safeweb: add support for "/" and "/foo" handler distinction (#13980)

By counting "/" elements in the pattern we catch many scenarios, but not
the root-level handler. If either of the patterns is "/", compare the
pattern length to pick the right one.

Updates https://github.com/tailscale/corp/issues/8027

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
This commit is contained in:
Andrew Lytvynov 2024-10-31 13:12:38 -05:00 committed by GitHub
parent 3f626c0d77
commit 3477bfd234
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 24 additions and 3 deletions

View File

@ -225,12 +225,27 @@ func NewServer(config Config) (*Server, error) {
browserHandler
)
func (h handlerType) String() string {
switch h {
case browserHandler:
return "browser"
case apiHandler:
return "api"
default:
return "unknown"
}
}
// checkHandlerType returns either apiHandler or browserHandler, depending on
// whether apiPattern or browserPattern is more specific (i.e. which pattern
// contains more pathname components). If they are equally specific, it returns
// unknownHandler.
func checkHandlerType(apiPattern, browserPattern string) handlerType {
c := cmp.Compare(strings.Count(path.Clean(apiPattern), "/"), strings.Count(path.Clean(browserPattern), "/"))
apiPattern, browserPattern = path.Clean(apiPattern), path.Clean(browserPattern)
c := cmp.Compare(strings.Count(apiPattern, "/"), strings.Count(browserPattern, "/"))
if apiPattern == "/" || browserPattern == "/" {
c = cmp.Compare(len(apiPattern), len(browserPattern))
}
switch {
case c > 0:
return apiHandler

View File

@ -527,13 +527,13 @@ func TestGetMoreSpecificPattern(t *testing.T) {
{
desc: "same prefix",
a: "/foo/bar/quux",
b: "/foo/bar/",
b: "/foo/bar/", // path.Clean will strip the trailing slash.
want: apiHandler,
},
{
desc: "almost same prefix, but not a path component",
a: "/goat/sheep/cheese",
b: "/goat/sheepcheese/",
b: "/goat/sheepcheese/", // path.Clean will strip the trailing slash.
want: apiHandler,
},
{
@ -554,6 +554,12 @@ func TestGetMoreSpecificPattern(t *testing.T) {
b: "///////",
want: unknownHandler,
},
{
desc: "root-level",
a: "/latest",
b: "/", // path.Clean will NOT strip the trailing slash.
want: apiHandler,
},
} {
t.Run(tt.desc, func(t *testing.T) {
got := checkHandlerType(tt.a, tt.b)