From a4eb5c0bb027507a451486d41b8dd65cea66a0e0 Mon Sep 17 00:00:00 2001 From: nitram509 Date: Sun, 9 Oct 2022 00:45:38 +0200 Subject: [PATCH 1/4] fix: correct mimetype is returned fix: when request /index.html, base path was not modified fix: wrong 'err' variable used when log.Errorf("Failed to stat file or dir %s: %v"...) was printed change: when a file is not found, 404 is return (before: the index.html was returned) add: tests for static files serving Signed-off-by: nitram509 --- server/server.go | 116 +------------------------ server/server_static.go | 99 ++++++++++++++++++++++ server/server_static_test.go | 122 +++++++++++++++++++++++++++ server/static_test/index.html | 8 ++ server/static_test/test-dir/test.css | 1 + 5 files changed, 233 insertions(+), 113 deletions(-) create mode 100644 server/server_static.go create mode 100644 server/server_static_test.go create mode 100644 server/static_test/index.html create mode 100644 server/static_test/test-dir/test.css diff --git a/server/server.go b/server/server.go index 62c8714b9f..a69d90d5f0 100644 --- a/server/server.go +++ b/server/server.go @@ -2,13 +2,9 @@ package server import ( "context" - "embed" "fmt" - "io/fs" "net" "net/http" - "path" - "regexp" "strings" "time" @@ -47,9 +43,6 @@ import ( versionutils "github.com/argoproj/argo-rollouts/utils/version" ) -//go:embed static/* -var static embed.FS //nolint - var backoff = wait.Backoff{ Steps: 5, Duration: 500 * time.Millisecond, @@ -81,13 +74,6 @@ func NewServer(o ServerOptions) *ArgoRolloutsServer { return &ArgoRolloutsServer{Options: o} } -var re = regexp.MustCompile(``) - -func withRootPath(fileContent []byte, rootpath string) []byte { - var temp = re.ReplaceAllString(string(fileContent), ``) - return []byte(temp) -} - func (s *ArgoRolloutsServer) newHTTPServer(ctx context.Context, port int) *http.Server { mux := http.NewServeMux() endpoint := fmt.Sprintf("0.0.0.0:%d", port) @@ -117,109 +103,13 @@ func (s *ArgoRolloutsServer) newHTTPServer(ctx context.Context, port int) *http. panic(err) } - var handler http.Handler = gwmux - - mux.Handle("/api/", handler) - - mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - requestedURI := path.Clean(r.RequestURI) - rootPath := path.Clean("/" + s.Options.RootPath) - - if requestedURI == "/" { - http.Redirect(w, r, rootPath+"/", http.StatusFound) - return - } - - //If the rootPath is not in the prefix 404 - if !strings.HasPrefix(requestedURI, rootPath) { - http.NotFound(w, r) - return - } - //If the rootPath is the requestedURI, serve index.html - if requestedURI == rootPath { - fileBytes, openErr := s.readIndexHtml() - if openErr != nil { - log.Errorf("Error opening file index.html: %v", openErr) - w.WriteHeader(http.StatusInternalServerError) - return - } - w.Write(fileBytes) - return - } - - embedPath := path.Join("static", strings.TrimPrefix(requestedURI, rootPath)) - file, openErr := static.Open(embedPath) - if openErr != nil { - fErr := openErr.(*fs.PathError) - //If the file is not found, serve index.html - if fErr.Err == fs.ErrNotExist { - fileBytes, openErr := s.readIndexHtml() - if openErr != nil { - log.Errorf("Error opening file index.html: %v", openErr) - w.WriteHeader(http.StatusInternalServerError) - return - } - w.Write(fileBytes) - return - } else { - log.Errorf("Error opening file %s: %v", embedPath, openErr) - w.WriteHeader(http.StatusInternalServerError) - return - } - } - defer file.Close() - - stat, statErr := file.Stat() - if statErr != nil { - log.Errorf("Failed to stat file or dir %s: %v", embedPath, err) - w.WriteHeader(http.StatusInternalServerError) - return - } - - fileBytes := make([]byte, stat.Size()) - _, err = file.Read(fileBytes) - if err != nil { - log.Errorf("Failed to read file %s: %v", embedPath, err) - w.WriteHeader(http.StatusInternalServerError) - return - } - - w.Write(fileBytes) - }) + var apiHandler http.Handler = gwmux + mux.Handle("/api/", apiHandler) + mux.HandleFunc("/", s.staticFileHttpHandler) return &httpS } -func (s *ArgoRolloutsServer) readIndexHtml() ([]byte, error) { - file, err := static.Open("static/index.html") - if err != nil { - log.Errorf("Failed to open file %s: %v", "static/index.html", err) - return nil, err - } - defer func() { - if file != nil { - if err := file.Close(); err != nil { - log.Errorf("Error closing file: %v", err) - } - } - }() - - stat, err := file.Stat() - if err != nil { - log.Errorf("Failed to stat file or dir %s: %v", "static/index.html", err) - return nil, err - } - - fileBytes := make([]byte, stat.Size()) - _, err = file.Read(fileBytes) - if err != nil { - log.Errorf("Failed to read file %s: %v", "static/index.html", err) - return nil, err - } - - return withRootPath(fileBytes, s.Options.RootPath), nil -} - func (s *ArgoRolloutsServer) newGRPCServer() *grpc.Server { grpcS := grpc.NewServer() var rolloutsServer rollout.RolloutServiceServer = NewServer(s.Options) diff --git a/server/server_static.go b/server/server_static.go new file mode 100644 index 0000000000..2260f17b73 --- /dev/null +++ b/server/server_static.go @@ -0,0 +1,99 @@ +package server + +import ( + "embed" + "errors" + "io/fs" + "mime" + "net/http" + "path" + "regexp" + "strconv" + "strings" + + log "github.com/sirupsen/logrus" +) + +var ( + //go:embed static/* + static embed.FS //nolint + staticBasePath = "static" + IndexHtmlFile = staticBasePath + "/index.html" +) + +const ( + ContentType = "Content-Type" + ContentLength = "Content-Length" +) + +func (s *ArgoRolloutsServer) staticFileHttpHandler(w http.ResponseWriter, r *http.Request) { + requestedURI := path.Clean(r.RequestURI) + rootPath := path.Clean("/" + s.Options.RootPath) + + if requestedURI == "/" { + http.Redirect(w, r, rootPath+"/", http.StatusFound) + return + } + + //If the rootPath is not in the prefix 404 + if !strings.HasPrefix(requestedURI, rootPath) { + http.NotFound(w, r) + return + } + + embedPath := path.Join(staticBasePath, strings.TrimPrefix(requestedURI, rootPath)) + + //If the rootPath is the requestedURI, serve index.html + if requestedURI == rootPath { + embedPath = IndexHtmlFile + } + + fileBytes, err := static.ReadFile(embedPath) + if err != nil { + if fileNotExistsOrIsDirectoryError(err) { + http.NotFound(w, r) + return + } + log.Errorf("Error reading file %s: %v", embedPath, err) + w.WriteHeader(http.StatusInternalServerError) + return + } + + if embedPath == IndexHtmlFile { + fileBytes = withRootPath(fileBytes, s.Options.RootPath) + } + + w.Header().Set(ContentType, determineMimeType(embedPath)) + w.Header().Set(ContentLength, strconv.Itoa(len(fileBytes))) + w.WriteHeader(http.StatusOK) + _, err = w.Write(fileBytes) + if err != nil { + log.Errorf("Error writing response: %v", err) + } +} + +func fileNotExistsOrIsDirectoryError(err error) bool { + if errors.Is(err, fs.ErrNotExist) { + return true + } + pathErr, isPathError := err.(*fs.PathError) + return isPathError && strings.Contains(pathErr.Error(), "is a directory") +} + +func determineMimeType(fileName string) string { + idx := strings.LastIndex(fileName, ".") + if idx >= 0 { + mimeType := mime.TypeByExtension(fileName[idx:]) + if len(mimeType) > 0 { + return mimeType + } + } + return "text/plain" +} + +var re = regexp.MustCompile(``) + +func withRootPath(fileContent []byte, rootpath string) []byte { + var temp = re.ReplaceAllString(string(fileContent), ``) + return []byte(temp) +} diff --git a/server/server_static_test.go b/server/server_static_test.go new file mode 100644 index 0000000000..bf4e6ef32c --- /dev/null +++ b/server/server_static_test.go @@ -0,0 +1,122 @@ +package server + +import ( + "embed" + "io" + "mime" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/tj/assert" +) + +const TestRootPath = "/test-root" + +var ( + //go:embed static_test/* + staticTestData embed.FS //nolint + mockServer ArgoRolloutsServer +) + +func init() { + static = staticTestData + staticBasePath = "static_test" + IndexHtmlFile = staticBasePath + "/index.html" + mockServer = mockArgoRolloutServer() +} + +func TestIndexHtmlIsServed(t *testing.T) { + tests := []struct { + requestPath string + }{ + {"/"}, + {"/index.html"}, + {"/nonsense/../index.html"}, + {"/test-dir/test.css"}, + } + for _, test := range tests { + t.Run(test.requestPath, func(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, TestRootPath+test.requestPath, nil) + w := httptest.NewRecorder() + mockServer.staticFileHttpHandler(w, req) + res := w.Result() + defer res.Body.Close() + data, err := io.ReadAll(res.Body) + assert.NoError(t, err) + assert.Equal(t, res.StatusCode, http.StatusOK) + if strings.HasSuffix(test.requestPath, ".css") { + assert.Equal(t, res.Header.Get(ContentType), mime.TypeByExtension(".css")) + assert.Contains(t, string(data), "empty by intent") + } else { + assert.Equal(t, res.Header.Get(ContentType), mime.TypeByExtension(".html")) + assert.Contains(t, string(data), "index-title") + } + }) + } +} + +func TestInvalidFileAndExistingDirectoryReturns404(t *testing.T) { + tests := []struct { + requestPath string + }{ + {"/test-dir"}, + {"/invalid-file.html"}, + } + for _, test := range tests { + t.Run(test.requestPath, func(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, TestRootPath+test.requestPath, nil) + w := httptest.NewRecorder() + mockServer.staticFileHttpHandler(w, req) + res := w.Result() + defer res.Body.Close() + _, err := io.ReadAll(res.Body) + assert.NoError(t, err) + assert.Equal(t, res.StatusCode, http.StatusNotFound) + }) + } +} + +func TestSlashWillBeRedirectedToRootPath(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, "/", nil) + w := httptest.NewRecorder() + mockServer.staticFileHttpHandler(w, req) + res := w.Result() + defer res.Body.Close() + _, err := io.ReadAll(res.Body) + assert.NoError(t, err) + assert.Equal(t, res.StatusCode, http.StatusFound) + assert.Contains(t, res.Header.Get("Location"), TestRootPath) +} + +func TestInvalidFilesOrHackingAttemptReturn404(t *testing.T) { + tests := []struct { + requestPath string + }{ + {"/index.html"}, // should fail, because not prefixed with Option.RootPath + {"/etc/passwd"}, + {TestRootPath + "/../etc/passwd"}, + {TestRootPath + "/../../etc/passwd"}, + {TestRootPath + "/../../../etc/passwd"}, + } + for _, test := range tests { + t.Run(test.requestPath, func(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, test.requestPath, nil) + w := httptest.NewRecorder() + mockServer.staticFileHttpHandler(w, req) + res := w.Result() + defer res.Body.Close() + assert.Equal(t, res.StatusCode, http.StatusNotFound) + }) + } +} + +func mockArgoRolloutServer() ArgoRolloutsServer { + s := ArgoRolloutsServer{ + Options: ServerOptions{ + RootPath: TestRootPath, + }, + } + return s +} diff --git a/server/static_test/index.html b/server/static_test/index.html new file mode 100644 index 0000000000..e00442e075 --- /dev/null +++ b/server/static_test/index.html @@ -0,0 +1,8 @@ + + + index-title + + +index-body + + diff --git a/server/static_test/test-dir/test.css b/server/static_test/test-dir/test.css new file mode 100644 index 0000000000..1c10d48411 --- /dev/null +++ b/server/static_test/test-dir/test.css @@ -0,0 +1 @@ +/* empty by intent */ From e86a72a5f71534ce3827a675b271d7411f53f210 Mon Sep 17 00:00:00 2001 From: nitram509 Date: Sun, 9 Oct 2022 00:54:23 +0200 Subject: [PATCH 2/4] fix sonar cloud complains about invalid HTML See https://sonarcloud.io/project/issues?resolved=false&types=BUG&pullRequest=2303&id=argoproj_argo-rollouts&open=AYO5y8lxtb83AIZrmShZ Signed-off-by: nitram509 --- server/static_test/index.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/static_test/index.html b/server/static_test/index.html index e00442e075..03753f5f4f 100644 --- a/server/static_test/index.html +++ b/server/static_test/index.html @@ -1,4 +1,5 @@ - + + index-title From ede77cda3ea364283850b338a68c50ce9ede0859 Mon Sep 17 00:00:00 2001 From: nitram509 Date: Sun, 9 Oct 2022 23:52:01 +0200 Subject: [PATCH 3/4] fix send index.html when page not found, because client side React UI router Signed-off-by: nitram509 --- server/server_static.go | 10 +++++---- server/server_static_test.go | 39 ++++++++++++++---------------------- 2 files changed, 21 insertions(+), 28 deletions(-) diff --git a/server/server_static.go b/server/server_static.go index 2260f17b73..a306a06c58 100644 --- a/server/server_static.go +++ b/server/server_static.go @@ -51,12 +51,14 @@ func (s *ArgoRolloutsServer) staticFileHttpHandler(w http.ResponseWriter, r *htt fileBytes, err := static.ReadFile(embedPath) if err != nil { if fileNotExistsOrIsDirectoryError(err) { - http.NotFound(w, r) + // send index.html, because UI will use path based router in React + fileBytes, _ = static.ReadFile(IndexHtmlFile) + embedPath = IndexHtmlFile + } else { + log.Errorf("Error reading file %s: %v", embedPath, err) + w.WriteHeader(http.StatusInternalServerError) return } - log.Errorf("Error reading file %s: %v", embedPath, err) - w.WriteHeader(http.StatusInternalServerError) - return } if embedPath == IndexHtmlFile { diff --git a/server/server_static_test.go b/server/server_static_test.go index bf4e6ef32c..69d23633c4 100644 --- a/server/server_static_test.go +++ b/server/server_static_test.go @@ -31,14 +31,14 @@ func TestIndexHtmlIsServed(t *testing.T) { tests := []struct { requestPath string }{ - {"/"}, - {"/index.html"}, - {"/nonsense/../index.html"}, - {"/test-dir/test.css"}, + {TestRootPath + "/"}, + {TestRootPath + "/index.html"}, + {TestRootPath + "/nonsense/../index.html"}, + {TestRootPath + "/test-dir/test.css"}, } for _, test := range tests { t.Run(test.requestPath, func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, TestRootPath+test.requestPath, nil) + req := httptest.NewRequest(http.MethodGet, test.requestPath, nil) w := httptest.NewRecorder() mockServer.staticFileHttpHandler(w, req) res := w.Result() @@ -57,25 +57,16 @@ func TestIndexHtmlIsServed(t *testing.T) { } } -func TestInvalidFileAndExistingDirectoryReturns404(t *testing.T) { - tests := []struct { - requestPath string - }{ - {"/test-dir"}, - {"/invalid-file.html"}, - } - for _, test := range tests { - t.Run(test.requestPath, func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, TestRootPath+test.requestPath, nil) - w := httptest.NewRecorder() - mockServer.staticFileHttpHandler(w, req) - res := w.Result() - defer res.Body.Close() - _, err := io.ReadAll(res.Body) - assert.NoError(t, err) - assert.Equal(t, res.StatusCode, http.StatusNotFound) - }) - } +func TestWhenFileNotFoundSendIndexPageForUiReactRouter(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, TestRootPath+"/namespace-default", nil) + w := httptest.NewRecorder() + mockServer.staticFileHttpHandler(w, req) + res := w.Result() + defer res.Body.Close() + data, err := io.ReadAll(res.Body) + assert.NoError(t, err) + assert.Equal(t, res.StatusCode, http.StatusOK) + assert.Contains(t, string(data), "index-title") } func TestSlashWillBeRedirectedToRootPath(t *testing.T) { From dca346bea51c474d141c1f37f6f7f64b2bcf9689 Mon Sep 17 00:00:00 2001 From: nitram509 Date: Sat, 15 Oct 2022 09:47:40 +0200 Subject: [PATCH 4/4] make variable private (feedback from review) Signed-off-by: nitram509 --- server/server_static.go | 10 +++++----- server/server_static_test.go | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/server/server_static.go b/server/server_static.go index a306a06c58..44f2fb78f6 100644 --- a/server/server_static.go +++ b/server/server_static.go @@ -18,7 +18,7 @@ var ( //go:embed static/* static embed.FS //nolint staticBasePath = "static" - IndexHtmlFile = staticBasePath + "/index.html" + indexHtmlFile = staticBasePath + "/index.html" ) const ( @@ -45,15 +45,15 @@ func (s *ArgoRolloutsServer) staticFileHttpHandler(w http.ResponseWriter, r *htt //If the rootPath is the requestedURI, serve index.html if requestedURI == rootPath { - embedPath = IndexHtmlFile + embedPath = indexHtmlFile } fileBytes, err := static.ReadFile(embedPath) if err != nil { if fileNotExistsOrIsDirectoryError(err) { // send index.html, because UI will use path based router in React - fileBytes, _ = static.ReadFile(IndexHtmlFile) - embedPath = IndexHtmlFile + fileBytes, _ = static.ReadFile(indexHtmlFile) + embedPath = indexHtmlFile } else { log.Errorf("Error reading file %s: %v", embedPath, err) w.WriteHeader(http.StatusInternalServerError) @@ -61,7 +61,7 @@ func (s *ArgoRolloutsServer) staticFileHttpHandler(w http.ResponseWriter, r *htt } } - if embedPath == IndexHtmlFile { + if embedPath == indexHtmlFile { fileBytes = withRootPath(fileBytes, s.Options.RootPath) } diff --git a/server/server_static_test.go b/server/server_static_test.go index 69d23633c4..82b5b19ac9 100644 --- a/server/server_static_test.go +++ b/server/server_static_test.go @@ -23,7 +23,7 @@ var ( func init() { static = staticTestData staticBasePath = "static_test" - IndexHtmlFile = staticBasePath + "/index.html" + indexHtmlFile = staticBasePath + "/index.html" mockServer = mockArgoRolloutServer() }