TrueCloudLab/frostfs-s3-gw
18
3
Fork 20
Code Issues 29 Pull requests 7 Projects Releases 23 Packages 1 Activity Actions

[#586] Skip port when matching listen domains
All checks were successful
/ Vulncheck (push) Successful in 3m59s
Details
/ Builds (push) Successful in 4m23s
Details
/ Lint (push) Successful in 2m41s
Details
/ Tests (push) Successful in 2m11s
Details

Browse source 
We may have a situation where the domain
can be specified in the config without a
port, and the host in the header will be
with a port. As a result, the host will
not match. Now the port is not taken into
account when checking for a match.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
This commit is contained in:
Roman Loginov 2024-12-17 13:35:27 +03:00 committed by Alexey Vanin
parent 09412d8f20
commit e0ce59fd32
5 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/middleware/address_style.go
View file

@ -122,6 +122,10 @@ func preparePathStyleAddress(reqInfo *ReqInfo, r *http.Request, reqLogger *zap.L
} }
func checkDomain(host string, domains []string) (bktName string, match bool) { func checkDomain(host string, domains []string) (bktName string, match bool) {
if pos := strings.Index(host, ":"); pos != -1 {
host = host[:pos]
}
partsHost := strings.Split(host, ".") partsHost := strings.Split(host, ".")
for _, pattern := range domains { for _, pattern := range domains {
partsPattern := strings.Split(pattern, ".") partsPattern := strings.Split(pattern, ".")

7
api/middleware/address_style_test.go
View file

@ -409,6 +409,13 @@ func TestCheckDomains(t *testing.T) {
requestURL: "bktA.bktB.s3.kapusta.domain.com", requestURL: "bktA.bktB.s3.kapusta.domain.com",
expectedMatch: false, expectedMatch: false,
}, },
{
name: "valid url with bktName and namespace (wildcard after protocol infix) with port",
domains: []string{"s3.<wildcard>.domain.com"},
requestURL: "bktA.s3.kapusta.domain.com:8884",
expectedBktName: "bktA",
expectedMatch: true,
},
} { } {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
bktName, match := checkDomain(tc.requestURL, tc.domains) bktName, match := checkDomain(tc.requestURL, tc.domains)

5
cmd/s3-gw/app_settings.go
View file

@ -1288,6 +1288,11 @@ func validateDomains(domains []string, log *zap.Logger) []string {
validDomains := make([]string, 0, len(domains)) validDomains := make([]string, 0, len(domains))
LOOP: LOOP:
for _, domain := range domains { for _, domain := range domains {
if strings.Contains(domain, ":") {
log.Warn(logs.WarnDomainContainsPort, zap.String("domain", domain))
continue
}
domainParts := strings.Split(domain, ".") domainParts := strings.Split(domain, ".")
for _, part := range domainParts { for _, part := range domainParts {
if strings.ContainsAny(part, "<>") && part != wildcardPlaceholder { if strings.ContainsAny(part, "<>") && part != wildcardPlaceholder {

2
cmd/s3-gw/validate_test.go
View file

@ -21,6 +21,8 @@ func TestValidateDomains(t *testing.T) {
"s3dev.fro<stfs.devenv", "s3dev.fro<stfs.devenv",
"<wildcard>.dev.<wildcard>.frostfs.devenv", "<wildcard>.dev.<wildcard>.frostfs.devenv",
"<wildcard>.dev.<wildc>ard>.frostfs.devenv", "<wildcard>.dev.<wildc>ard>.frostfs.devenv",
"s3dev.frostfs.devenv:8888",
"<wildcard>.frostfs.devenv:443",
} }
expectedDomains := []string{ expectedDomains := []string{
"s3dev.frostfs.devenv", "s3dev.frostfs.devenv",

1
internal/logs/logs.go
View file

@ -183,4 +183,5 @@ const (
FailedToListAllObjectRelations = "failed to list all object relations" FailedToListAllObjectRelations = "failed to list all object relations"
WarnInvalidTypeTLSTerminationHeader = "invalid type of value of tls termination header" WarnInvalidTypeTLSTerminationHeader = "invalid type of value of tls termination header"
FailedToPutTombstones = "failed to put tombstones" FailedToPutTombstones = "failed to put tombstones"
WarnDomainContainsPort = "the domain contains a port, domain skipped"
) )