async fn test_server_no_initial_response_when_disabled() {

codegen-server-test/integration-tests/eventstreams/tests/structured_eventstream_tests.rs

@@ -62,7 +62,7 @@ class TsServerCodegenVisitor(
             ServerProtocolLoader(
                 codegenDecorator.protocols(
                     service.id,
-                    ServerProtocolLoader.DefaultProtocols,
+                    ServerProtocolLoader.defaultProtocols(),
                 ),
             )
                 .protocolFor(context.model, service)

codegen-server/codegen-server-typescript/src/main/kotlin/software/amazon/smithy/rust/codegen/server/typescript/smithy/TsServerCodegenVisitor.kt

@@ -19,6 +19,7 @@ import software.amazon.smithy.rust.codegen.core.smithy.StreamingShapeSymbolProvi
 import software.amazon.smithy.rust.codegen.core.smithy.SymbolVisitor
 import software.amazon.smithy.rust.codegen.server.smithy.customizations.CustomValidationExceptionWithReasonDecorator
 import software.amazon.smithy.rust.codegen.server.smithy.customizations.ServerRequiredCustomizations
+import software.amazon.smithy.rust.codegen.server.smithy.customizations.SigV4EventStreamDecorator
 import software.amazon.smithy.rust.codegen.server.smithy.customizations.SmithyValidationExceptionDecorator
 import software.amazon.smithy.rust.codegen.server.smithy.customizations.UserProvidedValidationExceptionDecorator
 import software.amazon.smithy.rust.codegen.server.smithy.customize.CombinedServerCodegenDecorator
@@ -54,6 +55,7 @@ class RustServerCodegenPlugin : ServerDecoratableBuildPlugin() {
                 UserProvidedValidationExceptionDecorator(),
                 SmithyValidationExceptionDecorator(),
                 CustomValidationExceptionWithReasonDecorator(),
+                SigV4EventStreamDecorator(),
                 *decorator,
             )
         logger.info("Loaded plugin to generate pure Rust bindings for the server SDK")

codegen-server/src/main/kotlin/software/amazon/smithy/rust/codegen/server/smithy/RustServerCodegenPlugin.kt

@@ -124,18 +124,7 @@ open class ServerCodegenVisitor(
 
         val baseModel = baselineTransform(context.model)
         val service = settings.getService(baseModel)
-        val (protocolShape, protocolGeneratorFactory) =
-            ServerProtocolLoader(
-                codegenDecorator.protocols(
-                    service.id,
-                    ServerProtocolLoader.DefaultProtocols,
-                ),
-            )
-                .protocolFor(context.model, service)
-        this.protocolGeneratorFactory = protocolGeneratorFactory
-
         model = codegenDecorator.transformModel(service, baseModel, settings)
-
         val serverSymbolProviders =
             ServerSymbolProviders.from(
                 settings,
@@ -146,7 +135,19 @@ open class ServerCodegenVisitor(
                 codegenDecorator,
                 RustServerCodegenPlugin::baseSymbolProvider,
             )
-
+        val (protocolShape, protocolGeneratorFactory) =
+            ServerProtocolLoader(
+                codegenDecorator.protocols(
+                    service.id,
+                    ServerProtocolLoader.defaultProtocols { it ->
+                        codegenDecorator.httpCustomizations(
+                            serverSymbolProviders.symbolProvider,
+                            it,
+                        )
+                    },
+                ),
+            )
+                .protocolFor(context.model, service)
         codegenContext =
             ServerCodegenContext(
                 model,
@@ -160,6 +161,7 @@ open class ServerCodegenVisitor(
                 serverSymbolProviders.constraintViolationSymbolProvider,
                 serverSymbolProviders.pubCrateConstrainedShapeSymbolProvider,
             )
+        this.protocolGeneratorFactory = protocolGeneratorFactory
 
         // We can use a not-null assertion because [CombinedServerCodegenDecorator] returns a not null value.
         validationExceptionConversionGenerator = codegenDecorator.validationExceptionConversion(codegenContext)!!