aarifullin/neoneo-go
1
0
Fork 0
forked from TrueCloudLab/neoneo-go
Code Pull requests Activity

oracle: URI host validation is only relevant for https

Browse source 
NeoFS doesn't have hosts.
This commit is contained in:
Roman Khimov 2021-04-06 16:53:32 +03:00
parent 29b79db998
commit bd9a303e29
1 changed files with 29 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
pkg/services/oracle/request.go
View file

@ -97,35 +97,40 @@ func (o *Oracle) processRequest(priv *keys.PrivateKey, req request) error {
} }
resp := &transaction.OracleResponse{ID: req.ID} resp := &transaction.OracleResponse{ID: req.ID}
u, err := url.ParseRequestURI(req.Req.URL) u, err := url.ParseRequestURI(req.Req.URL)
if err == nil && !o.MainCfg.AllowPrivateHost {
err = o.URIValidator(u)
}
if err != nil { if err != nil {
resp.Code = transaction.Forbidden resp.Code = transaction.Forbidden
} else if u.Scheme == "https" { } else if u.Scheme == "https" {
r, err := o.Client.Get(req.Req.URL) if !o.MainCfg.AllowPrivateHost {
switch { err = o.URIValidator(u)
case err != nil:
resp.Code = transaction.Error
case r.StatusCode == http.StatusOK:
result, err := readResponse(r.Body, transaction.MaxOracleResultSize)
if err != nil { if err != nil {
if errors.Is(err, ErrResponseTooLarge) { resp.Code = transaction.Forbidden
resp.Code = transaction.ResponseTooLarge }
} else { }
resp.Code = transaction.Error if err == nil {
} r, err := o.Client.Get(req.Req.URL)
break switch {
case err != nil:
resp.Code = transaction.Error
case r.StatusCode == http.StatusOK:
result, err := readResponse(r.Body, transaction.MaxOracleResultSize)
if err != nil {
if errors.Is(err, ErrResponseTooLarge) {
resp.Code = transaction.ResponseTooLarge
} else {
resp.Code = transaction.Error
}
break
}
resp.Code, resp.Result = filterRequest(result, req.Req)
case r.StatusCode == http.StatusForbidden:
resp.Code = transaction.Forbidden
case r.StatusCode == http.StatusNotFound:
resp.Code = transaction.NotFound
case r.StatusCode == http.StatusRequestTimeout:
resp.Code = transaction.Timeout
default:
resp.Code = transaction.Error
} }
resp.Code, resp.Result = filterRequest(result, req.Req)
case r.StatusCode == http.StatusForbidden:
resp.Code = transaction.Forbidden
case r.StatusCode == http.StatusNotFound:
resp.Code = transaction.NotFound
case r.StatusCode == http.StatusRequestTimeout:
resp.Code = transaction.Timeout
default:
resp.Code = transaction.Error
} }
} else if err == nil && u.Scheme == neofs.URIScheme { } else if err == nil && u.Scheme == neofs.URIScheme {
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(o.MainCfg.NeoFS.Timeout)*time.Millisecond) ctx, cancel := context.WithTimeout(context.Background(), time.Duration(o.MainCfg.NeoFS.Timeout)*time.Millisecond)