优化签名错误问题

Author: carsonxu

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cos-nodejs-sdk-v5",
-  "version": "2.8.1",
+  "version": "2.8.2",
   "description": "cos nodejs sdk v5",
   "main": "index.js",
   "scripts": {

sdk/util.js

@@ -38,11 +38,11 @@ var getAuth = function (opt) {
     if (!SecretId) return console.error('missing param SecretId');
     if (!SecretKey) return console.error('missing param SecretKey');
 
-    var getObjectKeys = function (obj) {
+    var getObjectKeys = function (obj, forKey) {
         var list = [];
         for (var key in obj) {
             if (obj.hasOwnProperty(key)) {
-                list.push(key);
+                list.push(forKey ? camSafeUrlEncode(key).toLowerCase() : key);
             }
         }
         return list.sort(function (a, b) {
@@ -59,8 +59,7 @@ var getAuth = function (opt) {
         for (i = 0; i < keyList.length; i++) {
             key = keyList[i];
             val = (obj[key] === undefined || obj[key] === null) ? '' : ('' + obj[key]);
-            key = key.toLowerCase();
-            key = camSafeUrlEncode(key);
+            key = camSafeUrlEncode(key).toLowerCase();
             val = camSafeUrlEncode(val) || '';
             list.push(key + '=' + val)
         }
@@ -83,8 +82,8 @@ var getAuth = function (opt) {
     var qAk = SecretId;
     var qSignTime = KeyTime || now + ';' + exp;
     var qKeyTime = KeyTime || now + ';' + exp;
-    var qHeaderList = getObjectKeys(headers).join(';').toLowerCase();
-    var qUrlParamList = getObjectKeys(queryParams).join(';').toLowerCase();
+    var qHeaderList = getObjectKeys(headers, true).join(';').toLowerCase();
+    var qUrlParamList = getObjectKeys(queryParams, true).join(';').toLowerCase();
 
     // 签名算法说明文档：https://www.qcloud.com/document/product/436/7778
     // 步骤一：计算 SignKey

test/test.js

@@ -2979,3 +2979,41 @@ group('Promise', function () {
         });
     });
 });
+
+group('Query 的键值带有特殊字符', function () {
+    test('getAuth()', function (done, assert) {
+        var content = Date.now().toString();
+        var key = '1.txt';
+        cos.putObject({
+            Bucket: config.Bucket,
+            Region: config.Region,
+            Key: key,
+            Body: content,
+        }, function (err, data) {
+            var str = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM,./;\'[]\\-=0987654321`~!@#$%^&*()_+{}|":>?<';
+            var qs = {};
+            qs[str] = str;
+            var AuthData = cos.getAuth({
+                Method: 'GET',
+                Key: key,
+                Query: qs,
+            });
+            if (typeof AuthData === 'string') {
+                AuthData = {Authorization: AuthData};
+            }
+            var link = 'http://' + config.Bucket + '.cos.' + config.Region + '.myqcloud.com' + '/' +
+                camSafeUrlEncode(key).replace(/%2F/g, '/') +
+                '?sign=' + camSafeUrlEncode(AuthData.Authorization) +
+                (AuthData.XCosSecurityToken ? '&x-cos-security-token=' + AuthData.XCosSecurityToken : '') +
+                '&' + camSafeUrlEncode(str) + '=' + camSafeUrlEncode(str);
+            request({
+                method: 'GET',
+                url: link,
+            }, function (err, response, body) {
+                assert.ok(response.statusCode === 200);
+                assert.ok(body === content);
+                done();
+            });
+        });
+    });
+});