3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: move warning message to config validation

Browse source
This commit is contained in:
Caleb Doxsey 2020-04-16 16:39:03 -06:00 committed by Caleb Doxsey
parent c8c307be69
commit e1d2501a94
3 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
config/policy.go
View file

@ -90,6 +90,13 @@ func (p *Policy) Validate() error {
if err != nil { if err != nil {
return fmt.Errorf("config: policy bad source url %w", err) return fmt.Errorf("config: policy bad source url %w", err)
} }
// Make sure there's no path set on the from url
if !(source.Path == "" || source.Path == "/") {
return fmt.Errorf("config: policy source url (%s) contains a path, but it should be set using the path field instead",
source.String())
}
p.Source = &StringURL{source} p.Source = &StringURL{source}
p.Destination, err = urlutil.ParseAndValidateURL(p.To) p.Destination, err = urlutil.ParseAndValidateURL(p.To)

1
config/policy_test.go
View file

@ -20,6 +20,7 @@ func Test_PolicyValidate(t *testing.T) {
{"empty from host", Policy{From: "https://", To: "https://httpbin.corp.example"}, true}, {"empty from host", Policy{From: "https://", To: "https://httpbin.corp.example"}, true},
{"empty from scheme", Policy{From: "httpbin.corp.example", To: "https://httpbin.corp.example"}, true}, {"empty from scheme", Policy{From: "httpbin.corp.example", To: "https://httpbin.corp.example"}, true},
{"empty to scheme", Policy{From: "https://httpbin.corp.example", To: "//httpbin.corp.example"}, true}, {"empty to scheme", Policy{From: "https://httpbin.corp.example", To: "//httpbin.corp.example"}, true},
{"path in from", Policy{From: "https://httpbin.corp.example/some/path", To: "https://httpbin.corp.example"}, true},
{"cors policy", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", CORSAllowPreflight: true}, false}, {"cors policy", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", CORSAllowPreflight: true}, false},
{"public policy", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", AllowPublicUnauthenticatedAccess: true}, false}, {"public policy", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", AllowPublicUnauthenticatedAccess: true}, false},
{"public and whitelist", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", AllowPublicUnauthenticatedAccess: true, AllowedUsers: []string{"test@domain.example"}}, true}, {"public and whitelist", Policy{From: "https://httpbin.corp.example", To: "https://httpbin.corp.notatld", AllowPublicUnauthenticatedAccess: true, AllowedUsers: []string{"test@domain.example"}}, true},

4
proxy/proxy.go
View file

@ -330,10 +330,6 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// //
// Routes can be filtered by the `source`, `prefix`, `path` and `regex` fields in the policy config. // Routes can be filtered by the `source`, `prefix`, `path` and `regex` fields in the policy config.
func routeMatcherFuncFromPolicy(policy config.Policy) mux.MatcherFunc { func routeMatcherFuncFromPolicy(policy config.Policy) mux.MatcherFunc {
if !(policy.Source.Path == "" || policy.Source.Path == "/") {
log.Warn().Str("from", policy.From).Msgf("proxy: dropping path from %s, should be set using path key", policy.Source.String())
}
// match by source // match by source
sourceMatches := func(r *http.Request) bool { sourceMatches := func(r *http.Request) bool {
return r.Host == policy.Source.Host return r.Host == policy.Source.Host