2017-09-23 00:56:58 -05:00
|
|
|
// Copyright 2015 Light Code Labs, LLC
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2016-06-05 22:51:56 -05:00
|
|
|
package rewrite
|
|
|
|
|
|
|
|
import (
|
httpserver/all: Clean up and standardize request URL handling (#1633)
* httpserver/all: Clean up and standardize request URL handling
The HTTP server now always creates a context value on the request which
is a copy of the request's URL struct. It should not be modified by
middlewares, but it is safe to get the value out of the request and make
changes to it locally-scoped. Thus, the value in the context always
stores the original request URL information as it was received. Any
rewrites that happen will be to the request's URL field directly.
The HTTP server no longer cleans /sanitizes the request URL. It made too
many strong assumptions and ended up making a lot of middleware more
complicated, including upstream proxying (and fastcgi). To alleviate
this complexity, we no longer change the request URL. Middlewares are
responsible to access the disk safely by using http.Dir or, if not
actually opening files, they can use httpserver.SafePath().
I'm hoping this will address issues with #1624, #1584, #1582, and others.
* staticfiles: Fix test on Windows
@abiosoft: I still can't figure out exactly what this is for. 😅
* Use (potentially) changed URL for browse redirects, as before
* Use filepath.ToSlash, clean up a couple proxy test cases
* Oops, fix variable name
2017-05-02 00:11:10 -05:00
|
|
|
"context"
|
2016-06-05 22:51:56 -05:00
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/mholt/caddy/caddyhttp/httpserver"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestRewrite(t *testing.T) {
|
|
|
|
rw := Rewrite{
|
|
|
|
Next: httpserver.HandlerFunc(urlPrinter),
|
2016-07-08 19:12:52 -05:00
|
|
|
Rules: []httpserver.HandlerConfig{
|
2018-04-14 20:40:55 -05:00
|
|
|
newSimpleRule(t, "^/from$", "/to"),
|
|
|
|
newSimpleRule(t, "^/a$", "/b"),
|
|
|
|
newSimpleRule(t, "^/b$", "/b{uri}"),
|
2016-06-05 22:51:56 -05:00
|
|
|
},
|
|
|
|
FileSys: http.Dir("."),
|
|
|
|
}
|
|
|
|
|
|
|
|
regexps := [][]string{
|
|
|
|
{"/reg/", ".*", "/to", ""},
|
|
|
|
{"/r/", "[a-z]+", "/toaz", "!.html|"},
|
2017-01-24 00:15:27 -05:00
|
|
|
{"/path/", "[a-z0-9]", "/to/{path}", ""},
|
|
|
|
{"/url/", "a([a-z0-9]*)s([A-Z]{2})", "/to/{rewrite_path}", ""},
|
2016-06-05 22:51:56 -05:00
|
|
|
{"/ab/", "ab", "/ab?{query}", ".txt|"},
|
|
|
|
{"/ab/", "ab", "/ab?type=html&{query}", ".html|"},
|
|
|
|
{"/abc/", "ab", "/abc/{file}", ".html|"},
|
|
|
|
{"/abcd/", "ab", "/a/{dir}/{file}", ".html|"},
|
|
|
|
{"/abcde/", "ab", "/a#{fragment}", ".html|"},
|
|
|
|
{"/ab/", `.*\.jpg`, "/ajpg", ""},
|
|
|
|
{"/reggrp", `/ad/([0-9]+)([a-z]*)`, "/a{1}/{2}", ""},
|
|
|
|
{"/reg2grp", `(.*)`, "/{1}", ""},
|
|
|
|
{"/reg3grp", `(.*)/(.*)/(.*)`, "/{1}{2}{3}", ""},
|
|
|
|
{"/hashtest", "(.*)", "/{1}", ""},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, regexpRule := range regexps {
|
|
|
|
var ext []string
|
|
|
|
if s := strings.Split(regexpRule[3], "|"); len(s) > 1 {
|
|
|
|
ext = s[:len(s)-1]
|
|
|
|
}
|
2016-08-29 09:14:06 -05:00
|
|
|
rule, err := NewComplexRule(regexpRule[0], regexpRule[1], regexpRule[2], ext, httpserver.IfMatcher{})
|
2016-06-05 22:51:56 -05:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
rw.Rules = append(rw.Rules, rule)
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
from string
|
|
|
|
expectedTo string
|
|
|
|
}{
|
|
|
|
{"/from", "/to"},
|
|
|
|
{"/a", "/b"},
|
|
|
|
{"/b", "/b/b"},
|
|
|
|
{"/aa", "/aa"},
|
|
|
|
{"/", "/"},
|
|
|
|
{"/a?foo=bar", "/b?foo=bar"},
|
|
|
|
{"/asdf?foo=bar", "/asdf?foo=bar"},
|
|
|
|
{"/foo#bar", "/foo#bar"},
|
|
|
|
{"/a#foo", "/b#foo"},
|
|
|
|
{"/reg/foo", "/to"},
|
|
|
|
{"/re", "/re"},
|
|
|
|
{"/r/", "/r/"},
|
|
|
|
{"/r/123", "/r/123"},
|
|
|
|
{"/r/a123", "/toaz"},
|
|
|
|
{"/r/abcz", "/toaz"},
|
|
|
|
{"/r/z", "/toaz"},
|
|
|
|
{"/r/z.html", "/r/z.html"},
|
|
|
|
{"/r/z.js", "/toaz"},
|
2017-01-24 00:15:27 -05:00
|
|
|
{"/path/a1b2c", "/to/path/a1b2c"},
|
|
|
|
{"/path/d3e4f", "/to/path/d3e4f"},
|
2016-06-05 22:51:56 -05:00
|
|
|
{"/url/asAB", "/to/url/asAB"},
|
|
|
|
{"/url/aBsAB", "/url/aBsAB"},
|
|
|
|
{"/url/a00sAB", "/to/url/a00sAB"},
|
|
|
|
{"/url/a0z0sAB", "/to/url/a0z0sAB"},
|
|
|
|
{"/ab/aa", "/ab/aa"},
|
|
|
|
{"/ab/ab", "/ab/ab"},
|
|
|
|
{"/ab/ab.txt", "/ab"},
|
|
|
|
{"/ab/ab.txt?name=name", "/ab?name=name"},
|
|
|
|
{"/ab/ab.html?name=name", "/ab?type=html&name=name"},
|
|
|
|
{"/abc/ab.html", "/abc/ab.html"},
|
|
|
|
{"/abcd/abcd.html", "/a/abcd/abcd.html"},
|
|
|
|
{"/abcde/abcde.html", "/a"},
|
|
|
|
{"/abcde/abcde.html#1234", "/a#1234"},
|
|
|
|
{"/ab/ab.jpg", "/ajpg"},
|
2016-06-21 19:44:16 -05:00
|
|
|
{"/reggrp/ad/12", "/a12/"},
|
2016-06-05 22:51:56 -05:00
|
|
|
{"/reggrp/ad/124a", "/a124/a"},
|
|
|
|
{"/reggrp/ad/124abc", "/a124/abc"},
|
|
|
|
{"/reg2grp/ad/124abc", "/ad/124abc"},
|
|
|
|
{"/reg3grp/ad/aa/66", "/adaa66"},
|
|
|
|
{"/reg3grp/ad612/n1n/ab", "/ad612n1nab"},
|
|
|
|
{"/hashtest/a%20%23%20test", "/a%20%23%20test"},
|
|
|
|
{"/hashtest/a%20%3F%20test", "/a%20%3F%20test"},
|
|
|
|
{"/hashtest/a%20%3F%23test", "/a%20%3F%23test"},
|
|
|
|
}
|
|
|
|
|
|
|
|
for i, test := range tests {
|
|
|
|
req, err := http.NewRequest("GET", test.from, nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
|
|
|
|
}
|
httpserver/all: Clean up and standardize request URL handling (#1633)
* httpserver/all: Clean up and standardize request URL handling
The HTTP server now always creates a context value on the request which
is a copy of the request's URL struct. It should not be modified by
middlewares, but it is safe to get the value out of the request and make
changes to it locally-scoped. Thus, the value in the context always
stores the original request URL information as it was received. Any
rewrites that happen will be to the request's URL field directly.
The HTTP server no longer cleans /sanitizes the request URL. It made too
many strong assumptions and ended up making a lot of middleware more
complicated, including upstream proxying (and fastcgi). To alleviate
this complexity, we no longer change the request URL. Middlewares are
responsible to access the disk safely by using http.Dir or, if not
actually opening files, they can use httpserver.SafePath().
I'm hoping this will address issues with #1624, #1584, #1582, and others.
* staticfiles: Fix test on Windows
@abiosoft: I still can't figure out exactly what this is for. 😅
* Use (potentially) changed URL for browse redirects, as before
* Use filepath.ToSlash, clean up a couple proxy test cases
* Oops, fix variable name
2017-05-02 00:11:10 -05:00
|
|
|
ctx := context.WithValue(req.Context(), httpserver.OriginalURLCtxKey, *req.URL)
|
|
|
|
req = req.WithContext(ctx)
|
2016-06-05 22:51:56 -05:00
|
|
|
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
rw.ServeHTTP(rec, req)
|
|
|
|
|
httpserver/all: Clean up and standardize request URL handling (#1633)
* httpserver/all: Clean up and standardize request URL handling
The HTTP server now always creates a context value on the request which
is a copy of the request's URL struct. It should not be modified by
middlewares, but it is safe to get the value out of the request and make
changes to it locally-scoped. Thus, the value in the context always
stores the original request URL information as it was received. Any
rewrites that happen will be to the request's URL field directly.
The HTTP server no longer cleans /sanitizes the request URL. It made too
many strong assumptions and ended up making a lot of middleware more
complicated, including upstream proxying (and fastcgi). To alleviate
this complexity, we no longer change the request URL. Middlewares are
responsible to access the disk safely by using http.Dir or, if not
actually opening files, they can use httpserver.SafePath().
I'm hoping this will address issues with #1624, #1584, #1582, and others.
* staticfiles: Fix test on Windows
@abiosoft: I still can't figure out exactly what this is for. 😅
* Use (potentially) changed URL for browse redirects, as before
* Use filepath.ToSlash, clean up a couple proxy test cases
* Oops, fix variable name
2017-05-02 00:11:10 -05:00
|
|
|
if got, want := rec.Body.String(), test.expectedTo; got != want {
|
|
|
|
t.Errorf("Test %d: Expected URL to be '%s' but was '%s'", i, want, got)
|
2016-06-05 22:51:56 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-14 20:40:55 -05:00
|
|
|
// TestWordpress is a test for wordpress usecase.
|
|
|
|
func TestWordpress(t *testing.T) {
|
|
|
|
rw := Rewrite{
|
|
|
|
Next: httpserver.HandlerFunc(urlPrinter),
|
|
|
|
Rules: []httpserver.HandlerConfig{
|
|
|
|
// both rules are same, thanks to Go regexp (confusion).
|
|
|
|
newSimpleRule(t, "^/wp-admin", "{path} {path}/ /index.php?{query}", true),
|
|
|
|
newSimpleRule(t, "^\\/wp-admin", "{path} {path}/ /index.php?{query}", true),
|
|
|
|
},
|
|
|
|
FileSys: http.Dir("."),
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
from string
|
|
|
|
expectedTo string
|
|
|
|
}{
|
|
|
|
{"/wp-admin", "/wp-admin"},
|
|
|
|
{"/wp-admin/login.php", "/wp-admin/login.php"},
|
|
|
|
{"/not-wp-admin/login.php?not=admin", "/index.php?not=admin"},
|
|
|
|
{"/loophole", "/index.php"},
|
|
|
|
{"/user?name=john", "/index.php?name=john"},
|
|
|
|
}
|
|
|
|
|
|
|
|
for i, test := range tests {
|
|
|
|
req, err := http.NewRequest("GET", test.from, nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
|
|
|
|
}
|
|
|
|
ctx := context.WithValue(req.Context(), httpserver.OriginalURLCtxKey, *req.URL)
|
|
|
|
req = req.WithContext(ctx)
|
|
|
|
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
rw.ServeHTTP(rec, req)
|
|
|
|
|
|
|
|
if got, want := rec.Body.String(), test.expectedTo; got != want {
|
|
|
|
t.Errorf("Test %d: Expected URL to be '%s' but was '%s'", i, want, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-05 22:51:56 -05:00
|
|
|
func urlPrinter(w http.ResponseWriter, r *http.Request) (int, error) {
|
|
|
|
fmt.Fprint(w, r.URL.String())
|
|
|
|
return 0, nil
|
|
|
|
}
|