(opendal-reqsign) branch main updated: fix(aliyun-oss): avoid duplicated bucket in canonicalized resource for path-style (#692)

Thu, 26 Feb 2026 05:15:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/opendal-reqsign.git


The following commit(s) were added to refs/heads/main by this push:
     new f2942b0  fix(aliyun-oss): avoid duplicated bucket in canonicalized 
resource for path-style (#692)
f2942b0 is described below

commit f2942b0b5ffdca472ee589e17d9272bf6244c052
Author: Changxin Miao <[email protected]>
AuthorDate: Thu Feb 26 21:15:00 2026 +0800

    fix(aliyun-oss): avoid duplicated bucket in canonicalized resource for 
path-style (#692)
    
    When using PrivateLink to access OSS, users must use the path-style
    access method. For more information, see
    
    https://help.aliyun.com/zh/oss/user-guide/access-oss-via-privatelink-network
    
    But `reqsign` currently does not support path-style signature, it always
    duplicates the bucket name in the path, which causes signature failure.
    A valid string to sign should be like:
    ```
    GET
    
    
    Wed, 25 Feb 2026 13:53:35 GMT
    /test-bucket/
    ```
    
    whereas the current code signs this:
    ```
    GET
    
    
    Wed, 25 Feb 2026 13:52:33 GMT
    /test-bucket/test-bucket
    ```
---
 services/aliyun-oss/src/sign_request.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/services/aliyun-oss/src/sign_request.rs 
b/services/aliyun-oss/src/sign_request.rs
index cdc4802..7884ad8 100644
--- a/services/aliyun-oss/src/sign_request.rs
+++ b/services/aliyun-oss/src/sign_request.rs
@@ -321,7 +321,15 @@ impl RequestSigner {
 
         // Build resource string
         let decoded_path = 
percent_encoding::percent_decode_str(path).decode_utf8_lossy();
-        let resource_path = format!("/{}{}", self.bucket, decoded_path);
+        let authority = req.uri.authority().map(|v| v.as_str()).unwrap_or("");
+        let is_virtual_host = authority.starts_with(&format!("{}.", 
self.bucket));
+
+        let resource_path = if is_virtual_host {
+            format!("/{}{}", self.bucket, decoded_path)
+        } else {
+            // Path-style addressing already includes bucket in request path: 
http://endpoint/<bucket>/<object>, do not repeat
+            decoded_path.to_string()
+        };
 
         if query_pairs.is_empty() {
             resource_path

Reply via email to