oci-api-php-request-sign icon indicating copy to clipboard operation
oci-api-php-request-sign copied to clipboard
verified publisher icon hitrov

Help with "weird" characters in url

Open rforced opened this issue 2 months ago • 2 comments

Hello,

I have a question about having "weird" characters in an object storage call. Sometimes files will have characters such as ' ', '+', '(', and ')' in the name.

When you submit a DELETE request to remove a file, if I pass in the encoded url, I get a failure on OCI's end, likely saying the signature is not valid. Would you be able to help with what's causing this? I've listed an example request below (with some data replaced)

[2025-11-06 00:19:18] local.DEBUG: >>>>>>>>
DELETE /n/NAMESPACE/b/BUCKETNAME/o/testasdf/asdfasd.fasdf%20-%20(Copy).txt HTTP/1.1
User-Agent: GuzzleHttp/7
date: Thu, 06 Nov 2025 00:19:18 GMT
host: objectstorage.us-ashburn-1.oraclecloud.com
Authorization: Signature version="SIGNATURE"
opc-retry-token: RETRY_TOKEN

<<<<<<<<
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Casper realm="AUTH_casper"
Content-Type: application/json
Content-Length: 109
date: Thu, 06 Nov 2025 00:19:17 GMT
opc-request-id: REQUEST_ID
x-api-id: native
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-type,date,opc-client-info,opc-request-id,strict-transport-security,www-authenticate,x-api-id,x-content-type-options

{"code":"NotAuthenticated","message":"The required information to complete authentication was not provided."

rforced avatar Nov 06 '25 00:11 rforced

I managed to at least PutObject using this


$encodedObjectName = rawurlencode($objectName);

$baseUrl = "https://objectstorage.$config->region.oraclecloud.com/n/$namespaceName/b/$bucketName/o/$encodedObjectName";

// ...

$signer = new Signer(
    $config->tenancyId,
    $config->ociUserId,
    $config->keyFingerPrint,
    $config->privateKeyFilename
);

$headers = $signer->getHeaders($url, 'PUT', $body, $contentType);

$curlOptions = [
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_MAXREDIRS => 1,
    CURLOPT_TIMEOUT => 10,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => $method,
    CURLOPT_HTTPHEADER => $headers,
];

if ($body) {
    $curlOptions[CURLOPT_POSTFIELDS] = $body;
}

hitrov avatar Nov 07 '25 17:11 hitrov

DeleteObject also worked, I tested with names foo with spaces.txt and foo+with+spaces.txt and encoded them as above

hitrov avatar Nov 07 '25 18:11 hitrov