go/echo
go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-01-12 01:22:21 +02:00
Code Issues Releases Activity

using url.EscapedPath instead of custom GetPath, rewritePath func added to middleware - used by proxy and rewrite

Browse Source
This commit is contained in:
Arun Gopalpuri 2020-08-28 12:47:02 -07:00
parent cb84205219
commit 1a6ec73e57
6 changed files with 63 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
echo.go
View File

@ -612,16 +612,15 @@ func (e *Echo) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Acquire context // Acquire context
c := e.pool.Get().(*context) c := e.pool.Get().(*context)
c.Reset(r, w) c.Reset(r, w)
h := NotFoundHandler h := NotFoundHandler
if e.premiddleware == nil { if e.premiddleware == nil {
e.findRouter(r.Host).Find(r.Method, GetPath(r), c) e.findRouter(r.Host).Find(r.Method, r.URL.EscapedPath(), c)
h = c.Handler() h = c.Handler()
h = applyMiddleware(h, e.middleware...) h = applyMiddleware(h, e.middleware...)
} else { } else {
h = func(c Context) error { h = func(c Context) error {
e.findRouter(r.Host).Find(r.Method, GetPath(r), c) e.findRouter(r.Host).Find(r.Method, r.URL.EscapedPath(), c)
h := c.Handler() h := c.Handler()
h = applyMiddleware(h, e.middleware...) h = applyMiddleware(h, e.middleware...)
return h(c) return h(c)
@ -832,15 +831,6 @@ func WrapMiddleware(m func(http.Handler) http.Handler) MiddlewareFunc {
} }
} }
// GetPath returns RawPath, if it's empty returns Path from URL
func GetPath(r *http.Request) string {
path := r.URL.RawPath
if path == "" {
path = r.URL.Path
}
return path
}
func (e *Echo) findRouter(host string) *Router { func (e *Echo) findRouter(host string) *Router {
if len(e.routers) > 0 { if len(e.routers) > 0 {
if r, ok := e.routers[host]; ok { if r, ok := e.routers[host]; ok {

13
middleware/middleware.go
View File

@ -1,6 +1,8 @@
package middleware package middleware
import ( import (
"net/http"
"net/url"
"regexp" "regexp"
"strconv" "strconv"
"strings" "strings"
@ -32,6 +34,17 @@ func captureTokens(pattern *regexp.Regexp, input string) *strings.Replacer {
return strings.NewReplacer(replace...) return strings.NewReplacer(replace...)
} }
//rewritePath sets request url path and raw path
func rewritePath(replacer *strings.Replacer, target string, req *http.Request) error {
replacerRawPath := replacer.Replace(target)
replacerPath, err := url.PathUnescape(replacerRawPath)
if err != nil {
return err
}
req.URL.Path, req.URL.RawPath = replacerPath, replacerRawPath
return nil
}
// DefaultSkipper returns false which processes the middleware. // DefaultSkipper returns false which processes the middleware.
func DefaultSkipper(echo.Context) bool { func DefaultSkipper(echo.Context) bool {
return false return false

7
middleware/proxy.go
View File

@ -227,9 +227,12 @@ func ProxyWithConfig(config ProxyConfig) echo.MiddlewareFunc {
// Rewrite // Rewrite
for k, v := range config.rewriteRegex { for k, v := range config.rewriteRegex {
replacer := captureTokens(k, echo.GetPath(req)) //use req.URL.Path here or else we will have double escaping
replacer := captureTokens(k, req.URL.Path)
if replacer != nil { if replacer != nil {
req.URL.Path = replacer.Replace(v) if err := rewritePath(replacer, v, req); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "invalid url")
}
} }
} }

23
middleware/proxy_test.go
View File

@ -14,6 +14,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
//Assert expected with url.EscapedPath method to obtain the path.
func TestProxy(t *testing.T) { func TestProxy(t *testing.T) {
// Setup // Setup
t1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { t1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -94,22 +95,34 @@ func TestProxy(t *testing.T) {
}, },
})) }))
req.URL.Path = "/api/users" req.URL.Path = "/api/users"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/users", req.URL.Path) assert.Equal(t, "/users", req.URL.EscapedPath())
assert.Equal(t, http.StatusOK, rec.Code)
req.URL.Path = "/js/main.js" req.URL.Path = "/js/main.js"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/public/javascripts/main.js", req.URL.Path) assert.Equal(t, "/public/javascripts/main.js", req.URL.EscapedPath())
assert.Equal(t, http.StatusOK, rec.Code)
req.URL.Path = "/old" req.URL.Path = "/old"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/new", req.URL.Path) assert.Equal(t, "/new", req.URL.EscapedPath())
assert.Equal(t, http.StatusOK, rec.Code)
req.URL.Path = "/users/jack/orders/1" req.URL.Path = "/users/jack/orders/1"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/user/jack/order/1", req.URL.Path) assert.Equal(t, "/user/jack/order/1", req.URL.EscapedPath())
assert.Equal(t, http.StatusOK, rec.Code) assert.Equal(t, http.StatusOK, rec.Code)
req.URL.Path = "/users/jill/orders/T%2FcO4lW%2Ft%2FVp%2F" req.URL.Path = "/users/jill/orders/T%2FcO4lW%2Ft%2FVp%2F"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/user/jill/order/T%2FcO4lW%2Ft%2FVp%2F", req.URL.Path) assert.Equal(t, "/user/jill/order/T%2FcO4lW%2Ft%2FVp%2F", req.URL.EscapedPath())
assert.Equal(t, http.StatusOK, rec.Code) assert.Equal(t, http.StatusOK, rec.Code)
req.URL.Path = "/users/jill/orders/%%%%"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req)
assert.Equal(t, http.StatusBadRequest, rec.Code)
// ModifyResponse // ModifyResponse
e = echo.New() e = echo.New()

7
middleware/rewrite.go
View File

@ -1,6 +1,7 @@
package middleware package middleware
import ( import (
"net/http"
"regexp" "regexp"
"strings" "strings"
@ -70,12 +71,14 @@ func RewriteWithConfig(config RewriteConfig) echo.MiddlewareFunc {
} }
req := c.Request() req := c.Request()
// Rewrite // Rewrite
for k, v := range config.rulesRegex { for k, v := range config.rulesRegex {
//use req.URL.Path here or else we will have double escaping
replacer := captureTokens(k, req.URL.Path) replacer := captureTokens(k, req.URL.Path)
if replacer != nil { if replacer != nil {
req.URL.Path = replacer.Replace(v) if err := rewritePath(replacer, v, req); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "invalid url")
}
break break
} }
} }

27
middleware/rewrite_test.go
View File

@ -10,6 +10,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
//Assert expected with url.EscapedPath method to obtain the path.
func TestRewrite(t *testing.T) { func TestRewrite(t *testing.T) {
e := echo.New() e := echo.New()
e.Use(RewriteWithConfig(RewriteConfig{ e.Use(RewriteWithConfig(RewriteConfig{
@ -24,19 +25,31 @@ func TestRewrite(t *testing.T) {
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req.URL.Path = "/api/users" req.URL.Path = "/api/users"
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/users", req.URL.Path) assert.Equal(t, "/users", req.URL.EscapedPath())
req.URL.Path = "/js/main.js" req.URL.Path = "/js/main.js"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/public/javascripts/main.js", req.URL.Path) assert.Equal(t, "/public/javascripts/main.js", req.URL.EscapedPath())
req.URL.Path = "/old" req.URL.Path = "/old"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/new", req.URL.Path) assert.Equal(t, "/new", req.URL.EscapedPath())
req.URL.Path = "/users/jack/orders/1" req.URL.Path = "/users/jack/orders/1"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/user/jack/order/1", req.URL.Path) assert.Equal(t, "/user/jack/order/1", req.URL.EscapedPath())
req.URL.Path = "/api/new users" req.URL.Path = "/api/new users"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/new users", req.URL.Path) assert.Equal(t, "/new%20users", req.URL.EscapedPath())
req.URL.Path = "/users/jill/orders/T%2FcO4lW%2Ft%2FVp%2F"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req)
assert.Equal(t, "/user/jill/order/T%2FcO4lW%2Ft%2FVp%2F", req.URL.EscapedPath())
req.URL.Path = "/users/jill/orders/%%%%"
rec = httptest.NewRecorder()
e.ServeHTTP(rec, req)
assert.Equal(t, http.StatusBadRequest, rec.Code)
} }
// Issue #1086 // Issue #1086
@ -59,7 +72,7 @@ func TestEchoRewritePreMiddleware(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/old", nil) req := httptest.NewRequest(http.MethodGet, "/old", nil)
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/new", req.URL.Path) assert.Equal(t, "/new", req.URL.EscapedPath())
assert.Equal(t, 200, rec.Code) assert.Equal(t, 200, rec.Code)
} }
@ -86,7 +99,7 @@ func TestRewriteWithConfigPreMiddleware_Issue1143(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/api/v1/mgmt/proj/test/agt", nil) req := httptest.NewRequest(http.MethodGet, "/api/v1/mgmt/proj/test/agt", nil)
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
e.ServeHTTP(rec, req) e.ServeHTTP(rec, req)
assert.Equal(t, "/api/v1/hosts/test", req.URL.Path) assert.Equal(t, "/api/v1/hosts/test", req.URL.EscapedPath())
assert.Equal(t, 200, rec.Code) assert.Equal(t, 200, rec.Code)
defer rec.Result().Body.Close() defer rec.Result().Body.Close()