2016-03-31 12:17:18 -07:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
2021-07-15 23:34:01 +03:00
|
|
|
"errors"
|
|
|
|
"net/http"
|
2019-02-07 20:49:51 +03:00
|
|
|
"strings"
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
"github.com/labstack/echo/v5"
|
2016-03-31 12:17:18 -07:00
|
|
|
)
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// AddTrailingSlashConfig is the middleware config for adding trailing slash to the request.
|
|
|
|
type AddTrailingSlashConfig struct {
|
|
|
|
// Skipper defines a function to skip middleware.
|
|
|
|
Skipper Skipper
|
2016-07-27 09:34:44 -07:00
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// Status code to be used when redirecting the request.
|
|
|
|
// Optional, but when provided the request is redirected using this code.
|
|
|
|
// Valid status codes: [300...308]
|
|
|
|
RedirectCode int
|
|
|
|
}
|
2016-07-27 09:34:44 -07:00
|
|
|
|
2016-03-31 12:17:18 -07:00
|
|
|
// AddTrailingSlash returns a root level (before router) middleware which adds a
|
|
|
|
// trailing slash to the request `URL#Path`.
|
|
|
|
//
|
|
|
|
// Usage `Echo#Pre(AddTrailingSlash())`
|
|
|
|
func AddTrailingSlash() echo.MiddlewareFunc {
|
2021-07-15 23:34:01 +03:00
|
|
|
return AddTrailingSlashWithConfig(AddTrailingSlashConfig{})
|
|
|
|
}
|
|
|
|
|
|
|
|
// AddTrailingSlashWithConfig returns a AddTrailingSlash middleware with config or panics on invalid configuration.
|
|
|
|
func AddTrailingSlashWithConfig(config AddTrailingSlashConfig) echo.MiddlewareFunc {
|
|
|
|
return toMiddlewareOrPanic(config)
|
2016-04-12 22:39:29 -07:00
|
|
|
}
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// ToMiddleware converts AddTrailingSlashConfig to middleware or returns an error for invalid configuration
|
|
|
|
func (config AddTrailingSlashConfig) ToMiddleware() (echo.MiddlewareFunc, error) {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper == nil {
|
2021-07-15 23:34:01 +03:00
|
|
|
config.Skipper = DefaultSkipper
|
|
|
|
}
|
|
|
|
if config.RedirectCode != 0 && (config.RedirectCode < http.StatusMultipleChoices || config.RedirectCode > http.StatusPermanentRedirect) {
|
|
|
|
// this is same check as `echo.context.Redirect()` does, but we can check this before even serving the request.
|
|
|
|
return nil, errors.New("invalid redirect code for add trailing slash middleware")
|
2016-07-27 09:34:44 -07:00
|
|
|
}
|
|
|
|
|
2016-04-02 14:19:39 -07:00
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper(c) {
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
|
2016-04-24 10:21:23 -07:00
|
|
|
req := c.Request()
|
2016-09-22 22:53:44 -07:00
|
|
|
url := req.URL
|
|
|
|
path := url.Path
|
|
|
|
qs := c.QueryString()
|
2019-02-07 20:49:51 +03:00
|
|
|
if !strings.HasSuffix(path, "/") {
|
2016-04-12 22:39:29 -07:00
|
|
|
path += "/"
|
2016-04-13 13:48:33 -07:00
|
|
|
uri := path
|
|
|
|
if qs != "" {
|
|
|
|
uri += "?" + qs
|
|
|
|
}
|
2016-05-23 11:23:15 -07:00
|
|
|
|
|
|
|
// Redirect
|
2016-04-12 22:39:29 -07:00
|
|
|
if config.RedirectCode != 0 {
|
2021-02-11 15:53:22 +02:00
|
|
|
return c.Redirect(config.RedirectCode, sanitizeURI(uri))
|
2016-04-12 22:39:29 -07:00
|
|
|
}
|
2016-05-23 11:23:15 -07:00
|
|
|
|
|
|
|
// Forward
|
2016-09-22 22:53:44 -07:00
|
|
|
req.RequestURI = uri
|
|
|
|
url.Path = path
|
2016-03-31 12:17:18 -07:00
|
|
|
}
|
2016-04-02 14:19:39 -07:00
|
|
|
return next(c)
|
|
|
|
}
|
2021-07-15 23:34:01 +03:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveTrailingSlashConfig is the middleware config for removing trailing slash from the request.
|
|
|
|
type RemoveTrailingSlashConfig struct {
|
|
|
|
// Skipper defines a function to skip middleware.
|
|
|
|
Skipper Skipper
|
|
|
|
|
|
|
|
// Status code to be used when redirecting the request.
|
|
|
|
// Optional, but when provided the request is redirected using this code.
|
|
|
|
RedirectCode int
|
2016-03-31 12:17:18 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveTrailingSlash returns a root level (before router) middleware which removes
|
|
|
|
// a trailing slash from the request URI.
|
|
|
|
//
|
|
|
|
// Usage `Echo#Pre(RemoveTrailingSlash())`
|
|
|
|
func RemoveTrailingSlash() echo.MiddlewareFunc {
|
2021-07-15 23:34:01 +03:00
|
|
|
return RemoveTrailingSlashWithConfig(RemoveTrailingSlashConfig{})
|
2016-04-12 22:39:29 -07:00
|
|
|
}
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// RemoveTrailingSlashWithConfig returns a RemoveTrailingSlash middleware with config or panics on invalid configuration.
|
|
|
|
func RemoveTrailingSlashWithConfig(config RemoveTrailingSlashConfig) echo.MiddlewareFunc {
|
|
|
|
return toMiddlewareOrPanic(config)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToMiddleware converts RemoveTrailingSlashConfig to middleware or returns an error for invalid configuration
|
|
|
|
func (config RemoveTrailingSlashConfig) ToMiddleware() (echo.MiddlewareFunc, error) {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper == nil {
|
2021-07-15 23:34:01 +03:00
|
|
|
config.Skipper = DefaultSkipper
|
|
|
|
}
|
|
|
|
if config.RedirectCode != 0 && (config.RedirectCode < http.StatusMultipleChoices || config.RedirectCode > http.StatusPermanentRedirect) {
|
|
|
|
// this is same check as `echo.context.Redirect()` does, but we can check this before even serving the request.
|
|
|
|
return nil, errors.New("invalid redirect code for remove trailing slash middleware")
|
2016-07-27 09:34:44 -07:00
|
|
|
}
|
|
|
|
|
2016-04-02 14:19:39 -07:00
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper(c) {
|
|
|
|
return next(c)
|
|
|
|
}
|
|
|
|
|
2016-04-24 10:21:23 -07:00
|
|
|
req := c.Request()
|
2016-09-22 22:53:44 -07:00
|
|
|
url := req.URL
|
|
|
|
path := url.Path
|
|
|
|
qs := c.QueryString()
|
2016-03-31 12:17:18 -07:00
|
|
|
l := len(path) - 1
|
2019-02-07 20:49:51 +03:00
|
|
|
if l > 0 && strings.HasSuffix(path, "/") {
|
2016-04-12 22:39:29 -07:00
|
|
|
path = path[:l]
|
2016-04-13 13:48:33 -07:00
|
|
|
uri := path
|
|
|
|
if qs != "" {
|
|
|
|
uri += "?" + qs
|
|
|
|
}
|
2016-05-23 11:23:15 -07:00
|
|
|
|
|
|
|
// Redirect
|
2016-04-12 22:39:29 -07:00
|
|
|
if config.RedirectCode != 0 {
|
2021-02-11 15:53:22 +02:00
|
|
|
return c.Redirect(config.RedirectCode, sanitizeURI(uri))
|
2016-04-12 22:39:29 -07:00
|
|
|
}
|
2016-05-23 11:23:15 -07:00
|
|
|
|
|
|
|
// Forward
|
2016-09-22 22:53:44 -07:00
|
|
|
req.RequestURI = uri
|
|
|
|
url.Path = path
|
2016-03-31 12:17:18 -07:00
|
|
|
}
|
2016-04-02 14:19:39 -07:00
|
|
|
return next(c)
|
|
|
|
}
|
2021-07-15 23:34:01 +03:00
|
|
|
}, nil
|
2016-03-31 12:17:18 -07:00
|
|
|
}
|
2021-02-11 15:53:22 +02:00
|
|
|
|
|
|
|
func sanitizeURI(uri string) string {
|
|
|
|
// double slash `\\`, `//` or even `\/` is absolute uri for browsers and by redirecting request to that uri
|
|
|
|
// we are vulnerable to open redirect attack. so replace all slashes from the beginning with single slash
|
|
|
|
if len(uri) > 1 && (uri[0] == '\\' || uri[0] == '/') && (uri[1] == '\\' || uri[1] == '/') {
|
|
|
|
uri = "/" + strings.TrimLeft(uri, `/\`)
|
|
|
|
}
|
|
|
|
return uri
|
|
|
|
}
|