gateway icon indicating copy to clipboard operation
gateway copied to clipboard
verified publisher icon apex

Query parameters get reencoded for GET requests

Open funyug opened this issue 5 years ago • 11 comments

When someone makes a GET request with encoded query parameters like ?phone=%2B919999999999 It is reencoded by the NewRequest function in the package to ?phone=%252B919999999999

which cannot be decoded back to the original +919999999999 resulting in issues with go's inbuilt r.URL.Query() and other functions.

funyug avatar Dec 03 '20 12:12 funyug

There is a test that checks URL query encoding: https://github.com/apex/gateway/blob/master/request_test.go#L38

Are you sure the request itself isn't double encoded? Gateway should be properly decoding things AFAICT.

earthboundkid avatar Dec 03 '20 14:12 earthboundkid

This test is testing the request with a prefilled APIGatewayProxyRequest object. The double encoding is happening because querystring is being encoded again before filling the APIGatewayProxyRequest: https://github.com/apex/gateway/blob/46d1104cd6db3bb9e0c0dcde71ddf15db8d87cf1/request.go#L33

funyug avatar Dec 03 '20 15:12 funyug

I'm not sure I follow. RawQuery is supposed to have % stuff in it. If you want the version without % encoding, do u.Query().Get("phone").

It sounds like the issue is that the parameters are already percent encoded in APIGatewayProxyRequest, which AFAICT is wrong.

earthboundkid avatar Dec 03 '20 16:12 earthboundkid

So let me explain it this way:

I have a url something.com I want to send a phone number +919999999999 in the query string The frontend encodes the url with query parameters on its end before making the request. The resulting url is: https://something.com?phone=%2B919999999999

The NewRequest function reencodes this url making this: https://something.com?phone=%252B919999999999

Now running u.Query().Get("phone") will get me: %2B919999999999 instead of +919999999999

funyug avatar Dec 03 '20 16:12 funyug

It sounds like the issue is that the parameters are already percent encoded in APIGatewayProxyRequest, which AFAICT is wrong.

From my understanding, the frontend does encode all query parameters before making the request which is the standard. That is why the inbuilt URL.Query() function in go's request library decodes them automatically.

funyug avatar Dec 03 '20 16:12 funyug

Yes, the raw URL should have percentages in it. APIGatewayProxyRequest is not a raw URL. The percentages should already have been turned into decoded values when being added to event.QueryStringParameters by AWS itself. That's why they need to be reencoded for the Request.URL.

earthboundkid avatar Dec 03 '20 17:12 earthboundkid

Just checked. They aren't being decoded by AWS.

funyug avatar Dec 03 '20 18:12 funyug

I've been looking but can't find any documentation. Did you find AWS documentation? Or just do an experimental setup? If an experiment, what does you gateway look like?

earthboundkid avatar Dec 03 '20 18:12 earthboundkid

I did an experimental setup. I don't use api gateway instead I have a load balancer that directly calls the lambda application via target groups

funyug avatar Dec 03 '20 18:12 funyug

I think your LB needs to do the decoding then before it builds the JSON.

earthboundkid avatar Dec 03 '20 18:12 earthboundkid

I don't think that can be done with AWS's ALBs. Does the api gateway decode the query string before making the request to lambda?

funyug avatar Dec 03 '20 18:12 funyug