Secondary Authentication fails in Production style URL

[vigneashs]

Which service(blob, file, queue, table) does this issue concern?

Blob, queue, table, all of them fail.

Which version of the Azurite was used?

V3.26.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

NuGet - custom built

What's the Node.js version?

V18 LTS

What problem was encountered?

In Authentication string to sign, Authentication Path is not formed correctly when using Production style URL for secondary requests.

Steps to reproduce the issue?

Take any storage client, use production style URL with -secondary suffix for secondary read operation on Azurite.

You can observe the string to sign is malformed for these requests.

Have you found a mitigation/solution?

Yes, I have fixed the error. Until it gets merged use non-production style URL for secondary requests.

[vigneashs]

Snippet which causes the regression:
if (isSecondary) {
const pos = blobContext.authenticationPath.search(SECONDARY_SUFFIX);
blobContext.authenticationPath =
blobContext.authenticationPath.substr(0, pos) +
blobContext.authenticationPath.substr(pos + SECONDARY_SUFFIX.length);
}

Now, this works fine for non-production URLs like - 127.0.0.1:10000/devaccount-secondary/testcontainer. As there is a secondary suffix in the authentication path - /devaccount-secondary/testcontainer. So this path gets transformed to /devaccount/testcontainer

Now, let's take a look at production URL trying to access a secondary storage, devaccount-secondary.sample.com/testcontainer.

The authentication path looks like this - /testcontainer.
now, when we search for secondary_suffix, the code would return -1 (non-existence). In the next line, we are doing a substring of (0,-1) and (-1+10) - (9). So, the resulting string would be "ainer". This causes the authentication string to be malformed and results in authentication errors for production style secondary URLs.

[blueww]

@vigneashs

Thanks for finding and investigation of this issue!

Azurite welcome contribution!
Would you like to raise a PR to fix this issue?

[vigneashs]

Thanks, I have raised the PR - Fixes issue #2208 by vigneashs · Pull Request #2215 · Azure/Azurite (github.com)<#2215> [https://opengraph.githubassets.com/060d4701f271684bea480c340e5c422ed0e3809ce5c18bd6c3e5ad0396ebf42b/Azure/Azurite/pull/2215]<https://github.com/Azure/Azurite/pull/2215> Fixes issue #2208 by vigneashs · Pull Request #2215 · Azure/Azurite<#2215> This PR adds additional validation to authentication path computation for secondary requests. github.com Regards, Vigneash

…

________________________________ From: Wei Wei ***@***.***> Sent: Monday, October 9, 2023 7:48 PM To: Azure/Azurite ***@***.***> Cc: Mention ***@***.***>; Author ***@***.***>; Comment ***@***.***> Subject: Re: [Azure/Azurite] Secondary Authentication fails in Production style URL (Issue #2208) @vigneashs<https://github.com/vigneashs> Thanks for finding and investigation of this issue! Azurite welcome contribution! Would you like to raise a PR to fix this issue? — Reply to this email directly, view it on GitHub<#2208 (comment)> or unsubscribe<https://github.com/notifications/unsubscribe-auth/AWIT5VXCDWRHNYHZCJQ5XW3X6SZQHBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEYTEMRSGY4TQOJSQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRRHEZTGNJRGEZTONNHORZGSZ3HMVZKMY3SMVQXIZI>. You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[blueww]

@vigneashs

I have reviewed your PR, and raised a comment for change log and test case.
Would you please help to look?