diff options
| author | Matthew Holt <mholt@users.noreply.github.com> | 2020-05-26 17:35:27 -0600 | 
|---|---|---|
| committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-05-26 17:35:27 -0600 | 
| commit | e5bbed10461f8baa3c75e4614edb8d44d3252bb5 (patch) | |
| tree | e0df2de9f1e2696c440d3783b7d14e62193018a3 /modules/caddyhttp | |
| parent | 294910c68c315af41f4f47ec6c767fbe318c0e43 (diff) | |
caddyhttp: Refactor header matching
This allows response matchers to benefit from the same matching logic
as the request header matchers (mainly prefix/suffix wildcards).
Diffstat (limited to 'modules/caddyhttp')
| -rw-r--r-- | modules/caddyhttp/matchers.go | 73 | ||||
| -rw-r--r-- | modules/caddyhttp/matchers_test.go | 33 | 
2 files changed, 61 insertions, 45 deletions
| diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 0860780..5dddb71 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -17,7 +17,6 @@ package caddyhttp  import (  	"encoding/json"  	"fmt" -	"log"  	"net"  	"net/http"  	"net/textproto" @@ -28,6 +27,7 @@ import (  	"github.com/caddyserver/caddy/v2"  	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" +	"go.uber.org/zap"  )  type ( @@ -105,7 +105,8 @@ type (  	MatchRemoteIP struct {  		Ranges []string `json:"ranges,omitempty"` -		cidrs []*net.IPNet +		cidrs  []*net.IPNet +		logger *zap.Logger  	}  	// MatchNot matches requests by negating the results of its matcher @@ -410,23 +411,28 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {  	return nil  } -// Like req.Header.Get(), but that works with Host header. -// go's http module swallows "Host" header. -func getHeader(r *http.Request, field string) []string { -	field = textproto.CanonicalMIMEHeaderKey(field) +// Match returns true if r matches m. +func (m MatchHeader) Match(r *http.Request) bool { +	return matchHeaders(r.Header, http.Header(m), r.Host) +} -	if field == "Host" { -		return []string{r.Host} +// getHeaderFieldVals returns the field values for the given fieldName from input. +// The host parameter should be obtained from the http.Request.Host field since +// net/http removes it from the header map. +func getHeaderFieldVals(input http.Header, fieldName, host string) []string { +	fieldName = textproto.CanonicalMIMEHeaderKey(fieldName) +	if fieldName == "Host" && host != "" { +		return []string{host}  	} - -	return r.Header[field] +	return input[fieldName]  } -// Match returns true if r matches m. -func (m MatchHeader) Match(r *http.Request) bool { -	for field, allowedFieldVals := range m { -		actualFieldVals := getHeader(r, field) - +// matchHeaders returns true if input matches the criteria in against without regex. +// The host parameter should be obtained from the http.Request.Host field since +// net/http removes it from the header map. +func matchHeaders(input, against http.Header, host string) bool { +	for field, allowedFieldVals := range against { +		actualFieldVals := getHeaderFieldVals(input, field, host)  		if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil {  			// a non-nil but empty list of allowed values means  			// match if the header field exists at all @@ -501,8 +507,7 @@ func (m *MatchHeaderRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {  // Match returns true if r matches m.  func (m MatchHeaderRE) Match(r *http.Request) bool {  	for field, rm := range m { -		actualFieldVals := getHeader(r, field) - +		actualFieldVals := getHeaderFieldVals(r.Header, field, r.Host)  		match := false  	fieldVal:  		for _, actualFieldVal := range actualFieldVals { @@ -700,6 +705,7 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {  // Provision parses m's IP ranges, either from IP or CIDR expressions.  func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { +	m.logger = ctx.Logger(m)  	for _, str := range m.Ranges {  		if strings.Contains(str, "/") {  			_, ipNet, err := net.ParseCIDR(str) @@ -748,7 +754,7 @@ func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, error) {  func (m MatchRemoteIP) Match(r *http.Request) bool {  	clientIP, err := m.getClientIP(r)  	if err != nil { -		log.Printf("[ERROR] remote_ip matcher: %v", err) +		m.logger.Error("getting client IP", zap.Error(err))  		return false  	}  	for _, ipRange := range m.cidrs { @@ -859,7 +865,9 @@ type ResponseMatcher struct {  	// in that class (e.g. 3 for all 3xx codes).  	StatusCode []int `json:"status_code,omitempty"` -	// If set, each header specified must be one of the specified values. +	// If set, each header specified must be one of the +	// specified values, with the same logic used by the +	// request header matcher.  	Headers http.Header `json:"headers,omitempty"`  } @@ -868,7 +876,7 @@ func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool {  	if !rm.matchStatusCode(statusCode) {  		return false  	} -	return rm.matchHeaders(hdr) +	return matchHeaders(hdr, rm.Headers, "")  }  func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { @@ -883,31 +891,6 @@ func (rm ResponseMatcher) matchStatusCode(statusCode int) bool {  	return false  } -func (rm ResponseMatcher) matchHeaders(hdr http.Header) bool { -	for field, allowedFieldVals := range rm.Headers { -		actualFieldVals, fieldExists := hdr[textproto.CanonicalMIMEHeaderKey(field)] -		if allowedFieldVals != nil && len(allowedFieldVals) == 0 && fieldExists { -			// a non-nil but empty list of allowed values means -			// match if the header field exists at all -			continue -		} -		var match bool -	fieldVals: -		for _, actualFieldVal := range actualFieldVals { -			for _, allowedFieldVal := range allowedFieldVals { -				if actualFieldVal == allowedFieldVal { -					match = true -					break fieldVals -				} -			} -		} -		if !match { -			return false -		} -	} -	return true -} -  var wordRE = regexp.MustCompile(`\w+`)  const regexpPlaceholderPrefix = "http.regexp" diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 021bb98..9b3a9a8 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -449,6 +449,21 @@ func TestHeaderMatcher(t *testing.T) {  			expect: false,  		},  		{ +			match:  MatchHeader{"Field1": []string{"foo*"}}, +			input:  http.Header{"Field1": []string{"foo"}}, +			expect: true, +		}, +		{ +			match:  MatchHeader{"Field1": []string{"foo*"}}, +			input:  http.Header{"Field1": []string{"asdf", "foobar"}}, +			expect: true, +		}, +		{ +			match:  MatchHeader{"Field1": []string{"*bar"}}, +			input:  http.Header{"Field1": []string{"asdf", "foobar"}}, +			expect: true, +		}, +		{  			match:  MatchHeader{"host": []string{"localhost"}},  			input:  http.Header{},  			host:   "localhost", @@ -814,6 +829,24 @@ func TestResponseMatcher(t *testing.T) {  			hdr:    http.Header{"Foo": []string{"bar"}, "Foo2": []string{"baz"}},  			expect: true,  		}, +		{ +			require: ResponseMatcher{ +				Headers: http.Header{ +					"Foo": []string{"foo*"}, +				}, +			}, +			hdr:    http.Header{"Foo": []string{"foobar"}}, +			expect: true, +		}, +		{ +			require: ResponseMatcher{ +				Headers: http.Header{ +					"Foo": []string{"foo*"}, +				}, +			}, +			hdr:    http.Header{"Foo": []string{"foobar"}}, +			expect: true, +		},  	} {  		actual := tc.require.Match(tc.status, tc.hdr)  		if actual != tc.expect { | 
