From 0d792dcd8fbb651a639267ad24f39bfde2f4af23 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 5 Feb 2021 16:57:23 +0100 Subject: [PATCH] frontend: don't use path to give team's ID, use a dedicated header --- configs/nginx-demo.conf | 28 +++++++++++----------------- configs/nginx-prod.conf | 28 +++++++++++----------------- frontend/main.go | 13 ++++++------- frontend/register.go | 8 +++++--- frontend/submissions.go | 36 ++++++++++++++++++++---------------- 5 files changed, 53 insertions(+), 60 deletions(-) diff --git a/configs/nginx-demo.conf b/configs/nginx-demo.conf index d072a5ed..2087f737 100644 --- a/configs/nginx-demo.conf +++ b/configs/nginx-demo.conf @@ -180,55 +180,49 @@ server { location /submit/ { include fic-auth.conf; - rewrite ^/submit/(.*)$ /submission/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/submission; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /submit/issue { include fic-auth.conf; - rewrite ^/submit/.*$ /issue/$team break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/issue; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /submit/name { include fic-auth.conf; - rewrite ^/submit/.*$ /chname/$team break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/chname; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /registration { include fic-auth.conf; - rewrite ^/registration /registration/$team break; - proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /openhint/ { include fic-auth.conf; - rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /wantchoices/ { include fic-auth.conf; - rewrite ^/wantchoices/(.*)$ /wantchoices/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } } diff --git a/configs/nginx-prod.conf b/configs/nginx-prod.conf index 1ced4fa3..8abc3636 100644 --- a/configs/nginx-prod.conf +++ b/configs/nginx-prod.conf @@ -172,55 +172,49 @@ server { location /submit/ { include fic-auth.conf; - rewrite ^/submit/(.*)$ /submission/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/submission; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /submit/issue { include fic-auth.conf; - rewrite ^/submit/.*$ /issue/$team break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/issue; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /submit/name { include fic-auth.conf; - rewrite ^/submit/.*$ /chname/$team break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080/chname; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /registration { include fic-auth.conf; - rewrite ^/registration /registration/$team break; - proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /openhint/ { include fic-auth.conf; - rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } location /wantchoices/ { include fic-auth.conf; - rewrite ^/wantchoices/(.*)$ /wantchoices/$team/$1 break; - - proxy_pass http://frontend:8080/; + proxy_pass http://frontend:8080; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-FIC-Team $team; proxy_redirect off; } } diff --git a/frontend/main.go b/frontend/main.go index 9dd60c69..498cd3cc 100644 --- a/frontend/main.go +++ b/frontend/main.go @@ -54,13 +54,13 @@ func main() { settings.LoadAndWatchSettings(path.Join(settings.SettingsDir, settings.SettingsFile), reloadSettings) // Register handlers - http.Handle(fmt.Sprintf("%s/chname/", *prefix), http.StripPrefix(fmt.Sprintf("%s/chname/", *prefix), submissionTeamChecker{"name change", ChNameHandler, *teamsDir})) - http.Handle(fmt.Sprintf("%s/issue/", *prefix), http.StripPrefix(fmt.Sprintf("%s/issue/", *prefix), submissionTeamChecker{"issue", IssueHandler, *teamsDir})) - http.Handle(fmt.Sprintf("%s/openhint/", *prefix), http.StripPrefix(fmt.Sprintf("%s/openhint/", *prefix), submissionTeamChecker{"opening hint", HintHandler, *teamsDir})) - http.Handle(fmt.Sprintf("%s/wantchoices/", *prefix), http.StripPrefix(fmt.Sprintf("%s/wantchoices/", *prefix), submissionTeamChecker{"wantint choices", WantChoicesHandler, *teamsDir})) - http.Handle(fmt.Sprintf("%s/registration/", *prefix), http.StripPrefix(fmt.Sprintf("%s/registration/", *prefix), submissionChecker{"registration", RegistrationHandler})) + http.Handle(fmt.Sprintf("%s/chname/", *prefix), http.StripPrefix(fmt.Sprintf("%s/chname/", *prefix), submissionTeamChecker{"name change", ChNameHandler, *teamsDir, *simulator})) + http.Handle(fmt.Sprintf("%s/issue/", *prefix), http.StripPrefix(fmt.Sprintf("%s/issue/", *prefix), submissionTeamChecker{"issue", IssueHandler, *teamsDir, *simulator})) + http.Handle(fmt.Sprintf("%s/openhint/", *prefix), http.StripPrefix(fmt.Sprintf("%s/openhint/", *prefix), submissionTeamChecker{"opening hint", HintHandler, *teamsDir, *simulator})) + http.Handle(fmt.Sprintf("%s/wantchoices/", *prefix), http.StripPrefix(fmt.Sprintf("%s/wantchoices/", *prefix), submissionTeamChecker{"wantint choices", WantChoicesHandler, *teamsDir, *simulator})) + http.Handle(fmt.Sprintf("%s/registration", *prefix), http.StripPrefix(fmt.Sprintf("%s/registration", *prefix), submissionChecker{"registration", RegistrationHandler})) http.Handle(fmt.Sprintf("%s/resolution/", *prefix), http.StripPrefix(fmt.Sprintf("%s/resolution/", *prefix), ResolutionHandler{})) - http.Handle(fmt.Sprintf("%s/submission/", *prefix), http.StripPrefix(fmt.Sprintf("%s/submission/", *prefix), submissionTeamChecker{"submission", SubmissionHandler, *teamsDir})) + http.Handle(fmt.Sprintf("%s/submission/", *prefix), http.StripPrefix(fmt.Sprintf("%s/submission/", *prefix), submissionTeamChecker{"submission", SubmissionHandler, *teamsDir, *simulator})) if *simulator != "" { if _, err := os.Stat(path.Join(*teamsDir, *simulator)); os.IsNotExist(err) { @@ -120,7 +120,6 @@ loop: } } - log.Print("The service is shutting down...") srv.Shutdown(context.Background()) log.Println("done") diff --git a/frontend/register.go b/frontend/register.go index 60de99a1..e81b2ef2 100644 --- a/frontend/register.go +++ b/frontend/register.go @@ -15,11 +15,13 @@ func RegistrationHandler(w http.ResponseWriter, r *http.Request, sURL []string) return } - if len(sURL) < 1 || len(sURL[0]) == 0 { - http.Error(w, "{\"errmsg\":\"Arguments manquants.\"}", http.StatusBadRequest) + teamInitialName := "-" + if t := r.Header.Get("X-FIC-Team"); t != "" { + teamInitialName = t + } else { + http.Error(w, "{\"errmsg\":\"Votre jeton d'authentification semble invalide. Contactez l'équipe serveur.\"}", http.StatusInternalServerError) return } - teamInitialName := sURL[0] // Check request type and size if r.Method != "POST" { diff --git a/frontend/submissions.go b/frontend/submissions.go index 8d97f065..575587a8 100644 --- a/frontend/submissions.go +++ b/frontend/submissions.go @@ -10,24 +10,29 @@ import ( type submissionHandler func(w http.ResponseWriter, r *http.Request, sURL []string) -type submissionChecker struct{ - kind string - next submissionHandler +type submissionChecker struct { + kind string + next submissionHandler } type submissionTeamHandler func(w http.ResponseWriter, r *http.Request, team string, sURL []string) -type submissionTeamChecker struct{ - kind string - next submissionTeamHandler - teamsDir string +type submissionTeamChecker struct { + kind string + next submissionTeamHandler + teamsDir string + simulator string } func (c submissionChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) { if addr := r.Header.Get("X-Forwarded-For"); addr != "" { r.RemoteAddr = addr } - log.Printf("%s \"%s %s\" => %s [%s]\n", r.RemoteAddr, r.Method, r.URL.Path, c.kind, r.UserAgent()) + team := "-" + if t := r.Header.Get("X-FIC-Team"); t != "" { + team = t + } + log.Printf("%s %s \"%s %s\" => %s [%s]\n", r.RemoteAddr, team, r.Method, r.URL.Path, c.kind, r.UserAgent()) w.Header().Set("Content-Type", "application/json") @@ -41,21 +46,20 @@ func (c submissionChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) { } // Extract URL arguments - var sURL = strings.Split(r.URL.Path, "/") + var sURL = strings.Split(strings.TrimPrefix(r.URL.Path, "/"), "/") c.next(w, r, sURL) } func (c submissionTeamChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) { - submissionChecker{c.kind, func(w http.ResponseWriter, r *http.Request, sURL []string){ - if len(sURL) < 1 { - http.Error(w, "{\"errmsg\":\"Arguments manquants.\"}", http.StatusBadRequest) - return + submissionChecker{c.kind, func(w http.ResponseWriter, r *http.Request, sURL []string) { + team := c.simulator + if t := r.Header.Get("X-FIC-Team"); t != "" { + team = t } - team := sURL[0] // Check team validity and existance - if len(team) < 1 || team == "public" { + if len(team) < 1 || team == "-" || team == "public" { log.Println("INVALID TEAM:", team) http.Error(w, "{\"errmsg\":\"Équipe inexistante.\"}", http.StatusBadRequest) return @@ -65,6 +69,6 @@ func (c submissionTeamChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) return } - c.next(w, r, team, sURL[1:]) + c.next(w, r, team, sURL) }}.ServeHTTP(w, r) }