Merge pull request #149 from cloudblue/LITE-26945-fix-redirect-location-when-trailing-slash

LITE-26945 fix redirect location based on proxy X-forwarded-.... headers

Author: ffaraone

connect/eaas/runner/handlers/web.py

@@ -48,6 +48,22 @@ async def __call__(self, scope, receive, send):
         await super().__call__(scope, receive, send)  # pragma: no cover
 
 
+class _ProxyHeadersMiddleware:
+    def __init__(self, app):
+        self.app = app
+
+    async def __call__(self, scope, receive, send):
+        if scope['type'] == 'http':  # pragma: no branch
+            headers = dict(scope['headers'])
+            if b'x-forwarded-host' in headers:
+                headers[b'host'] = headers[b'x-forwarded-host']
+                scope['headers'] = list(headers.items())
+            if b'x-forwarded-proto' in headers:
+                scope['scheme'] = headers[b'x-forwarded-proto'].decode('ascii')
+
+        await self.app(scope, receive, send)
+
+
 class WebApp(ApplicationHandlerBase):
     """
     Handle the lifecycle of an extension.
@@ -137,6 +153,8 @@ def get_asgi_application(self):
             _OpenApiCORSMiddleware,
             allow_origins=['*'],
         )
+        app.add_middleware(_ProxyHeadersMiddleware)
+
         if hasattr(self.get_application(), 'get_middlewares'):
             self.setup_middlewares(app, self.get_application().get_middlewares() or [])
 

tests/handlers/test_web.py

@@ -39,6 +39,7 @@
 from connect.eaas.runner.handlers.web import (
     WebApp,
     _OpenApiCORSMiddleware,
+    _ProxyHeadersMiddleware,
 )
 
 
@@ -203,13 +204,15 @@ def get_middlewares(cls):
     assert mocked_fastapi.add_middleware.mock_calls[0].args[0] == _OpenApiCORSMiddleware
     assert mocked_fastapi.add_middleware.mock_calls[0].kwargs['allow_origins'] == ['*']
 
-    assert mocked_fastapi.add_middleware.mock_calls[1].args[0] == BaseHTTPMiddleware
-    assert mocked_fastapi.add_middleware.mock_calls[1].kwargs['dispatch'] == middleware_fn
+    assert mocked_fastapi.add_middleware.mock_calls[1].args[0] == _ProxyHeadersMiddleware
 
-    assert mocked_fastapi.add_middleware.mock_calls[2].args[0] == MiddlewareClass
+    assert mocked_fastapi.add_middleware.mock_calls[2].args[0] == BaseHTTPMiddleware
+    assert mocked_fastapi.add_middleware.mock_calls[2].kwargs['dispatch'] == middleware_fn
 
     assert mocked_fastapi.add_middleware.mock_calls[3].args[0] == MiddlewareClass
-    assert mocked_fastapi.add_middleware.mock_calls[3].kwargs['arg1'] == 'val1'
+
+    assert mocked_fastapi.add_middleware.mock_calls[4].args[0] == MiddlewareClass
+    assert mocked_fastapi.add_middleware.mock_calls[4].kwargs['arg1'] == 'val1'
 
     if static_root:
         mocked_static_files.assert_called_once_with(directory=static_root)

tests/workers/test_web.py

@@ -289,6 +289,165 @@ def test_url(self):
     )
 
 
+@pytest.mark.parametrize(
+    'task_options',
+    (
+        WebTaskOptions(
+            correlation_id='correlation_id',
+            reply_to='reply_to',
+            api_key='api_key',
+            installation_id='installation_id',
+        ),
+        WebTaskOptions(
+            correlation_id='correlation_id',
+            reply_to='reply_to',
+            api_key='api_key',
+            installation_id='installation_id',
+            connect_correlation_id='connect_correlation_id',
+            user_id='user_id',
+            account_id='account_id',
+            account_role='account_role',
+            call_type='user',
+            call_source='ui',
+        ),
+    ),
+)
+@pytest.mark.asyncio
+async def test_http_call_redirect(mocker, ws_server, unused_port, settings_payload, task_options):
+    setup_response = copy.deepcopy(settings_payload)
+    setup_response['logging']['logging_api_key'] = 'logging_api_key'
+    setup_response['logging']['log_level'] = None
+    mocker.patch(
+        'connect.eaas.runner.config.get_environment',
+        return_value={
+            'ws_address': f'127.0.0.1:{unused_port}',
+            'api_address': f'127.0.0.1:{unused_port}',
+            'api_key': 'SU-000:XXXX',
+            'environment_id': 'ENV-000-0001',
+            'instance_id': 'INS-000-0002',
+            'background_task_max_execution_time': 300,
+            'interactive_task_max_execution_time': 120,
+            'scheduled_task_max_execution_time': 43200,
+            'webapp_port': 53575,
+        },
+    )
+
+    ui_modules = {
+        'settings': {
+            'label': 'Settings',
+            'url': '/static/settings.html',
+        },
+    }
+
+    @account_settings_page('Settings', '/static/settings.html')
+    @web_app(router)
+    class MyExtension(WebApplicationBase):
+        @classmethod
+        def get_descriptor(cls):
+            return {
+                'readme_url': 'https://read.me',
+                'changelog_url': 'https://change.log',
+            }
+
+        @classmethod
+        def get_static_root(cls):
+            return None
+
+        @router.get('/test/url')
+        def test_url(self):
+            return {'test': 'ok'}
+
+    mocker.patch.object(
+        WebApp,
+        'load_application',
+        return_value=MyExtension,
+    )
+
+    mocker.patch('connect.eaas.runner.workers.web.get_version', return_value='24.1')
+
+    web_task = WebTask(
+        options=task_options,
+        request=HttpRequest(
+            method='GET',
+            url='/api/test/url/',
+            headers={
+                'X-Forwarded-Host': 'my.proxy.host',
+                'X-Forwarded-Proto': 'https',
+            },
+        ),
+    )
+
+    data_to_send = [
+        Message(
+            version=2,
+            message_type=MessageType.SETUP_RESPONSE,
+            data=SetupResponse(**setup_response),
+        ).dict(),
+        Message(
+            version=2,
+            message_type=MessageType.WEB_TASK,
+            data=web_task,
+        ).dict(),
+    ]
+
+    handler = WSHandler(
+        '/public/v1/devops/ws/ENV-000-0001/INS-000-0002/webapp',
+        data_to_send,
+        ['receive', 'send', 'send', 'receive'],
+    )
+
+    config = ConfigHelper(secure=False)
+    ext_handler = WebApp(config)
+
+    worker = None
+    async with ws_server(handler):
+        worker = WebWorker(ext_handler, mocker.MagicMock(), mocker.MagicMock(), mocker.MagicMock())
+        task = asyncio.create_task(worker.start())
+        await asyncio.sleep(.5)
+        worker.stop()
+        await task
+
+    handler.assert_received(
+        Message(
+            version=2,
+            message_type=MessageType.SETUP_REQUEST,
+            data=SetupRequest(
+                event_subscriptions=None,
+                ui_modules=ui_modules,
+                variables=[],
+                schedulables=None,
+                repository={
+                    'readme_url': 'https://read.me',
+                    'changelog_url': 'https://change.log',
+                },
+                runner_version='24.1',
+            ),
+        ),
+    )
+    handler.assert_received(
+        Message(
+            version=2,
+            message_type=MessageType.WEB_TASK,
+            data=WebTask(
+                options=task_options,
+                request=HttpRequest(
+                    method='GET',
+                    url='/api/test/url/',
+                    headers={},
+                ),
+                response=HttpResponse(
+                    status=307,
+                    headers={
+                        'content-length': '0',
+                        'location': 'https://my.proxy.host/api/test/url',
+                    },
+                    content='',
+                ),
+            ),
+        ),
+    )
+
+
 @pytest.mark.asyncio
 async def test_http_call_exception(mocker, ws_server, unused_port, settings_payload):
     setup_response = copy.deepcopy(settings_payload)