diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-08 15:39:23 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-08 15:39:30 -0600 |
commit | e5dc76b05406ece7e2c1a9567bb18a47d7873793 (patch) | |
tree | b20eb56d8c0d053a24572c9b793a7b97e83efb15 /modules/caddyhttp | |
parent | 7dfd69cdc5966ae454e35cd6e976686131bfda8d (diff) |
caddyhttp: CEL matcher checks return type; slight refactor
As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/celmatcher.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index ddaf418..8d183c1 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -24,6 +24,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/gogo/protobuf/proto" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" @@ -99,16 +100,16 @@ func (m *MatchExpression) Provision(_ caddy.Context) error { return fmt.Errorf("setting up CEL environment: %v", err) } - // parse the expression - parsed, issues := env.Parse(m.expandedExpr) + // parse and type-check the expression + checked, issues := env.Compile(m.expandedExpr) if issues != nil && issues.Err() != nil { - return fmt.Errorf("parsing CEL program: %s", issues.Err()) + return fmt.Errorf("compiling CEL program: %s", issues.Err()) } - // type-check it - checked, issues := env.Check(parsed) - if issues != nil && issues.Err() != nil { - return fmt.Errorf("type-checking CEL program: %s", issues.Err()) + // request matching is a boolean operation, so we don't really know + // what to do if the expression returns a non-boolean type + if !proto.Equal(checked.ResultType(), decls.Bool) { + return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType()) } // compile the "program" |