Normalize URL

- normal the url before we apply the protection middleware against it

forwarding.go

@@ -29,6 +29,9 @@ import (
 // reverseProxyMiddleware is responsible for handles reverse proxy request to the upstream endpoint
 func (r *oauthProxy) reverseProxyMiddleware() gin.HandlerFunc {
 	return func(cx *gin.Context) {
+		// step: continue the flow
+		cx.Next()
+		// step: check its cool to continue
 		if cx.IsAborted() {
 			return
 		}

handlers_test.go

@@ -262,8 +262,8 @@ func TestAuthorizationURL(t *testing.T) {
 			ExpectedCode: http.StatusTemporaryRedirect,
 		},
 		{
-			URL:          "/admin/../",
-			ExpectedURL:  "/oauth/authorize?state=L2FkbWluLy4uLw==",
+			URL:          "/help/../admin",
+			ExpectedURL:  "/oauth/authorize?state=L2FkbWlu",
 			ExpectedCode: http.StatusTemporaryRedirect,
 		},
 		{

middleware.go

@@ -16,12 +16,12 @@ limitations under the License.
 package main
 
 import (
-	"bytes"
 	"fmt"
 	"regexp"
 	"strings"
 	"time"
 
+	"github.com/PuerkitoBio/purell"
 	log "github.com/Sirupsen/logrus"
 	"github.com/coreos/go-oidc/jose"
 	"github.com/gin-gonic/gin"
@@ -34,19 +34,19 @@ const (
 	cxEnforce = "Enforcing"
 )
 
+const normalizeFlags purell.NormalizationFlags = purell.FlagRemoveDotSegments | purell.FlagRemoveDuplicateSlashes
+
 // filterMiddleware is custom filtering for incoming requests
 func (r *oauthProxy) filterMiddleware() gin.HandlerFunc {
 	return func(cx *gin.Context) {
-		var p rune
-		var b bytes.Buffer
-		for _, c := range cx.Request.URL.Path {
-			if c == '/' && p == '/' {
-				continue
-			}
-			p = c
-			b.WriteRune(c)
-		}
-		cx.Request.URL.Path = b.String()
+		// step: keep a copy of the original
+		orig := *cx.Request.URL
+		// step: normalize the url
+		purell.NormalizeURL(cx.Request.URL, normalizeFlags)
+		// step: continue the flow
+		cx.Next()
+		// step: place back the original
+		cx.Request.URL = &orig
 	}
 }