forked from TrueCloudLab/frostfs-s3-gw
[#586] Skip port when matching listen domains
We may have a situation where the domain can be specified in the config without a port, and the host in the header will be with a port. As a result, the host will not match. Now the port is not taken into account when checking for a match. Signed-off-by: Roman Loginov <r.loginov@yadro.com>
This commit is contained in:
parent
09412d8f20
commit
e0ce59fd32
5 changed files with 19 additions and 0 deletions
|
@ -122,6 +122,10 @@ func preparePathStyleAddress(reqInfo *ReqInfo, r *http.Request, reqLogger *zap.L
|
|||
}
|
||||
|
||||
func checkDomain(host string, domains []string) (bktName string, match bool) {
|
||||
if pos := strings.Index(host, ":"); pos != -1 {
|
||||
host = host[:pos]
|
||||
}
|
||||
|
||||
partsHost := strings.Split(host, ".")
|
||||
for _, pattern := range domains {
|
||||
partsPattern := strings.Split(pattern, ".")
|
||||
|
|
|
@ -409,6 +409,13 @@ func TestCheckDomains(t *testing.T) {
|
|||
requestURL: "bktA.bktB.s3.kapusta.domain.com",
|
||||
expectedMatch: false,
|
||||
},
|
||||
{
|
||||
name: "valid url with bktName and namespace (wildcard after protocol infix) with port",
|
||||
domains: []string{"s3.<wildcard>.domain.com"},
|
||||
requestURL: "bktA.s3.kapusta.domain.com:8884",
|
||||
expectedBktName: "bktA",
|
||||
expectedMatch: true,
|
||||
},
|
||||
} {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
bktName, match := checkDomain(tc.requestURL, tc.domains)
|
||||
|
|
|
@ -1288,6 +1288,11 @@ func validateDomains(domains []string, log *zap.Logger) []string {
|
|||
validDomains := make([]string, 0, len(domains))
|
||||
LOOP:
|
||||
for _, domain := range domains {
|
||||
if strings.Contains(domain, ":") {
|
||||
log.Warn(logs.WarnDomainContainsPort, zap.String("domain", domain))
|
||||
continue
|
||||
}
|
||||
|
||||
domainParts := strings.Split(domain, ".")
|
||||
for _, part := range domainParts {
|
||||
if strings.ContainsAny(part, "<>") && part != wildcardPlaceholder {
|
||||
|
|
|
@ -21,6 +21,8 @@ func TestValidateDomains(t *testing.T) {
|
|||
"s3dev.fro<stfs.devenv",
|
||||
"<wildcard>.dev.<wildcard>.frostfs.devenv",
|
||||
"<wildcard>.dev.<wildc>ard>.frostfs.devenv",
|
||||
"s3dev.frostfs.devenv:8888",
|
||||
"<wildcard>.frostfs.devenv:443",
|
||||
}
|
||||
expectedDomains := []string{
|
||||
"s3dev.frostfs.devenv",
|
||||
|
|
|
@ -183,4 +183,5 @@ const (
|
|||
FailedToListAllObjectRelations = "failed to list all object relations"
|
||||
WarnInvalidTypeTLSTerminationHeader = "invalid type of value of tls termination header"
|
||||
FailedToPutTombstones = "failed to put tombstones"
|
||||
WarnDomainContainsPort = "the domain contains a port, domain skipped"
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue