Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve various issues #93

Merged
merged 4 commits into from
Aug 1, 2018
Merged

Resolve various issues #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1836782
cmd: Refresh rules in api mode
Aug 1, 2018
f8d16a7
cmd: Improve refresh subroutines
Aug 1, 2018
a917597
rule: Allow regex in match scheme
Aug 1, 2018
394702c
rule: Allow empty upstream in rules
Aug 1, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions cmd/helper_server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,12 @@ func getHydraSDK() hydra.SDK {
return sdk
}

func refreshRules(m rule.Refresher) {
duration, _ := time.ParseDuration(viper.GetString("RULES_REFRESH_INTERVAL"))
func refreshRules(m rule.Refresher, duration time.Duration) {
if duration == 0 {
duration = time.Second * 30
duration, _ = time.ParseDuration(viper.GetString("RULES_REFRESH_INTERVAL"))
if duration == 0 {
duration = time.Second * 30
}
}

var fails int
Expand All @@ -74,10 +76,12 @@ func refreshRules(m rule.Refresher) {
}
}

func refreshKeys(k rsakey.Manager) {
duration, _ := time.ParseDuration(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL"))
func refreshKeys(k rsakey.Manager, duration time.Duration) {
if duration == 0 {
duration = time.Minute * 5
duration, _ = time.ParseDuration(viper.GetString("CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL"))
if duration == 0 {
duration = time.Minute * 5
}
}

var fails int
Expand Down
3 changes: 2 additions & 1 deletion cmd/serve_api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,8 @@ HTTP CONTROLS
n.UseHandler(judgeHandler)
ch := cors.New(corsx.ParseOptions()).Handler(n)

go refreshKeys(keyManager)
go refreshKeys(keyManager, 0)
go refreshRules(matcher, 0)

addr := fmt.Sprintf("%s:%s", viper.GetString("HOST"), viper.GetString("PORT"))
server := graceful.WithDefaults(&http.Server{
Expand Down
4 changes: 2 additions & 2 deletions cmd/serve_proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,8 +159,8 @@ OTHER CONTROLS
logger.WithError(err).Fatalln("Unable to initialize the ID Token signing algorithm")
}

go refreshRules(matcher)
go refreshKeys(keyManager)
go refreshRules(matcher, 0)
go refreshKeys(keyManager, 0)

var authorizers = []proxy.Authorizer{
proxy.NewAuthorizerAllow(),
Expand Down
4 changes: 4 additions & 0 deletions proxy/proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,10 @@ func EnrichRequestedURL(r *http.Request) {
}

func configureBackendURL(r *http.Request, rl *rule.Rule) error {
if rl.Upstream.URL == "" {
return errors.Errorf("Unable to forward the request because matched rule does not define an upstream URL")
}

p, err := url.Parse(rl.Upstream.URL)
if err != nil {
return errors.WithStack(err)
Expand Down
10 changes: 8 additions & 2 deletions rule/rule_validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,11 @@ func ValidateRule(
methods := []string{"GET", "POST", "PUT", "HEAD", "DELETE", "PATCH", "OPTIONS", "TRACE", "CONNECT"}

return func(r *Rule) error {
if !govalidator.IsURL(r.Match.URL) {
// This is disabled because it doesn't support checking for regular expressions (obviously).
// if !govalidator.IsURL(r.Match.URL) {
// return errors.WithStack(helper.ErrBadRequest.WithReason(fmt.Sprintf("Value \"%s\" from match.url field is not a valid url.", r.Match.URL)))
// }
if r.Match.URL == "" {
return errors.WithStack(helper.ErrBadRequest.WithReason(fmt.Sprintf("Value \"%s\" from match.url field is not a valid url.", r.Match.URL)))
}

Expand All @@ -47,7 +51,9 @@ func ValidateRule(
}
}

if !govalidator.IsURL(r.Upstream.URL) {
if r.Upstream.URL == "" {
// Having no upstream URL is fine here because the judge does not need an upstream!
} else if !govalidator.IsURL(r.Upstream.URL) {
return errors.WithStack(helper.ErrBadRequest.WithReason(fmt.Sprintf("Value \"%s\" from upstream.url field is not a valid url.", r.Upstream.URL)))
}

Expand Down
12 changes: 6 additions & 6 deletions rule/rule_validator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,17 @@ func TestValidateRule(t *testing.T) {

assertReason(t, v(&Rule{}), "from match.url field is not a valid url.")

assertReason(t, v(&Rule{
Match: RuleMatch{URL: "asdf"},
}), "from match.url field is not a valid url.")
// assertReason(t, v(&Rule{
// Match: RuleMatch{URL: "asdf"},
// }), "from match.url field is not a valid url.")

assertReason(t, v(&Rule{
Match: RuleMatch{URL: "https://www.ory.sh", Methods: []string{"FOO"}},
}), "from match.methods is not a valid HTTP method")

assertReason(t, v(&Rule{
Match: RuleMatch{URL: "https://www.ory.sh", Methods: []string{"POST"}},
}), "from upstream.url field is not a valid url.")
// assertReason(t, v(&Rule{
// Match: RuleMatch{URL: "https://www.ory.sh", Methods: []string{"POST"}},
// }), "from upstream.url field is not a valid url.")

assertReason(t, v(&Rule{
Match: RuleMatch{URL: "https://www.ory.sh", Methods: []string{"POST"}},
Expand Down