Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add subdomain support #1537

Merged
merged 3 commits into from
Jul 12, 2021
Merged

Add subdomain support #1537

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3f28623
Add subdomain support
matthewmcgarvey Jul 9, 2021
3d3f60b
register_subdomain -> require_subdomain and add nilable subdomain? me…
matthewmcgarvey Jul 9, 2021
360be2c
Add better error messaging for subdomain
matthewmcgarvey Jul 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
145 changes: 145 additions & 0 deletions spec/lucky/subdomain_spec.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
require "../spec_helper"

include ContextHelper

abstract class BaseAction < Lucky::Action
include Lucky::Subdomain
accepted_formats [:html], default: :html
end

class Simple::Index < BaseAction
require_subdomain

get "/simple" do
plain_text subdomain
end
end

class OptionalSubdomain::Index < BaseAction
get "/optional" do
plain_text subdomain? || "none"
end
end

class Specific::Index < BaseAction
require_subdomain "foo"

get "/specific" do
plain_text subdomain
end
end

class Regex::Index < BaseAction
require_subdomain /www\d/

get "/regex" do
plain_text subdomain
end
end

class Multiple::Index < BaseAction
require_subdomain ["test", "staging", /(prod|production)/]

get "/multiple" do
plain_text subdomain
end
end

describe Lucky::Subdomain do
it "handles general subdomain expectation" do
request = build_request(host: "foo.example.com")
response = Simple::Index.new(build_context(request), params).call
response.body.should eq "foo"
end

it "handles optional subdomain" do
request = build_request(host: "qa.example.com")
response = OptionalSubdomain::Index.new(build_context(request), params).call
response.body.should eq "qa"

request = build_request(host: "example.com")
response = OptionalSubdomain::Index.new(build_context(request), params).call
response.body.should eq "none"
end

it "raises error if subdomain missing" do
request = build_request(host: "example.com")
expect_raises(Lucky::InvalidSubdomainError) do
Simple::Index.new(build_context(request), params).call
end
end

it "handles specific subdomain expectation" do
request = build_request(host: "foo.example.com")
response = Specific::Index.new(build_context(request), params).call
response.body.should eq "foo"
end

it "raises error if subdomain does not match specific" do
request = build_request(host: "admin.example.com")
expect_raises(Lucky::InvalidSubdomainError) do
Specific::Index.new(build_context(request), params).call
end
end

it "handles regex subdomain expectation" do
request = build_request(host: "www4.example.com")
response = Regex::Index.new(build_context(request), params).call
response.body.should eq "www4"
end

it "raises error if subdomain does not match regex" do
request = build_request(host: "4www.example.com")
expect_raises(Lucky::InvalidSubdomainError) do
Regex::Index.new(build_context(request), params).call
end
end

it "handles multiple options for expectation" do
request = build_request(host: "test.example.com")
response = Multiple::Index.new(build_context(request), params).call
response.body.should eq "test"

request = build_request(host: "staging.example.com")
response = Multiple::Index.new(build_context(request), params).call
response.body.should eq "staging"

request = build_request(host: "prod.example.com")
response = Multiple::Index.new(build_context(request), params).call
response.body.should eq "prod"

request = build_request(host: "production.example.com")
response = Multiple::Index.new(build_context(request), params).call
response.body.should eq "production"
end

it "raises error if subdomain does not match any expectations" do
request = build_request(host: "development.example.com")
expect_raises(Lucky::InvalidSubdomainError) do
Multiple::Index.new(build_context(request), params).call
end
end

it "has configuration for urls with larger tld length" do
Lucky::Subdomain.temp_config(tld_length: 2) do
request = build_request(host: "foo.example.co.uk")
response = Simple::Index.new(build_context(request), params).call
response.body.should eq "foo"
end
end

it "will fail if using ip address" do
request = build_request(host: "development.127.0.0.1:3000")
expect_raises(Lucky::InvalidSubdomainError) do
Simple::Index.new(build_context(request), params).call
end
end

it "will not fail if using localhost and port with tld length set to 0" do
Lucky::Subdomain.temp_config(tld_length: 0) do
request = build_request(host: "foo.locahost:3000")
response = Simple::Index.new(build_context(request), params).call
response.body.should eq "foo"
end
end
end
5 changes: 3 additions & 2 deletions spec/support/context_helper.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ module ContextHelper
method = "GET",
body = "",
content_type = "",
fixed_length : Bool = false
fixed_length : Bool = false,
host = "example.com"
) : HTTP::Request
headers = HTTP::Headers.new
headers.add("Content-Type", content_type)
headers.add("Host", "example.com")
headers.add("Host", host)
if fixed_length
body = HTTP::FixedLengthContent.new(IO::Memory.new(body), body.size)
end
Expand Down
18 changes: 18 additions & 0 deletions src/lucky/errors.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,4 +237,22 @@ module Lucky
MESSAGE
end
end

class InvalidSubdomainError < Error
def initialize(@host : String?, @expected : Lucky::Subdomain::Matcher)
end

def message : String
if @host.nil?
"Expected to find a subdomain but did not find a hostname on the request."
elsif @expected == true
"Expected request to have a subdomain but did not find one."
else
<<-MESSAGE
Expected subdomain matcher(s): #{@expected.pretty_inspect}
Did not match host: #{@host}
MESSAGE
end
end
end
end
77 changes: 77 additions & 0 deletions src/lucky/subdomain.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
module Lucky::Subdomain
# Taken from https://github.com/rails/rails/blob/afc6abb674b51717dac39ea4d9e2252d7e40d060/actionpack/lib/action_dispatch/http/url.rb#L8
IP_HOST_REGEXP = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/

Habitat.create do
# tld_length is the number of Top Level Domain segments separated by periods
# the default is 1 because most domains end in ".com" or ".org"
# The tld_length should be changed to 2 when you have a ".co.uk" domain for example
# It can also be changed to 0 for local development so that you can use `tenant.localhost:3000`
setting tld_length : Int32 = 1
end

alias Matcher = String | Regex | Bool | Array(String | Regex) | Array(String) | Array(Regex)

# Sets up a subdomain requirement for an action
#
# ```
# require_subdomain # subdomain required but can be anything
# require_subdomain "admin" # subdomain required and must equal "admin"
# require_subdomain /(dev|qa|prod)/ # subdomain required and must match regex
# require_subdomain ["tenant1", "tenant2", /tenant\d/] # subdomain required and must match one of the items in the array
# ```
#
# The subdomain can then be accessed from within the route block by calling `subdomain`.
#
# If you don't want to require a subdomain but still want to check if one is passed
# you can still call `subdomain?` without using `require_subdomain`.
# Just know that `subdomain?` is nilable.
macro require_subdomain(matcher = true)
before _match_subdomain

private def subdomain : String
subdomain?.not_nil!
end

private def _match_subdomain
_match_subdomain({{ matcher }})
end
end

private def subdomain : String
{% raise "No subdomain available without calling `require_subdomain` first." %}
end

private def subdomain? : String?
host = request.hostname
return if host.nil? || IP_HOST_REGEXP.matches?(host)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to use Socket::IPAddress. This will handle IPV6 and IPV4 and it looks like it does not use a Regex so I think it might be faster.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did try to look for something in the stdlib and didn't find anything. I didn't see this class. Unfortunately the docs for it say this:

IPAddress won't resolve domains, including localhost. If you must resolve an IP, or don't know whether a String contains an IP or a domain name, you should use Addrinfo.resolve instead.

And it looks like Addrinfo.resolve won't answer the question of whether or not the host uses an ip address.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good point. You might looks at this to check if this is an IP. But it is not as nice as having using all stdlib tooling to fetch the sub domain.

https://crystal-lang.org/api/1.0.0/Socket.html#ip?(string:String)-class-method
https://play.crystal-lang.org/#/r/bicq

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @wontruefree. This one may be a little tricky since IPV6 would get passed through, but since Addrinfo.resolve works on normal hosts, we may get a false positive. This Socket::IPAddress looks like it may work https://crystal-lang.org/api/1.0.0/Socket/IPAddress.html

If you pass in "localhost", it'll raise an exception. The only thing I don't like is that the IP would actually be the edge case here which means we're raising an exception and rescuing 90% of the time which is probably a performance penalty 😝 ...

Maybe this is a "fine enough for now" scenario, and we just open a separate issue to figure out a better way?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you follow the rails link I left on the constant, the regex is exactly how Rails handles subdomains. It doesn't extract a subdomain if it matches the regex. I guess I'm not seeing how this wouldn't work.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like rails uses that second regex https://github.com/rails/rails/blob/afc6abb674b51717dac39ea4d9e2252d7e40d060/actionpack/lib/action_dispatch/http/url.rb#L9 which handles IPV6

/(^[^:]+:\/\/)?(\[[^\]]+\]|[^:]+)(?::(\d+$))?/ =~ "fe80::aede:48ff:fe00:1122"

It seems they're only using it when building the host url though. So I think we can just ignore it for now. I've never actually seen anyone access a site using IPV6. Maybe API calls for hackers trying to find vulnerabilities? I think this is a "fine enough for now" scenario though.


parts = host.split('.')
parts.pop(settings.tld_length + 1)

parts.empty? ? nil : parts.join(".")
end

private def _match_subdomain(matcher : Matcher)
expected = [matcher].flatten.compact
return continue if expected.empty?

actual = subdomain?
result = expected.any? do |expected_subdomain|
case expected_subdomain
when true
actual.present?
when Symbol
actual.to_s == expected_subdomain.to_s
else
expected_subdomain === actual
end
end

if result
continue
else
raise InvalidSubdomainError.new(host: request.hostname, expected: matcher)
end
end
end