refactor: server host filtering #1174
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cleans up the host filtering by allowing `ipv6 addresses`, fixes a bug when host filtering with `*` is configured when a request is missing the default port. In addition the API on the server is stricter and hosts filtering with invalid authorities are now rejected which wasn't the case before.
niklasad1
commented
Aug 8, 2023
niklasad1
commented
Aug 8, 2023
jsdw
reviewed
Aug 8, 2023
jsdw
reviewed
Aug 8, 2023
| let uri: Uri = s.parse().map_err(|e: InvalidUri| e.to_string())?; | ||
| let authority = uri.authority().ok_or_else(|| "HTTP Host must contain authority".to_owned())?; | ||
| let hostname = authority.host(); | ||
| let maybe_port = &authority.as_str()[hostname.len()..]; |
There was a problem hiding this comment.
Ah; can't do authority.port() because port may bve eg * I guess!
There was a problem hiding this comment.
yes and also http::Uri::port won't tell us whether it has a default port or not as well, so we need to do some manual stuff here.
so a little bit hacky but this was cleanest I could come up with
jsdw
reviewed
Aug 8, 2023
jsdw
reviewed
Aug 8, 2023
jsdw
approved these changes
Aug 8, 2023
jsdw
reviewed
Aug 8, 2023
server/src/server.rs
Outdated
| /// Enables host filtering and allow only the specified hosts. | ||
| /// | ||
| /// Default: allow all. | ||
| pub fn host_filter<T: IntoIterator<Item = Authority>>(mut self, allow_only: T) -> Self { |
There was a problem hiding this comment.
Just to copy my element comment:
It could accept anything that can TryFrom into the Authority type and then it'd have to return the error when host_filter is called if there is one. Prolly a bit nicer cos then you can just do
.host_filter([
"foo.com",
"something_else.com:*"
])?for instance which would be quite cool.
(I think it should return an AuthorityError enum if the conversion fails personally rather than a String)
lexnv
approved these changes
Aug 9, 2023
niklasad1
commented
Aug 9, 2023
niklasad1
commented
Aug 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cleans up the host filtering by supporting
ipv6 addresses, fixes a bug when host filtering with*is configured when a request is missing the default port.In addition the API on the server is stricter and hosts filtering with invalid authorities are now rejected which wasn't the case before.
Close #1075