From a131f2bdf10e2815d79e3581fe6536b1499839b6 Mon Sep 17 00:00:00 2001 From: Filip Aleksic Date: Tue, 26 Jul 2022 07:53:41 +0000 Subject: Fixes acme redirection issues when using a wildcard redirect Changelog: fixed --- internal/acme/acme.go | 4 ++-- internal/redirects/redirects.go | 5 +++++ internal/redirects/redirects_test.go | 8 ++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) (limited to 'internal') diff --git a/internal/acme/acme.go b/internal/acme/acme.go index c83fcc08..ae808cdd 100644 --- a/internal/acme/acme.go +++ b/internal/acme/acme.go @@ -15,7 +15,7 @@ type FallbackStrategy func(http.ResponseWriter, *http.Request) bool // ServeAcmeChallenges identifies if request is acme-challenge and redirects to GitLab in that case func ServeAcmeChallenges(w http.ResponseWriter, r *http.Request, fallback FallbackStrategy, gitlabURL *url.URL) bool { - if !isAcmeChallenge(r.URL.Path) { + if !IsAcmeChallenge(r.URL.Path) { return false } @@ -27,7 +27,7 @@ func ServeAcmeChallenges(w http.ResponseWriter, r *http.Request, fallback Fallba return true } -func isAcmeChallenge(path string) bool { +func IsAcmeChallenge(path string) bool { return strings.HasPrefix(filepath.Clean(path), "/.well-known/acme-challenge/") } diff --git a/internal/redirects/redirects.go b/internal/redirects/redirects.go index 4add6537..4903518a 100644 --- a/internal/redirects/redirects.go +++ b/internal/redirects/redirects.go @@ -13,6 +13,7 @@ import ( netlifyRedirects "github.com/tj/go-redirects" "gitlab.com/gitlab-org/labkit/log" + "gitlab.com/gitlab-org/gitlab-pages/internal/acme" "gitlab.com/gitlab-org/gitlab-pages/internal/config" "gitlab.com/gitlab-org/gitlab-pages/internal/vfs" ) @@ -106,6 +107,10 @@ func (r *Redirects) Status() string { // Rewrite takes in a URL and uses the parsed Netlify rules to rewrite // the URL to the new location if it matches any rule func (r *Redirects) Rewrite(originalURL *url.URL) (*url.URL, int, error) { + if acme.IsAcmeChallenge(originalURL.Path) { + return nil, 0, ErrNoRedirect + } + rule, newPath := r.match(originalURL.Path) if rule == nil { return nil, 0, ErrNoRedirect diff --git a/internal/redirects/redirects_test.go b/internal/redirects/redirects_test.go index d40b065b..4ec34222 100644 --- a/internal/redirects/redirects_test.go +++ b/internal/redirects/redirects_test.go @@ -107,6 +107,14 @@ func TestRedirectsRewrite(t *testing.T) { expectedURL: "/the/cake/is/a/lie", expectedStatus: http.StatusOK, }, + { + name: "does_not_redirect_acme_challenges", + url: "/.well-known/acme-challenge/token", + rule: "/* /to/path 200", + expectedURL: "", + expectedStatus: 0, + expectedErr: ErrNoRedirect, + }, } for _, tt := range tests { -- cgit v1.2.3