-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add URL normalizePath() filter #3237
base: master
Are you sure you want to change the base?
Conversation
Adds a filter called `normalizePath` which implements URL Path normalization by removing empty path segments and trailing slashes from the path. This follows the guidance from the Zalando Restful API Guidelines rule [136][1]. [1]: https://opensource.zalando.com/restful-api-guidelines/#136 Signed-off-by: Mikko Valkonen <mikko.valkonen@zalando.fi>
path.Clean() may break certain edge-cases where the path-variables would use `.` or `..` characters. This commit removes the usage of path.Clean() and implements the normalization manually. Signed-off-by: Mikko Valkonen <mikko.valkonen@zalando.fi>
Removes some dead code and adds test to cover for root path segment. Signed-off-by: Mikko Valkonen <mikko.valkonen@zalando.fi>
Adds rudimentary documentation for the normalizePath()-filter with examples. Signed-off-by: Mikko Valkonen <mikko.valkonen@zalando.fi>
Example: | ||
|
||
``` | ||
all: * -> normalizePath() -> "https://backend.example.org/api/v1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing closing "
and network backend is not having a path segment.
all: * -> normalizePath() -> "https://backend.example.org";
@@ -370,4 +370,5 @@ const ( | |||
SetFastCgiFilenameName = "setFastCgiFilename" | |||
DisableRatelimitName = "disableRatelimit" | |||
UnknownRatelimitName = "unknownRatelimit" | |||
NormalizePath = "normalizePath" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NormalizePath -> NormalizePathName
func (spec normalizePath) Name() string { return "normalizePath" } | ||
|
||
func (spec normalizePath) CreateFilter(config []interface{}) (filters.Filter, error) { | ||
return normalizePath{}, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can return spec, nil
and if you have a ptr receiver you don't need to have allocations for the filter:
func NewNormalizePath() filters.Spec { return &normalizePath{} }
func (f *normalizePath) Name() string { return filters.NormalizePathName }
func (f *normalizePath) CreateFilter(config []interface{}) (filters.Filter, error) {
return f, nil
}
func (f *normalizePath) Request(ctx filters.FilterContext) {
...
filteredSegments = append(filteredSegments, seg) | ||
} | ||
} | ||
normalizedPath := "/" + strings.Join(filteredSegments, "/") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
semgrep asks:
did you want path.Join() or filepath.Join()?
Couple of thoughts:
So I am a bit puzzled here. This filter does not fix routing so maybe we could extend existing |
I agree. The normalization is only normalizing the path following the guidance (see below snippet) from the API guidelines, and I've raised the topic internally to see if we should extend this beyond the scope of this.
I'm happy to extend an existing filter. I have to admit my knowledge of skipper is limited - I'm assuming that this filter would work for all paths if you have a catch-all predicate
While it's not RFC compliant as such, the unfortunate reality is that backend frameworks and server implementations treat trailing slashes in different ways. We had an incident internally recently where an API that previously supported endpoints with trailing slashes stopped doing so after a version upgrade of Spring Boot - the new version no longer treated |
Adds a filter called
normalizePath
which implements URL Pathnormalization by removing empty path segments and trailing slashes from
the path. This follows the guidance from the Zalando Restful API
Guidelines rule 136.
Resolves #3236