-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TT-12865] URL matching prefixes/explicit, regex support #6475
Conversation
PR Reviewer Guide 🔍
|
PR Code Suggestions ✨
|
API Changes --- prev.txt 2024-09-12 05:51:02.492792205 +0000
+++ current.txt 2024-09-12 05:50:59.316758992 +0000
@@ -5905,6 +5905,49 @@
// Regular expressions and parameterized routes will be left alone regardless of this setting.
EnableStrictRoutes bool `json:"enable_strict_routes"`
+ // EnablePrefixMatching changes the URL matching from wildcard mode to prefix mode.
+ // For example, `/json` matches `*/json*` by current default behaviour.
+ // If prefix matching is enabled, the match will be performed as a prefix match (`/json*`).
+ //
+ // The `/json` url would be matched as `^/json` against the following paths:
+ //
+ // - Full listen path and versioning URL (`/listen-path/v4/json`)
+ // - Stripped listen path URL (`/v4/json`)
+ // - Stripped version information (`/json`) - match.
+ //
+ // If versioning is disabled then the following URLs are considered:
+ //
+ // - Full listen path and endpoint (`/listen-path/json`)
+ // - Stripped listen path (`/json`) - match.
+ //
+ // For inputs that start with `/`, a prefix match is ensured by prepending
+ // the start of string `^` caret.
+ //
+ // For all other cases, the pattern remains unmodified.
+ //
+ // Combine this option with EnableSuffixMatching to achieve strict
+ // url matching with `/json` being evaluated as `^/json$`.
+ EnablePrefixMatching bool `json:"enable_prefix_matching"`
+
+ // EnableSuffixMatching changes the URL matching to match as a suffix.
+ // For example: `/json` is matched as `/json$` against the following paths:
+ //
+ // - Full listen path and versioning URL (`/listen-path/v4/json`)
+ // - Stripped listen path URL (`/v4/json`)
+ // - Stripped version information (`/json`) - match.
+ //
+ // If versioning is disabled then the following URLs are considered:
+ //
+ // - Full listen path and endpoint (`/listen-path/json`)
+ // - Stripped listen path (`/json`) - match.
+ //
+ // If the input pattern already ends with a `$` (`/json$`) then
+ // the pattern remains unmodified.
+ //
+ // Combine this option with EnablePrefixMatching to achieve strict
+ // url matching with `/json` being evaluated as `^/json$`.
+ EnableSuffixMatching bool `json:"enable_suffix_matching"`
+
// Disable TLS verification. Required if you are using self-signed certificates.
SSLInsecureSkipVerify bool `json:"ssl_insecure_skip_verify"`
@@ -7884,6 +7927,12 @@
func (a *APISpec) StopSessionManagerPool()
func (a *APISpec) StripListenPath(reqPath string) string
+ StripListenPath will strip the listen path from the URL, keeping version in
+ tact.
+
+func (a *APISpec) StripVersionPath(reqPath string) string
+ StripVersionPath will strip the version from the URL. The input URL should
+ already have listen path stripped.
func (a *APISpec) URLAllowedAndIgnored(r *http.Request, rxPaths []URLSpec, whiteListStatus bool) (RequestStatus, interface{})
URLAllowedAndIgnored checks if a url is allowed and ignored.
@@ -10194,6 +10243,8 @@
sessionFailReason if session limits have been exceeded. Key values to manage
rate are Rate and Per, e.g. Rate of 10 messages Per 10 seconds
+func (l *SessionLimiter) RateLimitInfo(r *http.Request, api *APISpec, endpoints user.Endpoints) (*user.EndpointRateLimitInfo, bool)
+
func (l *SessionLimiter) RedisQuotaExceeded(r *http.Request, session *user.SessionState, quotaKey, scope string, limit *user.APILimit, store storage.Handler, hashKeys bool) bool
RedisQuotaExceeded returns true if the request should be blocked as over
quota.
@@ -10524,7 +10575,6 @@
system, return an error to have the chain fail
type URLSpec struct {
- Spec *regexp.Regexp
Status URLStatus
MethodActions map[string]apidef.EndpointMethodMeta
Whitelist apidef.EndPointMeta
@@ -10553,6 +10603,7 @@
RateLimit apidef.RateLimitMeta
IgnoreCase bool
+ // Has unexported fields.
}
URLSpec represents a flattened specification for URLs, used to check if
a proxy URL path is on any of the white, black or ignored lists. This is
@@ -12456,6 +12507,9 @@
type EndpointMethods []EndpointMethod
EndpointMethods is a collection of EndpointMethod.
+func (em EndpointMethods) Contains(method string) bool
+ Contains is used to assert if a method exists in EndpointMethods.
+
func (em EndpointMethods) Len() int
Len is used to implement sort interface.
@@ -12489,9 +12543,6 @@
If duplicate entries are found, it would get overwritten with latest entries
Endpoints.
-func (es Endpoints) RateLimitInfo(method string, reqEndpoint string) (*EndpointRateLimitInfo, bool)
- RateLimitInfo returns EndpointRateLimitInfo for endpoint rate limiting.
-
func (es Endpoints) Swap(i, j int)
Swap is used to implement sort interface.
|
c42c992
to
65f6bd6
Compare
@titpetric we have the same behaviour to be followed when matching URL for endpoint level rate limits. |
721e2f4
to
74a7416
Compare
51f0bc7
to
fabccfc
Compare
d8d86e8
to
d76481f
Compare
func GetPathRegexp(pattern string) (string, error) { | ||
val, ok := pathRegexpCache.Get(pattern) | ||
// apiLandIDsRegex matches mux-style parameters like `{id}`. | ||
var apiLangIDsRegex = regexp.MustCompile(`{([^}]+)}`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
var apiLangIDsRegex = regexp.MustCompile(`{([^}]+)}`) | |
var apiLangIDsRegex = regexp.MustCompile(`{([^}]+)}`) |
I've seen listenpath hacks that provide /{}/users
as the URL. Wondering if this should remain supported.
3bbb2fb
to
1c095b3
Compare
Quality Gate failedFailed conditions See analysis details on SonarCloud Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
https://tyktech.atlassian.net/browse/TT-12865 --- Bug fix, Tests ___ - Enhanced URL path matching to handle both stripped and full URL paths, ensuring backward compatibility. - Improved error handling and logging for regex matching in `ProcessRequest`. - Updated test cases to reflect changes in URL path handling and added new tests for regex matching. - Improved regex pattern handling by supporting patterns starting with '^' in `GetPathRegexp`. ___ <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>mw_granular_access.go</strong><dd><code>Enhance URL path matching for backward compatibility</code> </dd></summary> <hr> gateway/mw_granular_access.go <li>Introduced handling for both stripped and full URL paths.<br> <li> Added error handling for regex matching.<br> <li> Refactored logger initialization.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6475/files#diff-618f7d55751d572562a29506a13beba2da969436e974f8b51df7d9708c925436">+17/-8</a> </td> </tr> <tr> <td> <details> <summary><strong>mux.go</strong><dd><code>Improve regex pattern handling in path matching</code> </dd></summary> <hr> internal/httputil/mux.go <li>Added handling for patterns starting with '^'.<br> <li> Ensured backward compatibility with existing regex patterns.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6475/files#diff-3d9ee5f5e946d72e6f2ae662ff03ee5253bbdc15203d2e4f6e9f46c13011ebf8">+3/-0</a> </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>mw_granular_access_test.go</strong><dd><code>Update tests for enhanced URL path matching</code> </dd></summary> <hr> gateway/mw_granular_access_test.go <li>Updated test cases to include regex matching for listen paths.<br> <li> Adjusted paths in test cases to reflect new listen path.<br> <li> Added new test cases for regex matching.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6475/files#diff-8e0d7cfef26688edd7d08334d955039dab5deb3caf860d29eff6d09894eaba20">+46/-27</a> </td> </tr> <tr> <td> <details> <summary><strong>mux_test.go</strong><dd><code>Add test for regex pattern handling improvement</code> </dd></summary> <hr> internal/httputil/mux_test.go - Added test case for regex pattern starting with '^'. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6475/files#diff-8f7ce1891e221d7adb9e68f2e951f33edfbde2128187abb6e837ac01952d7888">+1/-0</a> </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: >Comment `/help` on the PR to get a list of all available PR-Agent tools and their descriptions --------- Co-authored-by: Tit Petric <tit@tyk.io>
### **User description** <!-- Provide a general summary of your changes in the Title above --> ## Description Backport critical fixes from PRs in order #6480 #6437 #6475 #6506 ## Related Issue https://tyktech.atlassian.net/browse/TT-1944 https://tyktech.atlassian.net/browse/TT-12550 https://tyktech.atlassian.net/browse/TT-12865 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** Enhancement, Bug fix, Tests ___ ### **Description** - Introduced new configuration options for path prefix and suffix matching to enhance URL matching capabilities. - Refactored URLSpec to improve regex generation and logging for URL matching. - Enhanced GranularAccessMiddleware with improved URL matching logic and error handling. - Added utility functions for handling path regex preparation and matching, with caching for performance. - Updated and added test cases to verify new URL matching logic and configurations. - Added regression tests for issue 12865 to ensure stability and correctness of new features. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><details><summary>4 files</summary><table> <tr> <td> <details> <summary><strong>config.go</strong><dd><code>Introduce path prefix and suffix matching configuration</code> </dd></summary> <hr> config/config.go <li>Added new configuration options for path prefix and suffix matching.<br> <li> Enhanced documentation for new URL matching behavior.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17">+43/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>api_definition.go</strong><dd><code>Refactor and enhance URLSpec for better URL matching</code> </dd></summary> <hr> gateway/api_definition.go <li>Refactored URLSpec to use private fields.<br> <li> Enhanced regex generation for URL matching.<br> <li> Improved logging for URL matching process.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-0cf80174bbafb36f6d4f4308ebbd971b2833b76a936bad568220aa1a4ba0ee8b">+52/-36</a> </td> </tr> <tr> <td> <details> <summary><strong>mw_granular_access.go</strong><dd><code>Enhance URL matching and error handling in GranularAccessMiddleware</code></dd></summary> <hr> gateway/mw_granular_access.go <li>Enhanced URL matching in GranularAccessMiddleware.<br> <li> Improved error handling and logging.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-618f7d55751d572562a29506a13beba2da969436e974f8b51df7d9708c925436">+79/-12</a> </td> </tr> <tr> <td> <details> <summary><strong>mux.go</strong><dd><code>Add utility functions for path regex handling</code> </dd></summary> <hr> internal/httputil/mux.go <li>Introduced utility functions for path regex preparation and matching.<br> <li> Implemented caching for path regex patterns.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-3d9ee5f5e946d72e6f2ae662ff03ee5253bbdc15203d2e4f6e9f46c13011ebf8">+139/-0</a> </td> </tr> </table></details></td></tr><tr><td><strong>Tests</strong></td><td><details><summary>4 files</summary><table> <tr> <td> <details> <summary><strong>api_definition_test.go</strong><dd><code>Update and add test cases for enhanced URL matching</code> </dd></summary> <hr> gateway/api_definition_test.go <li>Updated test cases to reflect changes in URL matching logic.<br> <li> Added new test scenarios for prefix and suffix matching.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-2394daab6fdc5f8dc234699c80c0548947ee3d68d2e33858258d73a8b5eb6f44">+15/-33</a> </td> </tr> <tr> <td> <details> <summary><strong>mw_granular_access_test.go</strong><dd><code>Add tests for enhanced URL matching in GranularAccessMiddleware</code></dd></summary> <hr> gateway/mw_granular_access_test.go <li>Added tests for new URL matching logic in GranularAccessMiddleware.<br> <li> Verified behavior with different path configurations.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-8e0d7cfef26688edd7d08334d955039dab5deb3caf860d29eff6d09894eaba20">+50/-24</a> </td> </tr> <tr> <td> <details> <summary><strong>mux_test.go</strong><dd><code>Add tests for path regex utility functions</code> </dd></summary> <hr> internal/httputil/mux_test.go <li>Added tests for new path regex utility functions.<br> <li> Verified regex preparation and matching logic.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-8f7ce1891e221d7adb9e68f2e951f33edfbde2128187abb6e837ac01952d7888">+162/-0</a> </td> </tr> <tr> <td> <details> <summary><strong>issue_12865_test.go</strong><dd><code>Add regression tests for issue 12865</code> </dd></summary> <hr> tests/regression/issue_12865_test.go <li>Added regression tests for issue 12865.<br> <li> Tested various path matching configurations.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-1a4f9c47cb4152844d641098b6e7ca8e5e8739eefdec7178f9437750d11db6ec">+171/-0</a> </td> </tr> </table></details></td></tr><tr><td><strong>Configuration changes</strong></td><td><details><summary>1 files</summary><table> <tr> <td> <details> <summary><strong>schema.json</strong><dd><code>Update schema for new path matching options</code> </dd></summary> <hr> cli/linter/schema.json - Updated schema to include new path matching configuration options. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6513/files#diff-103cec746d3e61d391c5a67c171963f66fea65d651d704d5540e60aa5d574f46">+6/-0</a> </td> </tr> </table></details></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: >Comment `/help` on the PR to get a list of all available PR-Agent tools and their descriptions --------- Co-authored-by: Tit Petric <tit.petric@monotek.net> Co-authored-by: Tit Petric <tit@tyk.io>
User description
https://tyktech.atlassian.net/browse/TT-12865
PR Type
Bug fix, Tests
Description
ProcessRequest
.GetPathRegexp
.Changes walkthrough 📝
mw_granular_access.go
Enhance URL path matching for backward compatibility
gateway/mw_granular_access.go
mux.go
Improve regex pattern handling in path matching
internal/httputil/mux.go
mw_granular_access_test.go
Update tests for enhanced URL path matching
gateway/mw_granular_access_test.go
mux_test.go
Add test for regex pattern handling improvement
internal/httputil/mux_test.go