From 447c5fa248b917815107b3d73667ee31d8ac0960 Mon Sep 17 00:00:00 2001
From: Ricardo Weir <ricardo.weir@loft.sh>
Date: Tue, 3 Sep 2024 11:28:20 -0700
Subject: [PATCH] Reject invalid endpoint

Prior, a non-empty endpoint of the incorrect format would cause an
embedded sqlite backend to be used. By passing a non-empty endpoint
the user is intending to use an external backend. Now, the endpoint
will be validated and passing a non-empty endpoint of an incorrect
format will result in an error.

Signed-off-by: Ricardo Weir <ricardo.weir@loft.sh>
---
 pkg/endpoint/endpoint.go | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
index 81dedecd..64084935 100644
--- a/pkg/endpoint/endpoint.go
+++ b/pkg/endpoint/endpoint.go
@@ -56,7 +56,11 @@ type ETCDConfig struct {
 }
 
 func Listen(ctx context.Context, config Config) (ETCDConfig, error) {
-	driver, dsn := ParseStorageEndpoint(config.Endpoint)
+	driver, dsn, err := ParseStorageEndpoint(config.Endpoint)
+	if err != nil {
+		return ETCDConfig{}, errors.Wrap(err, "parsing storage endpoint")
+	}
+
 	if driver == ETCDBackend {
 		return ETCDConfig{
 			Endpoints:   strings.Split(config.Endpoint, ","),
@@ -233,19 +237,23 @@ func getKineStorageBackend(ctx context.Context, driver, dsn string, cfg Config)
 }
 
 // ParseStorageEndpoint returns the driver name and endpoint string from a datastore endpoint URL.
-func ParseStorageEndpoint(storageEndpoint string) (string, string) {
+func ParseStorageEndpoint(storageEndpoint string) (string, string, error) {
+	if err := validateStorageEndpoint(storageEndpoint); err != nil {
+		return "", "", err
+	}
+
 	network, address := networkAndAddress(storageEndpoint)
 	switch network {
 	case "":
-		return SQLiteBackend, ""
+		return SQLiteBackend, "", nil
 	case "nats":
-		return NATSBackend, storageEndpoint
+		return NATSBackend, storageEndpoint, nil
 	case "http":
 		fallthrough
 	case "https":
-		return ETCDBackend, address
+		return ETCDBackend, address, nil
 	}
-	return network, address
+	return network, address, nil
 }
 
 // networkAndAddress crudely splits a URL string into network (scheme) and address,
@@ -257,3 +265,16 @@ func networkAndAddress(str string) (string, string) {
 	}
 	return "", parts[0]
 }
+
+// validateStorageEndpoint validates the given string can be used to infer backend and optionally extract connection
+// info
+func validateStorageEndpoint(str string) error {
+	if strings.Contains(str, "://") {
+		return nil
+	}
+	if str == "" {
+		return nil
+	}
+	// without this check kine will silently run embedded sqlite, despite user intending to use a passed backend
+	return fmt.Errorf("invalid storage endpoint [%s]. Non-empty storage endpoint should be of the format <network>://<address>", str)
+}