mirror of https://github.com/harness/drone.git
212 lines
6.8 KiB
Go
212 lines
6.8 KiB
Go
// Copyright 2023 Harness, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package encode
|
|
|
|
import (
|
|
"net/http"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"github.com/harness/gitness/app/api/render"
|
|
"github.com/harness/gitness/app/request"
|
|
"github.com/harness/gitness/types"
|
|
|
|
"github.com/rs/zerolog/hlog"
|
|
)
|
|
|
|
const (
|
|
EncodedPathSeparator = "%2F"
|
|
)
|
|
|
|
// GitPathBefore wraps an http.HandlerFunc in a layer that encodes a path coming
|
|
// as part of the GIT api (e.g. "space1/repo.git") before executing the provided http.HandlerFunc.
|
|
func GitPathBefore(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
_, err := pathTerminatedWithMarker(r, "", ".git", "")
|
|
if err != nil {
|
|
render.TranslatedUserError(ctx, w, err)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
},
|
|
)
|
|
}
|
|
|
|
// TerminatedPathBefore wraps an http.HandlerFunc in a layer that encodes a terminated path (e.g. "/space1/space2/+")
|
|
// before executing the provided http.HandlerFunc. The first prefix that matches the URL.Path will
|
|
// be used during encoding (prefix is ignored during encoding).
|
|
func TerminatedPathBefore(prefixes []string, next http.Handler) http.Handler {
|
|
return http.HandlerFunc(
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
for _, p := range prefixes {
|
|
changed, err := pathTerminatedWithMarker(r, p, "/+", "")
|
|
if err != nil {
|
|
render.TranslatedUserError(ctx, w, err)
|
|
return
|
|
}
|
|
|
|
// first prefix that leads to success we can stop
|
|
if changed {
|
|
break
|
|
}
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
},
|
|
)
|
|
}
|
|
|
|
// TerminatedRegexPathBefore is similar to TerminatedPathBefore but supports regex prefixes.
|
|
func TerminatedRegexPathBefore(regexPrefixes []string, next http.Handler) http.Handler {
|
|
return http.HandlerFunc(
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
for _, p := range regexPrefixes {
|
|
changed, err := regexPathTerminatedWithMarker(r, p, "/+", "")
|
|
if err != nil {
|
|
render.TranslatedUserError(ctx, w, err)
|
|
return
|
|
}
|
|
|
|
// first prefix that leads to success we can stop
|
|
if changed {
|
|
break
|
|
}
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
},
|
|
)
|
|
}
|
|
|
|
// pathTerminatedWithMarker function encodes a path followed by a custom marker and returns a request with an
|
|
// updated URL.Path.
|
|
// A non-empty prefix can be provided to encode only after the prefix.
|
|
// It allows our Rest API to handle paths of the form "/spaces/space1/space2/+/authToken"
|
|
//
|
|
// Examples:
|
|
// Prefix: "" Path: "/space1/space2/+" => "/space1%2Fspace2"
|
|
// Prefix: "" Path: "/space1/.gitness.git" => "/space1%2F.gitness"
|
|
// Prefix: "/spaces" Path: "/spaces/space1/space2/+/authToken" => "/spaces/space1%2Fspace2/authToken".
|
|
func pathTerminatedWithMarker(r *http.Request, prefix string, marker string, markerReplacement string) (bool, error) {
|
|
// r.URL.Path contains URL-decoded URI path. r.URL.RawPath contains raw URI path. But, if the URI don't contain
|
|
// any character that needs encoding, the r.URL.RawPath is empty (otherwise it would be equal to r.URL.Path).
|
|
|
|
// We work with r.URL.RawPath it is exist, or with r.URL.Path if the r.URL.RawPath is empty.
|
|
urlPath := r.URL.Path
|
|
if r.URL.RawPath != "" {
|
|
urlPath = r.URL.RawPath
|
|
}
|
|
|
|
return pathTerminatedWithMarkerAndURL(r, prefix, marker, markerReplacement, urlPath)
|
|
}
|
|
|
|
func pathTerminatedWithMarkerAndURL(
|
|
r *http.Request, prefix string, marker string, markerReplacement string, urlPath string,
|
|
) (bool, error) {
|
|
// In case path doesn't start with prefix - nothing to encode
|
|
if len(urlPath) < len(prefix) || urlPath[0:len(prefix)] != prefix {
|
|
return false, nil
|
|
}
|
|
|
|
originalSubPath := urlPath[len(prefix):]
|
|
path, found := cutOutTerminatedPath(originalSubPath, marker)
|
|
if !found {
|
|
// If we don't find a marker - nothing to encode
|
|
return false, nil
|
|
}
|
|
|
|
// if marker was found - convert to escaped version (skip first character in case path starts with '/').
|
|
escapedPath := path[0:1] + strings.ReplaceAll(path[1:], types.PathSeparator, EncodedPathSeparator)
|
|
|
|
prefixWithPath := prefix + path + marker
|
|
prefixWithEscapedPath := prefix + escapedPath + markerReplacement
|
|
|
|
hlog.FromRequest(r).Trace().Msgf(
|
|
"[Encode] prefix: '%s', marker: '%s', original: '%s', escaped: '%s'.\n",
|
|
prefix,
|
|
marker,
|
|
prefixWithPath,
|
|
prefixWithEscapedPath,
|
|
)
|
|
|
|
err := request.ReplacePrefix(r, prefixWithPath, prefixWithEscapedPath)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
return true, nil
|
|
}
|
|
|
|
// regexPathTerminatedWithMarker is similar to pathTerminatedWithMarker but with regex prefix support.
|
|
//
|
|
// Example:
|
|
// 1. Path: "/registry/app1%2Fremote2/artifact/foo/bar/+/summary"
|
|
// Prefix: => "^/registry/([^/]+)/artifact/" Marker: => "/+" MarkerReplacement: => ""
|
|
// ==> "/registry/app1%2Fremote2/artifact/foo%2Fbar/summary"
|
|
//
|
|
// 2. Path: "/registry/abc/artifact/foo/bar/+/summary"
|
|
// Prefix: => "^/registry/([^/]+)/artifact/" Marker: => "/+" MarkerReplacement: => ""
|
|
// ==> "/registry/abc/artifact/foo%2Fbar/summary"
|
|
|
|
func regexPathTerminatedWithMarker(
|
|
r *http.Request,
|
|
regexPrefix string,
|
|
marker string,
|
|
markerReplacement string,
|
|
) (bool, error) {
|
|
prefixPattern := regexp.MustCompile(regexPrefix)
|
|
|
|
matches := prefixPattern.FindStringSubmatch(r.URL.Path)
|
|
// In case path doesn't start with prefix - nothing to encode
|
|
if len(matches) == 0 {
|
|
return false, nil
|
|
}
|
|
|
|
// We only care about the first match as we provide prefix
|
|
prefix := matches[0]
|
|
|
|
urlPath := r.URL.Path
|
|
if r.URL.RawPath != "" {
|
|
urlPath = r.URL.RawPath
|
|
}
|
|
return pathTerminatedWithMarkerAndURL(r, prefix, marker, markerReplacement, urlPath)
|
|
}
|
|
|
|
// cutOutTerminatedPath cuts out the resource path terminated with the provided marker (path segment suffix).
|
|
// e.g. subPath: "/space1/space2/+/authToken", marker: "/+" => "/space1/space2"
|
|
// e.g. subPath: "/space1/space2.git", marker: ".git" => "/space1/space2"
|
|
// e.g. subPath: "/space1/space2.git/", marker: ".git" => "/space1/space2".
|
|
func cutOutTerminatedPath(subPath string, marker string) (string, bool) {
|
|
// if subpath ends with the marker, just remove the marker.
|
|
if strings.HasSuffix(subPath, marker) {
|
|
return subPath[:len(subPath)-len(marker)], true
|
|
}
|
|
|
|
// ensure we only look for path segment suffixes when looking for the marker.
|
|
if !strings.HasSuffix(marker, "/") {
|
|
marker += "/"
|
|
}
|
|
if path, _, found := strings.Cut(subPath, marker); found {
|
|
return path, true
|
|
}
|
|
|
|
return "", false
|
|
}
|