Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to hand-rolled http mux. #313

Merged
merged 7 commits into from
May 28, 2019
Merged

Switch to hand-rolled http mux. #313

merged 7 commits into from
May 28, 2019

Conversation

twifkak
Copy link
Member

@twifkak twifkak commented May 24, 2019
edited
Loading

This fixes the error where /priv/doc/https:// URLs were being
improperly unescaped before fetching/signing.

In addition, validate that sign URLs don't contain any special characters, per the WICG recommendation.

The new mux code depends directly on the handlers, because we don't need any fancy dependency inversion. This required movings tests into a different package to break the import cycle, which in turn required changing the visibility of a lot of things.

Resolves #310.

twifkak added 3 commits May 23, 2019 18:25
@twifkak
Switch to hand-rolled http mux.
38d9048 
This fixes the error where `/priv/doc/https://` URLs were being
improperly unescaped before fetching/signing.
@twifkak
Change handler tests to use mux.
267c788 
This helps detect errors in the mux config.

Also, restrict mux to GET/HEAD - this uncovered a faulty test that
expected POST to work, when it never had.
@twifkak
Verify no special URL chars get signed.
91dc0f7 
This complies with the recommendation at
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#seccons-content-sniffing.
alin04
alin04 reviewed May 24, 2019
View reviewed changes
Copy link
Collaborator

@alin04 alin04 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a very quick pass. Is there an actual test for the escape/unescaping?

packager/mux/mux.go Outdated Show resolved Hide resolved
packager/mux/mux.go Show resolved Hide resolved
packager/mux/mux.go Outdated Show resolved Hide resolved
packager/mux/mux.go Show resolved Hide resolved
packager/mux/mux.go Outdated Show resolved Hide resolved
packager/mux/params/params.go Outdated Show resolved Hide resolved
packager/signer/signer.go Outdated Show resolved Hide resolved
twifkak added 4 commits May 24, 2019 14:56
@twifkak
Break import cycle in a simpler way.
c5471e6 
Have mux not depend on handler types. (This means the caller of New()
may accidentally swap handlers, but that vector for error is only one
line of the whole code base, so it seems like a reasonable trade-off.)
@twifkak
Cleanup comments and print statements.
26f2b97
@twifkak
Copyright, docstring, map lookup.
9ebfa9d
@twifkak
go fmt
9e35b3a 
Selectively, on changed lines, to minimize conflict on rebase.
@twifkak
Copy link
Member Author

twifkak commented May 24, 2019

Test for the escaping is in signer_test.

  • For the validation.go change, see TestEscapeQueryParamsInFetchAndSign and TestDisallowInvalidCharsSign. (Hmm, perhaps that should be in validation_test.go.)
  • For the mux change, see the 3 TestSignAsPathParam* tests.

@twifkak
Copy link
Member Author

twifkak commented May 24, 2019

Also, got rid of all the capitalization changes & the need for the separate params pkg.

@twifkak twifkak marked this pull request as ready for review May 24, 2019 23:07
alin04
alin04 approved these changes May 28, 2019
View reviewed changes
packager/signer/validation.go
// True iff url matches pattern, as defined by an [URLSet.Sign] block in the
// config file. The format of this URLPattern is validated by
// validateSignURLPattern in config.go.
func signURLMatches(url *url.URL, pattern *util.URLPattern) error {
for _, b := range []byte(url.String()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional, leverage Go's IndexFunc, e.g. if IndexFun(url.String(), isFallbackURLCodePoint) == -1 { ... }

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could work? https://golang.org/pkg/bytes/#IndexFunc is based on a UTF-8 decoding of the string, whereas I want to go byte-by-byte. I think any multibyte UTF-8 char is also false for isFallbackURLCodePoint? But I don't want to have to think about it. :)

@twifkak twifkak merged commit 9c34d5e into ampproject:master May 28, 2019
@twifkak twifkak deleted the inner_url branch May 28, 2019 22:28
@twifkak twifkak mentioned this pull request Jun 6, 2019
Open
twifkak added a commit to twifkak/amppackager that referenced this pull request Jun 11, 2019
@twifkak
Allow 'Z' in sign URLs.
e533cbe 
Fixes breakage from ampproject#313 (9c34d5e).

Also, when "fetch/sign URLs do not match config", log the underlying
reason(s).

Finally, improve the logging in gateway_server slightly + `go fmt`.
@twifkak twifkak mentioned this pull request Jun 11, 2019
Merged
twifkak added a commit that referenced this pull request Jun 11, 2019
@twifkak
Allow 'Z' in sign URLs. (#317)
13e39ad 
Fixes breakage from #313 (9c34d5e).

Also, when "fetch/sign URLs do not match config", log the underlying
reason(s).

Finally, improve the logging in gateway_server slightly + `go fmt`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alin04 alin04 alin04 approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@twifkak @alin04 @googlebot