From 9602e30439f03217ae1af1125a51fa42b6f0e01b Mon Sep 17 00:00:00 2001 From: Philipp Winter Date: Thu, 5 Dec 2024 07:31:04 -0600 Subject: [PATCH] Change URL path directory. Change "enclave" to the more specific "veil". And while we're at it, turn the paths from brittle string literals into constants. --- cmd/veil-verify/attestation.go | 3 ++- cmd/veil/main_test.go | 29 +++++++++++++++-------------- internal/service/routes.go | 22 ++++++++++++++++------ 3 files changed, 33 insertions(+), 21 deletions(-) diff --git a/cmd/veil-verify/attestation.go b/cmd/veil-verify/attestation.go index dffcf51..0bf6b87 100644 --- a/cmd/veil-verify/attestation.go +++ b/cmd/veil-verify/attestation.go @@ -21,6 +21,7 @@ import ( "github.com/Amnesic-Systems/veil/internal/errs" "github.com/Amnesic-Systems/veil/internal/httpx" "github.com/Amnesic-Systems/veil/internal/nonce" + "github.com/Amnesic-Systems/veil/internal/service" "github.com/Amnesic-Systems/veil/internal/util" ) @@ -46,7 +47,7 @@ func attestEnclave( // certificates because authentication is happening via the attestation // document. client := httpx.NewUnauthClient() - url := cfg.addr + "/enclave/attestation?nonce=" + nonce.URLEncode() + url := cfg.addr + service.PathAttestation + "?nonce=" + nonce.URLEncode() req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) if err != nil { return err diff --git a/cmd/veil/main_test.go b/cmd/veil/main_test.go index 37443d7..c28c32c 100644 --- a/cmd/veil/main_test.go +++ b/cmd/veil/main_test.go @@ -26,6 +26,7 @@ import ( "github.com/Amnesic-Systems/veil/internal/httperr" "github.com/Amnesic-Systems/veil/internal/httpx" "github.com/Amnesic-Systems/veil/internal/nonce" + "github.com/Amnesic-Systems/veil/internal/service" "github.com/Amnesic-Systems/veil/internal/service/attestation" "github.com/Amnesic-Systems/veil/internal/testutil" "github.com/Amnesic-Systems/veil/internal/util" @@ -136,12 +137,12 @@ func TestPages(t *testing.T) { }{ { name: "index", - url: extSrv("/enclave"), + url: extSrv(service.PathIndex), wantBody: "AWS Nitro Enclave", }, { name: "config", - url: extSrv("/enclave/config?nonce=" + url.QueryEscape( + url: extSrv(service.PathConfig + "?nonce=" + url.QueryEscape( "hJkjpaP/6cVT+vikk06HcN0aOdU=", )), wantBody: `"Debug":false`, @@ -166,7 +167,7 @@ func TestEnclaveCodeURI(t *testing.T) { const codeURI = "https://example.com" defer stopSvc(startSvc(t, withFlags("-enclave-code-uri", codeURI))) - resp, err := testutil.Client.Get(extSrv("/enclave")) + resp, err := testutil.Client.Get(extSrv(service.PathIndex)) require.NoError(t, err) require.Equal(t, http.StatusOK, resp.StatusCode) defer resp.Body.Close() @@ -186,24 +187,24 @@ func TestReadyHandler(t *testing.T) { }{ { name: "1st attempt public", - url: extSrv("/enclave"), + url: extSrv(service.PathIndex), wantErr: syscall.ECONNREFUSED, }, { name: "1st attempt ready", - url: intSrv("/enclave/ready"), + url: intSrv(service.PathReady), wantCode: http.StatusOK, wantErr: nil, }, { name: "2nd attempt ready", - url: intSrv("/enclave/ready"), + url: intSrv(service.PathReady), wantCode: http.StatusGone, wantErr: nil, }, { name: "2nd attempt public", - url: extSrv("/enclave"), + url: extSrv(service.PathIndex), wantCode: http.StatusOK, wantErr: nil, }, @@ -238,12 +239,12 @@ func TestAttestation(t *testing.T) { }{ { name: "missing nonce", - url: extSrv("/enclave/attestation"), + url: extSrv(service.PathAttestation), wantCode: http.StatusBadRequest, }, { name: "valid attestation request", - url: extSrv("/enclave/attestation"), + url: extSrv(service.PathAttestation), nonce: util.Must(nonce.New()), wantCode: http.StatusOK, }, @@ -291,13 +292,13 @@ func TestHashes(t *testing.T) { hashes = new(attestation.Hashes) doPost = func(body io.Reader) (*http.Response, error) { return testutil.Client.Post( - intSrv("/enclave/hash"), + intSrv(service.PathHash), "application/json", body, ) } doGet = func(_ io.Reader) (*http.Response, error) { - return testutil.Client.Get(intSrv("/enclave/hashes")) + return testutil.Client.Get(intSrv(service.PathHashes)) } ) hashes.SetAppHash(addr.Of(sha256.Sum256([]byte("foo")))) @@ -391,12 +392,12 @@ func TestReverseProxy(t *testing.T) { }, { name: "also not for reverse proxy", - path: "/enclave", + path: service.PathIndex, wantCode: http.StatusOK, }, { name: "definitely not for reverse proxy", - path: "/enclave/attestation", + path: service.PathAttestation, wantCode: http.StatusBadRequest, }, } @@ -424,7 +425,7 @@ func TestRunApp(t *testing.T) { // Run curl to fetch veil's configuration from its external Web // server. command: fmt.Sprintf("curl --silent --insecure --output %s "+ - "https://localhost:%d/enclave/config?nonce=%s", + "https://localhost:%d"+service.PathConfig+"?nonce=%s", fd.Name(), defaultExtPort, util.Must(nonce.New()).URLEncode(), diff --git a/internal/service/routes.go b/internal/service/routes.go index a6d3f6b..0ffae3f 100644 --- a/internal/service/routes.go +++ b/internal/service/routes.go @@ -10,6 +10,16 @@ import ( "github.com/go-chi/chi/v5/middleware" ) +// Veil's URL paths. +const ( + PathIndex = "/veil" + PathConfig = "/veil/config" + PathAttestation = "/veil/attestation" + PathReady = "/veil/ready" + PathHashes = "/veil/hashes" + PathHash = "/veil/hash" +) + func setupMiddlewares(r *chi.Mux, config *config.Config) { if config.Debug { r.Use(middleware.Logger) @@ -23,9 +33,9 @@ func addExternalPublicRoutes( ) { setupMiddlewares(r, config) - r.Get("/enclave", handle.Index(config)) - r.Get("/enclave/config", handle.Config(builder, config)) - r.Get("/enclave/attestation", handle.Attestation(builder)) + r.Get(PathIndex, handle.Index(config)) + r.Get(PathConfig, handle.Config(builder, config)) + r.Get(PathAttestation, handle.Attestation(builder)) // Set up reverse proxy for the application' Web server. if config.AppWebSrv != nil { @@ -43,10 +53,10 @@ func addInternalRoutes( setupMiddlewares(r, config) if config.WaitForApp { - r.Get("/enclave/ready", handle.Ready(appReady)) + r.Get(PathReady, handle.Ready(appReady)) } else { close(appReady) } - r.Get("/enclave/hashes", handle.Hashes(hashes)) - r.Post("/enclave/hash", handle.AppHash(hashes.SetAppHash)) + r.Get(PathHashes, handle.Hashes(hashes)) + r.Post(PathHash, handle.AppHash(hashes.SetAppHash)) }