auth: disable uri path escaping for presigned URLs

Closes #1046. Signed-off-by: Evgenii Baidakov <evgenii@nspcc.io>
nspcc-dev · Dec 18, 2024 · 1b4d0e3 · 1b4d0e3
1 parent b0ac82c
commit 1b4d0e3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ This document outlines major changes between releases.
 ### Added
 
 ### Changed
+- Disable URI path escaping for presigned URLs (#1046)
 
 ### Fixed
 

diff --git a/api/auth/center.go b/api/auth/center.go
@@ -316,6 +316,7 @@ func cloneRequest(r *http.Request, authHeader *authHeader) *http.Request {
 func (c *center) checkSign(authHeader *authHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
 	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "")
 	signer := v4amz.NewSigner(awsCreds)
+	signer.DisableURIPathEscaping = true
 
 	var signature string
 	if authHeader.IsPresigned {
@@ -331,7 +332,6 @@ func (c *center) checkSign(authHeader *authHeader, box *accessbox.Box, request *
 		}
 		signature = request.URL.Query().Get(AmzSignature)
 	} else {
-		signer.DisableURIPathEscaping = true
 		if _, err := signer.Sign(request, nil, authHeader.Service, authHeader.Region, signatureDateTime); err != nil {
 			return fmt.Errorf("failed to sign temporary HTTP request: %w", err)
 		}