diff options
-rw-r--r-- | internal/acme/acme.go | 4 | ||||
-rw-r--r-- | internal/redirects/redirects.go | 5 | ||||
-rw-r--r-- | internal/redirects/redirects_test.go | 8 |
3 files changed, 15 insertions, 2 deletions
diff --git a/internal/acme/acme.go b/internal/acme/acme.go index 039be32a..607dcc23 100644 --- a/internal/acme/acme.go +++ b/internal/acme/acme.go @@ -26,7 +26,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request, return false } - if !isAcmeChallenge(r.URL.Path) { + if !IsAcmeChallenge(r.URL.Path) { return false } @@ -37,7 +37,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request, return m.redirectToGitlab(w, r) } -func isAcmeChallenge(path string) bool { +func IsAcmeChallenge(path string) bool { return strings.HasPrefix(filepath.Clean(path), "/.well-known/acme-challenge/") } diff --git a/internal/redirects/redirects.go b/internal/redirects/redirects.go index 24ce8692..a0d0a774 100644 --- a/internal/redirects/redirects.go +++ b/internal/redirects/redirects.go @@ -14,6 +14,7 @@ import ( "gitlab.com/gitlab-org/labkit/log" + "gitlab.com/gitlab-org/gitlab-pages/internal/acme" "gitlab.com/gitlab-org/gitlab-pages/internal/vfs" ) @@ -100,6 +101,10 @@ func (r *Redirects) Status() string { // Rewrite takes in a URL and uses the parsed Netlify rules to rewrite // the URL to the new location if it matches any rule func (r *Redirects) Rewrite(originalURL *url.URL) (*url.URL, int, error) { + if acme.IsAcmeChallenge(originalURL.Path) { + return nil, 0, ErrNoRedirect + } + rule, newPath := r.match(originalURL.Path) if rule == nil { return nil, 0, ErrNoRedirect diff --git a/internal/redirects/redirects_test.go b/internal/redirects/redirects_test.go index 8cad98f8..a15d8413 100644 --- a/internal/redirects/redirects_test.go +++ b/internal/redirects/redirects_test.go @@ -123,6 +123,14 @@ func TestRedirectsRewrite(t *testing.T) { expectedStatus: http.StatusOK, expectedErr: "", }, + { + name: "does_not_redirect_acme_challenges", + url: "/.well-known/acme-challenge/token", + rule: "/* /to/path 200", + expectedURL: "", + expectedStatus: 0, + expectedErr: ErrNoRedirect.Error(), + }, } for _, tt := range tests { |