Query parameters get reencoded for GET requests

[funyug]

When someone makes a GET request with encoded query parameters like
?phone=%2B919999999999
It is reencoded by the NewRequest function in the package to
?phone=%252B919999999999

which cannot be decoded back to the original +919999999999 resulting in issues with go's inbuilt r.URL.Query() and other functions.

[earthboundkid]

There is a test that checks URL query encoding: https://github.com/apex/gateway/blob/master/request_test.go#L38

Are you sure the request itself isn't double encoded? Gateway should be properly decoding things AFAICT.

[funyug]

This test is testing the request with a prefilled APIGatewayProxyRequest object. The double encoding is happening because querystring is being encoded again before filling the APIGatewayProxyRequest:

gateway/request.go

Line 33 in 46d1104

u.RawQuery = q.Encode()

[earthboundkid]

I'm not sure I follow. RawQuery is supposed to have % stuff in it. If you want the version without % encoding, do u.Query().Get("phone").

It sounds like the issue is that the parameters are already percent encoded in APIGatewayProxyRequest, which AFAICT is wrong.

[funyug]

So let me explain it this way:

I have a url something.com
I want to send a phone number +919999999999 in the query string
The frontend encodes the url with query parameters on its end before making the request. The resulting url is:
https://something.com?phone=%2B919999999999

The NewRequest function reencodes this url making this:
https://something.com?phone=%252B919999999999

Now running u.Query().Get("phone") will get me: %2B919999999999 instead of +919999999999

[funyug]

It sounds like the issue is that the parameters are already percent encoded in APIGatewayProxyRequest, which AFAICT is wrong.

From my understanding, the frontend does encode all query parameters before making the request which is the standard. That is why the inbuilt URL.Query() function in go's request library decodes them automatically.

[earthboundkid]

Yes, the raw URL should have percentages in it. APIGatewayProxyRequest is not a raw URL. The percentages should already have been turned into decoded values when being added to event.QueryStringParameters by AWS itself. That's why they need to be reencoded for the Request.URL.

[funyug]

Just checked. They aren't being decoded by AWS.

[earthboundkid]

I've been looking but can't find any documentation. Did you find AWS documentation? Or just do an experimental setup? If an experiment, what does you gateway look like?

[funyug]

I did an experimental setup. I don't use api gateway instead I have a load balancer that directly calls the lambda application via target groups

[earthboundkid]

I think your LB needs to do the decoding then before it builds the JSON.

[funyug]

I don't think that can be done with AWS's ALBs. Does the api gateway decode the query string before making the request to lambda?