Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: url-encode cache name and key in presigned urls #44

Merged
merged 2 commits into from
Apr 13, 2022
Merged

fix: url-encode cache name and key in presigned urls #44

merged 2 commits into from
Apr 13, 2022

Conversation

wandaitzuchen
Copy link
Contributor

Closes #43

virratanasangpunth
virratanasangpunth reviewed Apr 13, 2022
View reviewed changes
MomentoTest/MomentoSignerTest.cs Outdated
Comment on lines 79 to 85
var url = signer.CreatePresignedUrl("foobar.com", new SigningRequest("testCacheName", "///", CacheOperation.GET, expiryEpochSeconds));

Uri uriResult;
bool result = Uri.TryCreate(url, UriKind.Absolute, out uriResult);
Assert.True(result);
Assert.Equal(Uri.UriSchemeHttps, uriResult.Scheme);
Assert.StartsWith("https://foobar.com/cache/get/testCacheName/%2f%2f%2f?token=", url);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we do a more exhaustive test? I know some library won't percent encode / char.

e.g. momentohq/client-sdk-python@262ac0f#diff-5f9e7ab8de4ab1f67260ff9b6ad5a4b3a46f4e469c2f7a6f30fee41d2fc8bb40R96

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to encode !, *, ( and ) (.NET actually won't convert them https://docs.microsoft.com/en-us/dotnet/api/system.net.webutility.urlencode?view=net-6.0#remarks)

Tested with a token for "key": "._-*!()", it worked without url-encoding them.

curl https://cache.developer-wanda-dev.preprod.a.momentohq.com/cache/set/cache/._-\*\!\(\)\?token\=eyJhbGciOiJSUzI1NiIsImtpZCI6Imx5anp3ZGF2bSJ9.eyJjYWNoZSI6ImNhY2hlIiwibWV0aG9kIjpbIkdFVCIsIlNFVCJdLCJleHAiOjI2NDk4MDU2MjUsInR0bCI6MzYwMCwia2V5IjoiLl8tKiEoKSJ9.JCrQ6GtrRrQSzNioF5EU_xcY9v1xpOPMKl1JnS5UAgSbAyU6wAFGE8r0UwxIxNDNEKPRmgy84w97gZavJAf3nCJpHOPP9GAKm5ipQhK-ZCZbt6Ok9IvRnX_Uc23-aiDH10av0QwybQ8l-GTbCkE7U-biWihzD5Yv35zBzkpUOf-fgCzSUIR3PyspcrTE483dDowc_nYbSXJjfZzwdhZa1Yk8hRy4TAWMjh8LHqW2wZ-e8lQpnRbdt7NVtD7KjPQaL0GNNd4yjO33bcak2LqDCTJDQtjtfwk_DkpcU46SCw9fh9nhhRzW6BuWn0BaqUt8oatWHGLCOrAMCqwLsyO3mA\&ttl_milliseconds\=3600000 -d '"'`echo something | base64`'"'
{
 "result": "Ok",
 "message": ""
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw in the python SDK example (e.g. https://github.com/momentohq/client-sdk-python/blob/main/tests/test_momento_signer.py#L86) I think we need to escape \?
%5C (i.e. encoded \) is missing here https://github.com/momentohq/client-sdk-python/blob/main/tests/test_momento_signer.py#L92

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh ha good catch, I need to double-escape that backslash.
image

@wandaitzuchen wandaitzuchen merged commit c146877 into main Apr 13, 2022
@wandaitzuchen wandaitzuchen deleted the signing_key branch April 13, 2022 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@virratanasangpunth virratanasangpunth virratanasangpunth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: url-encode cacheName/cacheKey when generating the pre-signed urls.
2 participants
@wandaitzuchen @virratanasangpunth