Skip to content

Fix URI encoding to preserve RFC 3986 unreserved characters in Aliyun signature #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
daflyinbed merged 6 commits into from
Jan 18, 2026
Merged

Fix URI encoding to preserve RFC 3986 unreserved characters in Aliyun signature #12

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
58e0e76
Initial plan
Copilot Jan 17, 2026
de91586
Fix URI encoding to preserve unreserved characters (-, _, ., ~)
Copilot Jan 17, 2026
0ff7ddf
Improve documentation comment for FRAGMENT encoding set
Copilot Jan 17, 2026
19a21d2
Add test case for path separator preservation in URI canonicalization
Copilot Jan 17, 2026
fd99100
Enhance documentation for FRAGMENT encoding set with detailed charact…
Copilot Jan 17, 2026
8a14c91
Use NON_ALPHANUMERIC.remove() to exclude unreserved characters
Copilot Jan 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 70 additions & 4 deletions src/aliyun/signature.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
use anyhow::{Context, Result};
use chrono::Utc;
use percent_encoding::{NON_ALPHANUMERIC, percent_encode};
use percent_encoding::{AsciiSet, NON_ALPHANUMERIC, percent_encode};
use rand::RngCore;
use sha2::{Digest, Sha256};
use std::collections::BTreeMap;

/// RFC 3986 unreserved characters: ALPHA / DIGIT / "-" / "_" / "." / "~"
/// These characters should NOT be percent-encoded.
const UNRESERVED: &AsciiSet = &NON_ALPHANUMERIC
.remove(b'-')
.remove(b'_')
.remove(b'.')
.remove(b'~');

/// Aliyun OpenAPI V3 signature generator (ACS3-HMAC-SHA256)
///
/// Docs: https://help.aliyun.com/zh/sdk/product-overview/v3-request-structure-and-signature
Expand Down Expand Up @@ -58,8 +66,8 @@ impl AliyunSigner {
.map(|(k, v)| {
format!(
"{}={}",
percent_encode(k.as_bytes(), NON_ALPHANUMERIC),
percent_encode(v.as_bytes(), NON_ALPHANUMERIC)
percent_encode(k.as_bytes(), UNRESERVED),
percent_encode(v.as_bytes(), UNRESERVED)
)
})
.collect::<Vec<_>>()
Expand All @@ -84,7 +92,7 @@ impl AliyunSigner {
out.push_str(
&trimmed
.split('/')
.map(|segment| percent_encode(segment.as_bytes(), NON_ALPHANUMERIC).to_string())
.map(|segment| percent_encode(segment.as_bytes(), UNRESERVED).to_string())
.collect::<Vec<_>>()
.join("/"),
);
Expand Down Expand Up @@ -336,4 +344,62 @@ mod tests {
"06563a9e1b43f5dfe96b81484da74bceab24a1d853912eee15083a6f0f3283c0"
);
}

#[test]
fn test_canonicalize_uri_with_unreserved_chars() {
// Test that unreserved characters (-, _, ., ~) are NOT percent-encoded
assert_eq!(
AliyunSigner::canonicalize_uri("/path-with_dots.and~tilde"),
"/path-with_dots.and~tilde"
);

// Test with multiple segments
assert_eq!(
AliyunSigner::canonicalize_uri("/api/v1.0/user_name-123~test"),
"/api/v1.0/user_name-123~test"
);

// Test that special characters ARE encoded
assert_eq!(
AliyunSigner::canonicalize_uri("/path with spaces"),
"/path%20with%20spaces"
);

// Test mixed case
assert_eq!(
AliyunSigner::canonicalize_uri("/valid-_.~/but spaces"),
"/valid-_.~/but%20spaces"
);

// Test that path separators (/) are preserved and not encoded
assert_eq!(
AliyunSigner::canonicalize_uri("/path/to/resource"),
"/path/to/resource"
);
}

#[test]
fn test_build_canonical_query_string_with_unreserved_chars() {
// Test that unreserved characters (-, _, ., ~) are NOT percent-encoded
let mut params = BTreeMap::new();
params.insert("key-1".to_string(), "value_1".to_string());
params.insert("key.2".to_string(), "value.2".to_string());
params.insert("key~3".to_string(), "value~3".to_string());

let result = AliyunSigner::build_canonical_query_string(&params);
// BTreeMap orders keys alphabetically
assert_eq!(result, "key-1=value_1&key.2=value.2&key~3=value~3");

// Test that special characters ARE encoded
let mut params2 = BTreeMap::new();
params2.insert("key with space".to_string(), "value with space".to_string());
let result2 = AliyunSigner::build_canonical_query_string(&params2);
assert_eq!(result2, "key%20with%20space=value%20with%20space");

// Test mixed case
let mut params3 = BTreeMap::new();
params3.insert("valid-_~.key".to_string(), "needs encoding!".to_string());
let result3 = AliyunSigner::build_canonical_query_string(&params3);
assert_eq!(result3, "valid-_~.key=needs%20encoding%21");
}
}