Merge commit from fork

Signed-off-by: Jan Larwig <jan@larwig.com>
2025-08-08 22:46:33 +02:00 · 2025-07-30 19:46:58 +02:00
parent f4b33b64bd
commit 9ffafad4b2
4 changed files with 85 additions and 14 deletions
--- a/pkg/requests/util/util.go
+++ b/pkg/requests/util/util.go
@ -2,6 +2,8 @@ package util

 import (
 	"net/http"
+	"net/url"
+	"strings"

 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 )
@ -43,6 +45,25 @@ func GetRequestURI(req *http.Request) string {
 	return uri
 }

+// GetRequestPath returns the request URI or X-Forwarded-Uri if present and the
+// request is proxied but always strips the query parameters and only returns
+// the pure path
+func GetRequestPath(req *http.Request) string {
+	uri := GetRequestURI(req)
+
+	// Parse URI and return only the path component
+	if parsedURL, err := url.Parse(uri); err == nil {
+		return parsedURL.Path
+	}
+
+	// Fallback: strip query parameters manually
+	if idx := strings.Index(uri, "?"); idx != -1 {
+		return uri[:idx]
+	}
+
+	return uri
+}
+
 // IsProxied determines if a request was from a proxy based on the RequestScope
 // ReverseProxy tracker.
 func IsProxied(req *http.Request) bool {
--- a/pkg/requests/util/util_test.go
+++ b/pkg/requests/util/util_test.go
@ -13,16 +13,17 @@ import (

 var _ = Describe("Util Suite", func() {
 	const (
-		proto = "http"
-		host  = "www.oauth2proxy.test"
-		uri   = "/test/endpoint"
+		proto              = "http"
+		host               = "www.oauth2proxy.test"
+		uriWithQueryParams = "/test/endpoint?query=param"
+		uriNoQueryParams   = "/test/endpoint"
 	)
 	var req *http.Request

 	BeforeEach(func() {
 		req = httptest.NewRequest(
 			http.MethodGet,
-			fmt.Sprintf("%s://%s%s", proto, host, uri),
+			fmt.Sprintf("%s://%s%s", proto, host, uriWithQueryParams),
 			nil,
 		)
 	})
@ -101,13 +102,13 @@ var _ = Describe("Util Suite", func() {
 				req = middleware.AddRequestScope(req, &middleware.RequestScope{})
 			})

-			It("returns the URI", func() {
-				Expect(util.GetRequestURI(req)).To(Equal(uri))
+			It("returns the URI (with query params)", func() {
+				Expect(util.GetRequestURI(req)).To(Equal(uriWithQueryParams))
 			})

-			It("ignores X-Forwarded-Uri and returns the URI", func() {
+			It("ignores X-Forwarded-Uri and returns the URI (with query params)", func() {
 				req.Header.Add("X-Forwarded-Uri", "/some/other/path")
-				Expect(util.GetRequestURI(req)).To(Equal(uri))
+				Expect(util.GetRequestURI(req)).To(Equal(uriWithQueryParams))
 			})
 		})

@ -118,13 +119,47 @@ var _ = Describe("Util Suite", func() {
 				})
 			})

-			It("returns the URI if X-Forwarded-Uri is not present", func() {
-				Expect(util.GetRequestURI(req)).To(Equal(uri))
+			It("returns the URI if X-Forwarded-Uri is not present (with query params)", func() {
+				Expect(util.GetRequestURI(req)).To(Equal(uriWithQueryParams))
 			})

-			It("returns the X-Forwarded-Uri when present", func() {
-				req.Header.Add("X-Forwarded-Uri", "/some/other/path")
-				Expect(util.GetRequestURI(req)).To(Equal("/some/other/path"))
+			It("returns the X-Forwarded-Uri when present (with query params)", func() {
+				req.Header.Add("X-Forwarded-Uri", "/some/other/path?query=param")
+				Expect(util.GetRequestURI(req)).To(Equal("/some/other/path?query=param"))
+			})
+		})
+	})
+
+	Context("GetRequestPath", func() {
+		Context("IsProxied is false", func() {
+			BeforeEach(func() {
+				req = middleware.AddRequestScope(req, &middleware.RequestScope{})
+			})
+
+			It("returns the URI (without query params)", func() {
+				Expect(util.GetRequestPath(req)).To(Equal(uriNoQueryParams))
+			})
+
+			It("ignores X-Forwarded-Uri and returns the URI (without query params)", func() {
+				req.Header.Add("X-Forwarded-Uri", "/some/other/path?query=param")
+				Expect(util.GetRequestPath(req)).To(Equal(uriNoQueryParams))
+			})
+		})
+
+		Context("IsProxied is true", func() {
+			BeforeEach(func() {
+				req = middleware.AddRequestScope(req, &middleware.RequestScope{
+					ReverseProxy: true,
+				})
+			})
+
+			It("returns the URI if X-Forwarded-Uri is not present (without query params)", func() {
+				Expect(util.GetRequestPath(req)).To(Equal(uriNoQueryParams))
+			})
+
+			It("returns the X-Forwarded-Uri when present (without query params)", func() {
+				req.Header.Add("X-Forwarded-Uri", "/some/other/path?query=param")
+				Expect(util.GetRequestPath(req)).To(Equal("/some/other/path"))
 			})
 		})
 	})