dde3f51c72
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7295 - The router must use the escaped path in order to ensure correct functionality (at least, that is what they say). However `req.URL.Path` shouldn't be set to the escaped path, which is fixed in this patch. - Simplify the logic and no longer try to use `rctx.RoutePath`, this is only useful if the middleware was placed after some routing parsing was done. - Resolves forgejo/forgejo#7294 - Resolves forgejo/forgejo#7292 - Add unit test <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/7295): <!--number 7295 --><!--line 0 --><!--description dXNlIGNvcnJlY3QgaW5wdXQgZm9yIHN0cmlwIHNsYXNoZXMgbWlkZGxld2FyZQ==-->use correct input for strip slashes middleware<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7306 Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
97 lines
2.5 KiB
Go
97 lines
2.5 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
package common
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/modules/web"
|
|
|
|
chi "github.com/go-chi/chi/v5"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestStripSlashesMiddleware(t *testing.T) {
|
|
type test struct {
|
|
name string
|
|
expectedPath string
|
|
expectedNormalPath string
|
|
inputPath string
|
|
}
|
|
|
|
tests := []test{
|
|
{
|
|
name: "path with multiple slashes",
|
|
inputPath: "https://github.com///go-gitea//gitea.git",
|
|
expectedPath: "/go-gitea/gitea.git",
|
|
},
|
|
{
|
|
name: "path with no slashes",
|
|
inputPath: "https://github.com/go-gitea/gitea.git",
|
|
expectedPath: "/go-gitea/gitea.git",
|
|
},
|
|
{
|
|
name: "path with slashes in the middle",
|
|
inputPath: "https://git.data.coop//halfd/new-website.git",
|
|
expectedPath: "/halfd/new-website.git",
|
|
},
|
|
{
|
|
name: "path with slashes in the middle",
|
|
inputPath: "https://git.data.coop//halfd/new-website.git",
|
|
expectedPath: "/halfd/new-website.git",
|
|
},
|
|
{
|
|
name: "path with slashes in the end",
|
|
inputPath: "/user2//repo1/",
|
|
expectedPath: "/user2/repo1",
|
|
},
|
|
{
|
|
name: "path with slashes in the beginning",
|
|
inputPath: "https://codeberg.org//user2/repo1/",
|
|
expectedPath: "/user2/repo1",
|
|
},
|
|
{
|
|
name: "path with slashes and query params",
|
|
inputPath: "/repo//migrate?service_type=3",
|
|
expectedPath: "/repo/migrate",
|
|
},
|
|
{
|
|
name: "path with encoded slash",
|
|
inputPath: "/user2/%2F%2Frepo1",
|
|
expectedPath: "/user2/%2F%2Frepo1",
|
|
expectedNormalPath: "/user2/repo1",
|
|
},
|
|
{
|
|
name: "path with space",
|
|
inputPath: "/assets/css/theme%20cappuccino.css",
|
|
expectedPath: "/assets/css/theme%20cappuccino.css",
|
|
expectedNormalPath: "/assets/css/theme cappuccino.css",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
r := web.NewRoute()
|
|
r.Use(stripSlashesMiddleware)
|
|
|
|
called := false
|
|
r.Get("*", func(w http.ResponseWriter, r *http.Request) {
|
|
if tt.expectedNormalPath != "" {
|
|
assert.Equal(t, tt.expectedNormalPath, r.URL.Path)
|
|
} else {
|
|
assert.Equal(t, tt.expectedPath, r.URL.Path)
|
|
}
|
|
|
|
rctx := chi.RouteContext(r.Context())
|
|
assert.Equal(t, tt.expectedPath, rctx.RoutePath)
|
|
|
|
called = true
|
|
})
|
|
|
|
// create a mock request to use
|
|
req := httptest.NewRequest("GET", tt.inputPath, nil)
|
|
r.ServeHTTP(httptest.NewRecorder(), req)
|
|
assert.True(t, called)
|
|
}
|
|
}
|