From e0ce59fd32beb9274e48adf1c52d41292ceeafd5 Mon Sep 17 00:00:00 2001 From: Roman Loginov Date: Tue, 17 Dec 2024 13:35:27 +0300 Subject: [PATCH] [#586] Skip port when matching listen domains We may have a situation where the domain can be specified in the config without a port, and the host in the header will be with a port. As a result, the host will not match. Now the port is not taken into account when checking for a match. Signed-off-by: Roman Loginov --- api/middleware/address_style.go | 4 ++++ api/middleware/address_style_test.go | 7 +++++++ cmd/s3-gw/app_settings.go | 5 +++++ cmd/s3-gw/validate_test.go | 2 ++ internal/logs/logs.go | 1 + 5 files changed, 19 insertions(+) diff --git a/api/middleware/address_style.go b/api/middleware/address_style.go index dd5efb43..6e82ae68 100644 --- a/api/middleware/address_style.go +++ b/api/middleware/address_style.go @@ -122,6 +122,10 @@ func preparePathStyleAddress(reqInfo *ReqInfo, r *http.Request, reqLogger *zap.L } func checkDomain(host string, domains []string) (bktName string, match bool) { + if pos := strings.Index(host, ":"); pos != -1 { + host = host[:pos] + } + partsHost := strings.Split(host, ".") for _, pattern := range domains { partsPattern := strings.Split(pattern, ".") diff --git a/api/middleware/address_style_test.go b/api/middleware/address_style_test.go index 09e2d542..78924f9c 100644 --- a/api/middleware/address_style_test.go +++ b/api/middleware/address_style_test.go @@ -409,6 +409,13 @@ func TestCheckDomains(t *testing.T) { requestURL: "bktA.bktB.s3.kapusta.domain.com", expectedMatch: false, }, + { + name: "valid url with bktName and namespace (wildcard after protocol infix) with port", + domains: []string{"s3..domain.com"}, + requestURL: "bktA.s3.kapusta.domain.com:8884", + expectedBktName: "bktA", + expectedMatch: true, + }, } { t.Run(tc.name, func(t *testing.T) { bktName, match := checkDomain(tc.requestURL, tc.domains) diff --git a/cmd/s3-gw/app_settings.go b/cmd/s3-gw/app_settings.go index 60b4c713..83769669 100644 --- a/cmd/s3-gw/app_settings.go +++ b/cmd/s3-gw/app_settings.go @@ -1288,6 +1288,11 @@ func validateDomains(domains []string, log *zap.Logger) []string { validDomains := make([]string, 0, len(domains)) LOOP: for _, domain := range domains { + if strings.Contains(domain, ":") { + log.Warn(logs.WarnDomainContainsPort, zap.String("domain", domain)) + continue + } + domainParts := strings.Split(domain, ".") for _, part := range domainParts { if strings.ContainsAny(part, "<>") && part != wildcardPlaceholder { diff --git a/cmd/s3-gw/validate_test.go b/cmd/s3-gw/validate_test.go index fe88228e..95ef30dc 100644 --- a/cmd/s3-gw/validate_test.go +++ b/cmd/s3-gw/validate_test.go @@ -21,6 +21,8 @@ func TestValidateDomains(t *testing.T) { "s3dev.fro.dev..frostfs.devenv", ".dev.ard>.frostfs.devenv", + "s3dev.frostfs.devenv:8888", + ".frostfs.devenv:443", } expectedDomains := []string{ "s3dev.frostfs.devenv", diff --git a/internal/logs/logs.go b/internal/logs/logs.go index 7f212ee9..49752b19 100644 --- a/internal/logs/logs.go +++ b/internal/logs/logs.go @@ -183,4 +183,5 @@ const ( FailedToListAllObjectRelations = "failed to list all object relations" WarnInvalidTypeTLSTerminationHeader = "invalid type of value of tls termination header" FailedToPutTombstones = "failed to put tombstones" + WarnDomainContainsPort = "the domain contains a port, domain skipped" )