fix: Prevent double-encoded presigned urls from s3

[AdrianCurtin]

se the unencoded file name instead of the encoded one to submit s3 urls for presigning

(s3 will encode the filename when it performs GetObjectCommand, but filename is already encoded and will be double encoded!)

This fix doesn't rely on any other PRs to work

Addresses #335

Summary by CodeRabbit

• Bug Fixes
  • Corrected presigned URL generation to avoid double-encoding filenames, ensuring download links work reliably and preserve original filenames.
  • Non-presigned URL behavior remains unchanged.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[coderabbitai]

Warning

Rate limit exceeded

@AdrianCurtin has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 5 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 8483cde and 974a3eb.

📒 Files selected for processing (2)

• index.js (1 hunks)
• spec/test.spec.js (1 hunks)

📝 Walkthrough

Walkthrough

Updated getFileLocation to use an unencoded file key (bucketPrefix + original filename) when generating presigned URLs to avoid double encoding. The presigned GetObjectCommand now uses this new key. Non-presigned URL logic and other flows remain unchanged.

Changes

Cohort / File(s)	Summary of Changes
Presigned URL key handling index.js	Introduced presignedFileKey using bucketPrefix + raw filename for presigned GetObjectCommand; replaced previous use of encoded key to avoid double encoding. No changes to public/exported signatures.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant getFileLocation
    participant S3Presigner as S3 Presigner
    participant S3 as S3

    Caller->>getFileLocation: request file location
    alt presigned URLs enabled
        getFileLocation->>getFileLocation: build presignedFileKey (prefix + raw filename)
        getFileLocation->>S3Presigner: sign GetObjectCommand(presignedFileKey)
        S3Presigner->>S3: GetObjectCommand(presignedFileKey)
        S3-->>S3Presigner: signed request
        S3Presigner-->>getFileLocation: presigned URL
        getFileLocation-->>Caller: presigned URL
    else presigned URLs disabled
        getFileLocation-->>Caller: non-presigned URL
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[parseplatformorg]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

index.js (4)

231-233: Nit: Clarify naming to reflect semantics (raw/unencoded key)

Consider renaming presignedFileKey to something that conveys the key is unencoded, e.g. rawFileKey or unencodedFileKey, for future maintainability.

Apply this localized rename:

-    const presignedFileKey = `${this._bucketPrefix}${filename}`;
+    const rawFileKey = `${this._bucketPrefix}${filename}`;

Note: See companion change on Line 236 to update the reference.

---

231-236: Nit: Limit scope by computing the raw key only when presigning is enabled

You can avoid an always-on allocation by moving the raw/unencoded key computation inside the if (this._presignedUrl) block, since it’s only used there.

---

236-236: Follow-up: Align variable rename in presign params

If you adopt the naming nit, update the params reference accordingly.

-      const params = { Bucket: this._bucket, Key: presignedFileKey };
+      const params = { Bucket: this._bucket, Key: rawFileKey };

---

231-239: Verify custom baseUrl flows don’t change the canonical path used for signing

When _presignedUrl is true and a custom _baseUrl is provided, buildDirectAccessUrl reconstructs the URL by combining baseUrl + baseUrlFileKey and appending the query from the presigned URL. This remains valid only if the path portion exactly matches the canonical URI used during signing (after encoding). Given your switch to using the unencoded key for signing, this should still match because fileName/fileKey are encoded in the same way. However, configs with _baseUrlDirect and any path rewriting (e.g., CDN origin path or removed bucket prefix) can break signatures.

Please validate these cases:

• Filenames containing spaces, plus signs, percent signs, and unicode (e.g., "a b+%c—µ.png").
• Nested paths in filenames (e.g., "folder/sub/na me.png").
• Configurations with _baseUrl set, both _baseUrlDirect = true and false.
• Non-empty _bucketPrefix, especially when _baseUrlDirect = true.

If any of these alter the path compared to the one used for signing, the signature will be invalid.

I can draft a small set of unit tests (or a minimal Node script) to assert that the constructed URL path exactly equals the presigned URL path for the above cases. Want me to provide that?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e634835 and 8483cde.

📒 Files selected for processing (1)

• index.js (1 hunks)

🔇 Additional comments (2)

index.js (2)

231-233: Correct fix to avoid double-encoding during presign

Using the original, unencoded filename for the presigned S3 GetObjectCommand key is the right approach. The AWS presigner handles URL encoding; passing an already-encoded key led to double-encoding. This aligns with the PR objective and should resolve #335.

---

236-236: Update presign params to use the raw/unencoded key

Switching the presign GetObjectCommand to the unencoded key is correct and matches S3 expectations.