Compare commits

...

3 Commits

Author SHA1 Message Date
Rahul Padigela f7e79ab35b Merge pull request #142 from scality/port/fix/authv4-canonical-req
FIX: Send correct values to Arsenal
2017-06-28 16:58:47 -07:00
Bennett Buchanan 5cd13805ac FIX: Send correct values to Arsenal
Fix #97

(cherry picked from commit a841c4e2e7)
2017-06-28 16:08:43 -07:00
Bennett Buchanan fd19956c33 DEV: Handle error from decodeURIComponent
Fix #85
Return InvalidURI error if `decodeURIComponent`
throws error

(cherry picked from commit fa3502a1aa)
2017-06-28 16:08:37 -07:00
3 changed files with 64 additions and 7 deletions

View File

@ -97,6 +97,18 @@ export default class UtapiRequest {
return this; return this;
} }
/**
* Set request pathname
*
* @param {string} pathname - pathname from url.parse
* of request.url (pathname minus query)
* @return {UtapiRequest} itself
*/
setRequestPathname(pathname) {
this._requestPathname = pathname;
return this;
}
/** /**
* Get http request object * Get http request object
* *
@ -133,6 +145,15 @@ export default class UtapiRequest {
return this._requestPath; return this._requestPath;
} }
/**
* Get request pathname
*
* @return {string} request pathname
*/
getRequestPathname() {
return this._requestPathname;
}
/** /**
* Get requester ip address * Get requester ip address
* *

View File

@ -34,17 +34,52 @@ class UtapiServer {
routes.forEach(item => this.router.addRoute(new Route(item))); routes.forEach(item => this.router.addRoute(new Route(item)));
} }
/**
* Function to validate a URI component
*
* @param {string|object} component - path from url.parse of request.url
* (pathname plus query) or query from request
* @return {string|undefined} If `decodeURIComponent` throws an error,
* return the invalid `decodeURIComponent` string, otherwise return
* `undefined`
*/
_checkURIComponent(component) {
if (typeof component === 'string') {
try {
decodeURIComponent(component);
} catch (err) {
return true;
}
} else {
return Object.keys(component).find(x => {
try {
decodeURIComponent(x);
decodeURIComponent(component[x]);
} catch (err) {
return true;
}
return false;
});
}
return undefined;
}
requestListener(req, res, router) { requestListener(req, res, router) {
// disable nagle algorithm // disable nagle algorithm
req.socket.setNoDelay(); req.socket.setNoDelay();
const { query, path } = url.parse(req.url, true); const { query, path, pathname } = url.parse(req.url, true);
const utapiRequest = new UtapiRequest() const utapiRequest = new UtapiRequest()
.setRequest(req) .setRequest(req)
.setLog(this.logger.newRequestLogger()) .setLog(this.logger.newRequestLogger())
.setResponse(res) .setResponse(res)
.setDatastore(this.datastore) .setDatastore(this.datastore);
.setRequestQuery(query) // Sanity check for valid URI component
.setRequestPath(path); if (this._checkURIComponent(query) || this._checkURIComponent(path)) {
return this.errorResponse(utapiRequest, errors.InvalidURI);
}
utapiRequest.setRequestQuery(query);
utapiRequest.setRequestPath(path);
utapiRequest.setRequestPathname(pathname);
// temp hack: healthcheck route // temp hack: healthcheck route
if (path === '/_/healthcheck' && (req.method === 'GET' if (path === '/_/healthcheck' && (req.method === 'GET'
|| req.method === 'POST')) { || req.method === 'POST')) {

View File

@ -217,9 +217,10 @@ class Router {
utapiRequest.getAction(), 'utapi') utapiRequest.getAction(), 'utapi')
); );
auth.setHandler(this._vault); auth.setHandler(this._vault);
const requestPlusPath = utapiRequest.getRequest(); const request = utapiRequest.getRequest();
requestPlusPath.path = utapiRequest.getRequestPath(); request.path = utapiRequest.getRequestPathname();
return auth.server.doAuth(requestPlusPath, log, (err, authResults) => { request.query = utapiRequest.getRequestQuery();
return auth.server.doAuth(request, log, (err, authResults) => {
if (err) { if (err) {
return cb(err); return cb(err);
} }