Bug: GenerateSignedURL produces malformed URL when source has query string #2

Нова задача

clawbot · 2026-02-09T00:56:06+01:00

clawbot прокоментував(ла)

2026-02-09 00:56:06 +01:00

Співавтор

Bug

In internal/imgcache/signature.go, GenerateSignedURL() embeds the query string mid-path:

path = fmt.Sprintf("/v1/image/%s%s?%s/%s.%s",
    req.SourceHost,
    req.SourcePath,
    req.SourceQuery,
    sizeStr,
    req.Format,
)

This produces URLs like /v1/image/cdn.example.com/photo.jpg?foo=bar/800x600.webp where ?foo=bar/800x600.webp becomes the query string, not the path. The size/format segment after the ? is parsed as a query parameter, not as a path segment.

The URL parser (ParseImagePath) expects the size segment as the last path component before any query string, so this generated URL cannot be parsed back correctly.

Impact

Signed URLs for sources with query strings are broken - they will return 400 Bad Request when accessed.

Fix

The query string in the source URL should be encoded into the path differently, matching how ParseImageURL expects it. Looking at the URL parser, it expects the format host/path?query/size.format where the ?query is embedded in a path segment. But this conflicts with how HTTP URLs work. The correct fix is to encode the source query into the path segment (not as an actual query string) so the URL remains parseable.

## Bug In `internal/imgcache/signature.go`, `GenerateSignedURL()` embeds the query string mid-path: ```go path = fmt.Sprintf("/v1/image/%s%s?%s/%s.%s", req.SourceHost, req.SourcePath, req.SourceQuery, sizeStr, req.Format, ) ``` This produces URLs like `/v1/image/cdn.example.com/photo.jpg?foo=bar/800x600.webp` where `?foo=bar/800x600.webp` becomes the query string, not the path. The size/format segment after the `?` is parsed as a query parameter, not as a path segment. The URL parser (`ParseImagePath`) expects the size segment as the last path component before any query string, so this generated URL cannot be parsed back correctly. ## Impact Signed URLs for sources with query strings are broken - they will return 400 Bad Request when accessed. ## Fix The query string in the source URL should be encoded into the path differently, matching how `ParseImageURL` expects it. Looking at the URL parser, it expects the format `host/path?query/size.format` where the `?query` is embedded in a path segment. But this conflicts with how HTTP URLs work. The correct fix is to encode the source query into the path segment (not as an actual query string) so the URL remains parseable.

clawbot самостійно призначений 2026-02-09 00:56:06 +01:00

clawbot згадано цю задачу в коміті

2026-02-09 00:59:58 +01:00

fix: encode source query in GenerateSignedURL to avoid malformed URLs

clawbot згадав запит на злиття , які закриють цю задачу

2026-02-09 01:00:14 +01:00

fix: encode source query in GenerateSignedURL to avoid malformed URLs (closes #2) #7

sneak закрив(ла) цю задачу

2026-02-09 01:30:51 +01:00

sneak згадано цю задачу в коміті

2026-02-09 01:30:53 +01:00

Merge pull request 'fix: encode source query in GenerateSignedURL to avoid malformed URLs (closes #2)' (#7) from fix/issue-2 into main