mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
d5371aff22
* httpserver/all: Clean up and standardize request URL handling The HTTP server now always creates a context value on the request which is a copy of the request's URL struct. It should not be modified by middlewares, but it is safe to get the value out of the request and make changes to it locally-scoped. Thus, the value in the context always stores the original request URL information as it was received. Any rewrites that happen will be to the request's URL field directly. The HTTP server no longer cleans /sanitizes the request URL. It made too many strong assumptions and ended up making a lot of middleware more complicated, including upstream proxying (and fastcgi). To alleviate this complexity, we no longer change the request URL. Middlewares are responsible to access the disk safely by using http.Dir or, if not actually opening files, they can use httpserver.SafePath(). I'm hoping this will address issues with #1624, #1584, #1582, and others. * staticfiles: Fix test on Windows @abiosoft: I still can't figure out exactly what this is for. 😅 * Use (potentially) changed URL for browse redirects, as before * Use filepath.ToSlash, clean up a couple proxy test cases * Oops, fix variable name
159 lines
5.9 KiB
Go
159 lines
5.9 KiB
Go
package redirect
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/tls"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/mholt/caddy/caddyhttp/httpserver"
|
|
)
|
|
|
|
func TestRedirect(t *testing.T) {
|
|
for i, test := range []struct {
|
|
from string
|
|
expectedLocation string
|
|
expectedCode int
|
|
}{
|
|
{"http://localhost/from", "/to", http.StatusMovedPermanently},
|
|
{"http://localhost/a", "/b", http.StatusTemporaryRedirect},
|
|
{"http://localhost/aa", "", http.StatusOK},
|
|
{"http://localhost/", "", http.StatusOK},
|
|
{"http://localhost/a?foo=bar", "/b", http.StatusTemporaryRedirect},
|
|
{"http://localhost/asdf?foo=bar", "", http.StatusOK},
|
|
{"http://localhost/foo#bar", "", http.StatusOK},
|
|
{"http://localhost/a#foo", "/b", http.StatusTemporaryRedirect},
|
|
|
|
// The scheme checks that were added to this package don't actually
|
|
// help with redirects because of Caddy's design: a redirect middleware
|
|
// for http will always be different than the redirect middleware for
|
|
// https because they have to be on different listeners. These tests
|
|
// just go to show extra bulletproofing, I guess.
|
|
{"http://localhost/scheme", "https://localhost/scheme", http.StatusMovedPermanently},
|
|
{"https://localhost/scheme", "", http.StatusOK},
|
|
{"https://localhost/scheme2", "http://localhost/scheme2", http.StatusMovedPermanently},
|
|
{"http://localhost/scheme2", "", http.StatusOK},
|
|
{"http://localhost/scheme3", "https://localhost/scheme3", http.StatusMovedPermanently},
|
|
{"https://localhost/scheme3", "", http.StatusOK},
|
|
} {
|
|
var nextCalled bool
|
|
|
|
re := Redirect{
|
|
Next: httpserver.HandlerFunc(func(w http.ResponseWriter, r *http.Request) (int, error) {
|
|
nextCalled = true
|
|
return 0, nil
|
|
}),
|
|
Rules: []Rule{
|
|
{FromScheme: func() string { return "http" }, FromPath: "/from", To: "/to", Code: http.StatusMovedPermanently, RequestMatcher: httpserver.IfMatcher{}},
|
|
{FromScheme: func() string { return "http" }, FromPath: "/a", To: "/b", Code: http.StatusTemporaryRedirect, RequestMatcher: httpserver.IfMatcher{}},
|
|
|
|
// These http and https schemes would never actually be mixed in the same
|
|
// redirect rule with Caddy because http and https schemes have different listeners,
|
|
// so they don't share a redirect rule. So although these tests prove something
|
|
// impossible with Caddy, it's extra bulletproofing at very little cost.
|
|
{FromScheme: func() string { return "http" }, FromPath: "/scheme", To: "https://localhost/scheme", Code: http.StatusMovedPermanently, RequestMatcher: httpserver.IfMatcher{}},
|
|
{FromScheme: func() string { return "https" }, FromPath: "/scheme2", To: "http://localhost/scheme2", Code: http.StatusMovedPermanently, RequestMatcher: httpserver.IfMatcher{}},
|
|
{FromScheme: func() string { return "" }, FromPath: "/scheme3", To: "https://localhost/scheme3", Code: http.StatusMovedPermanently, RequestMatcher: httpserver.IfMatcher{}},
|
|
},
|
|
}
|
|
|
|
req, err := http.NewRequest("GET", test.from, nil)
|
|
if err != nil {
|
|
t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
|
|
}
|
|
if strings.HasPrefix(test.from, "https://") {
|
|
req.TLS = new(tls.ConnectionState) // faux HTTPS
|
|
}
|
|
|
|
rec := httptest.NewRecorder()
|
|
re.ServeHTTP(rec, req)
|
|
|
|
if rec.Header().Get("Location") != test.expectedLocation {
|
|
t.Errorf("Test %d: Expected Location header to be %q but was %q",
|
|
i, test.expectedLocation, rec.Header().Get("Location"))
|
|
}
|
|
|
|
if rec.Code != test.expectedCode {
|
|
t.Errorf("Test %d: Expected status code to be %d but was %d",
|
|
i, test.expectedCode, rec.Code)
|
|
}
|
|
|
|
if nextCalled && test.expectedLocation != "" {
|
|
t.Errorf("Test %d: Next handler was unexpectedly called", i)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestParametersRedirect(t *testing.T) {
|
|
re := Redirect{
|
|
Rules: []Rule{
|
|
{FromScheme: func() string { return "http" }, FromPath: "/", Meta: false, To: "http://example.com{uri}", RequestMatcher: httpserver.IfMatcher{}},
|
|
},
|
|
}
|
|
|
|
req, err := http.NewRequest("GET", "/a?b=c", nil)
|
|
if err != nil {
|
|
t.Fatalf("Test 1: Could not create HTTP request: %v", err)
|
|
}
|
|
ctx := context.WithValue(req.Context(), httpserver.OriginalURLCtxKey, *req.URL)
|
|
req = req.WithContext(ctx)
|
|
|
|
rec := httptest.NewRecorder()
|
|
re.ServeHTTP(rec, req)
|
|
|
|
if got, want := rec.Header().Get("Location"), "http://example.com/a?b=c"; got != want {
|
|
t.Fatalf("Test 1: expected location header %s but was %s", want, got)
|
|
}
|
|
|
|
re = Redirect{
|
|
Rules: []Rule{
|
|
{FromScheme: func() string { return "http" }, FromPath: "/", Meta: false, To: "http://example.com/a{path}?b=c&{query}", RequestMatcher: httpserver.IfMatcher{}},
|
|
},
|
|
}
|
|
|
|
req, err = http.NewRequest("GET", "/d?e=f", nil)
|
|
if err != nil {
|
|
t.Fatalf("Test 2: Could not create HTTP request: %v", err)
|
|
}
|
|
ctx = context.WithValue(req.Context(), httpserver.OriginalURLCtxKey, *req.URL)
|
|
req = req.WithContext(ctx)
|
|
|
|
re.ServeHTTP(rec, req)
|
|
|
|
if got, want := rec.Header().Get("Location"), "http://example.com/a/d?b=c&e=f"; got != want {
|
|
t.Fatalf("Test 2: expected location header %s but was %s", want, got)
|
|
}
|
|
}
|
|
|
|
func TestMetaRedirect(t *testing.T) {
|
|
re := Redirect{
|
|
Rules: []Rule{
|
|
{FromScheme: func() string { return "http" }, FromPath: "/whatever", Meta: true, To: "/something", RequestMatcher: httpserver.IfMatcher{}},
|
|
{FromScheme: func() string { return "http" }, FromPath: "/", Meta: true, To: "https://example.com/", RequestMatcher: httpserver.IfMatcher{}},
|
|
},
|
|
}
|
|
|
|
for i, test := range re.Rules {
|
|
req, err := http.NewRequest("GET", test.FromPath, nil)
|
|
if err != nil {
|
|
t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
|
|
}
|
|
|
|
rec := httptest.NewRecorder()
|
|
re.ServeHTTP(rec, req)
|
|
|
|
body, err := ioutil.ReadAll(rec.Body)
|
|
if err != nil {
|
|
t.Fatalf("Test %d: Could not read HTTP response body: %v", i, err)
|
|
}
|
|
expectedSnippet := `<meta http-equiv="refresh" content="0; URL='` + test.To + `'">`
|
|
if !bytes.Contains(body, []byte(expectedSnippet)) {
|
|
t.Errorf("Test %d: Expected Response Body to contain %q but was %q",
|
|
i, expectedSnippet, body)
|
|
}
|
|
}
|
|
}
|