DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Escape variables in add-base-url annotation

Browse source
This commit is contained in:
Manuel de Brito Fontes 2018-04-05 20:21:35 -03:00
parent ab8349008a
commit 82b6c33c25
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
2 changed files with 76 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
internal/ingress/controller/template/template.go
View file

@ -366,39 +366,43 @@ func buildProxyPass(host string, b interface{}, loc interface{}, dynamicConfigur
} }
if len(location.Rewrite.Target) > 0 { if len(location.Rewrite.Target) > 0 {
abu := "" var abu string
var xForwardedPrefix string
if location.Rewrite.AddBaseURL { if location.Rewrite.AddBaseURL {
// path has a slash suffix, so that it can be connected with baseuri directly // path has a slash suffix, so that it can be connected with baseuri directly
bPath := fmt.Sprintf("%s%s", path, "$baseuri") bPath := fmt.Sprintf("%s$escaped_base_uri", path)
regex := `(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)` regex := `(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)`
scheme := "$scheme"
if len(location.Rewrite.BaseURLScheme) > 0 { if len(location.Rewrite.BaseURLScheme) > 0 {
abu = fmt.Sprintf(`subs_filter '%v' '$1<base href="%v://$http_host%v">' ro; scheme = location.Rewrite.BaseURLScheme
`, regex, location.Rewrite.BaseURLScheme, bPath)
} else {
abu = fmt.Sprintf(`subs_filter '%v' '$1<base href="$scheme://$http_host%v">' ro;
`, regex, bPath)
}
} }
xForwardedPrefix := "" abu = fmt.Sprintf(`
if location.XForwardedPrefix { set_escape_uri $escaped_base_uri $baseuri;
xForwardedPrefix = fmt.Sprintf(`proxy_set_header X-Forwarded-Prefix "%s"; subs_filter '%v' '$1<base href="%v://$http_host%v">' ro;
`, path) `, regex, scheme, bPath)
} }
if location.XForwardedPrefix {
xForwardedPrefix = fmt.Sprintf("proxy_set_header X-Forwarded-Prefix \"%s\";\n", path)
}
if location.Rewrite.Target == slash { if location.Rewrite.Target == slash {
// special case redirect to / // special case redirect to /
// ie /something to / // ie /something to /
return fmt.Sprintf(` return fmt.Sprintf(`
rewrite %s(.*) /$1 break; rewrite %s(.*) /$1 break;
rewrite %s / break; rewrite %s / break;
%v%v %s://%s; %v%v %s://%s;
%v`, path, location.Path, xForwardedPrefix, proxyPass, proto, upstreamName, abu) %v`, path, location.Path, xForwardedPrefix, proxyPass, proto, upstreamName, abu)
} }
return fmt.Sprintf(` return fmt.Sprintf(`
rewrite %s(.*) %s/$1 break; rewrite %s(.*) %s/$1 break;
%v%v %s://%s; %v%v %s://%s;
%v`, path, location.Rewrite.Target, xForwardedPrefix, proxyPass, proto, upstreamName, abu) %v`, path, location.Rewrite.Target, xForwardedPrefix, proxyPass, proto, upstreamName, abu)
} }
// default proxy_pass // default proxy_pass

100
internal/ingress/controller/template/template_test.go
View file

@ -121,9 +121,9 @@ var (
"/jenkins", "/jenkins",
"~* /", "~* /",
` `
rewrite /(.*) /jenkins/$1 break; rewrite /(.*) /jenkins/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, `,
false, false,
"", "",
false, false,
@ -135,10 +135,10 @@ var (
"/", "/",
`~* ^/something\/?(?<baseuri>.*)`, `~* ^/something\/?(?<baseuri>.*)`,
` `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, `,
false, false,
"", "",
false, false,
@ -150,9 +150,9 @@ var (
"/not-root", "/not-root",
"~* ^/end-with-slash/(?<baseuri>.*)", "~* ^/end-with-slash/(?<baseuri>.*)",
` `
rewrite /end-with-slash/(.*) /not-root/$1 break; rewrite /end-with-slash/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, `,
false, false,
"", "",
false, false,
@ -164,9 +164,9 @@ var (
"/not-root", "/not-root",
`~* ^/something-complex\/?(?<baseuri>.*)`, `~* ^/something-complex\/?(?<baseuri>.*)`,
` `
rewrite /something-complex/(.*) /not-root/$1 break; rewrite /something-complex/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
`, `,
false, false,
"", "",
false, false,
@ -178,10 +178,12 @@ var (
"/jenkins", "/jenkins",
"~* /", "~* /",
` `
rewrite /(.*) /jenkins/$1 break; rewrite /(.*) /jenkins/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/$baseuri">' ro;
`, set_escape_uri $escaped_base_uri $baseuri;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/$escaped_base_uri">' ro;
`,
true, true,
"", "",
false, false,
@ -193,11 +195,13 @@ var (
"/", "/",
`~* ^/something\/?(?<baseuri>.*)`, `~* ^/something\/?(?<baseuri>.*)`,
` `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something/$baseuri">' ro;
`, set_escape_uri $escaped_base_uri $baseuri;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something/$escaped_base_uri">' ro;
`,
true, true,
"", "",
false, false,
@ -209,10 +213,12 @@ var (
"/not-root", "/not-root",
`~* ^/end-with-slash/(?<baseuri>.*)`, `~* ^/end-with-slash/(?<baseuri>.*)`,
` `
rewrite /end-with-slash/(.*) /not-root/$1 break; rewrite /end-with-slash/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/end-with-slash/$baseuri">' ro;
`, set_escape_uri $escaped_base_uri $baseuri;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/end-with-slash/$escaped_base_uri">' ro;
`,
true, true,
"", "",
false, false,
@ -224,10 +230,12 @@ var (
"/not-root", "/not-root",
`~* ^/something-complex\/?(?<baseuri>.*)`, `~* ^/something-complex\/?(?<baseuri>.*)`,
` `
rewrite /something-complex/(.*) /not-root/$1 break; rewrite /something-complex/(.*) /not-root/$1 break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something-complex/$baseuri">' ro;
`, set_escape_uri $escaped_base_uri $baseuri;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="$scheme://$http_host/something-complex/$escaped_base_uri">' ro;
`,
true, true,
"", "",
false, false,
@ -239,11 +247,13 @@ var (
"/", "/",
`~* ^/something\/?(?<baseuri>.*)`, `~* ^/something\/?(?<baseuri>.*)`,
` `
rewrite /something/(.*) /$1 break; rewrite /something/(.*) /$1 break;
rewrite /something / break; rewrite /something / break;
proxy_pass http://upstream-name; proxy_pass http://upstream-name;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="http://$http_host/something/$baseuri">' ro;
`, set_escape_uri $escaped_base_uri $baseuri;
subs_filter '(<(?:H|h)(?:E|e)(?:A|a)(?:D|d)(?:[^">]|"[^"]*")*>)' '$1<base href="http://$http_host/something/$escaped_base_uri">' ro;
`,
true, true,
"http", "http",
false, false,
@ -255,9 +265,9 @@ var (
"/something", "/something",
`~* /`, `~* /`,
` `
rewrite /(.*) /something/$1 break; rewrite /(.*) /something/$1 break;
proxy_pass http://sticky-upstream-name; proxy_pass http://sticky-upstream-name;
`, `,
false, false,
"http", "http",
true, true,
@ -269,9 +279,9 @@ var (
"/something", "/something",
`~* /`, `~* /`,
` `
rewrite /(.*) /something/$1 break; rewrite /(.*) /something/$1 break;
proxy_pass http://upstream_balancer; proxy_pass http://upstream_balancer;
`, `,
false, false,
"http", "http",
true, true,
@ -283,10 +293,10 @@ var (
"/something", "/something",
`~* ^/there\/?(?<baseuri>.*)`, `~* ^/there\/?(?<baseuri>.*)`,
` `
rewrite /there/(.*) /something/$1 break; rewrite /there/(.*) /something/$1 break;
proxy_set_header X-Forwarded-Prefix "/there/"; proxy_set_header X-Forwarded-Prefix "/there/";
proxy_pass http://sticky-upstream-name; proxy_pass http://sticky-upstream-name;
`, `,
false, false,
"http", "http",
true, true,