fix panic when calling certain methods on non-client requests; fix HandoffFanout (#220)

joeshaw · web-flow · commit 41aa2d55ece2 · 2025-11-20T13:36:58.000-05:00
diff --git a/end_to_end_tests/loopback/main_test.go b/end_to_end_tests/loopback/main_test.go
@@ -5,6 +5,7 @@ package main
 import (
 	"context"
 	"io"
+	"os"
 	"strings"
 	"testing"
 
@@ -85,3 +86,74 @@ func Test1xxStatusCode(t *testing.T) {
 		}
 	}
 }
+
+// Validate that accessors that (mostly) don't make sense against
+// backend requests return sane values.
+func TestBackendRequest(t *testing.T) {
+	t.Run("FastlyMeta", func(t *testing.T) {
+		req, err := fsthttp.NewRequest("GET", "http://anyplace.horse", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// We should get a mostly-empty FastlyMeta for backend requests.
+		meta, err := req.FastlyMeta()
+		if err != nil {
+			t.Fatalf("FastlyMeta: %v", err)
+		}
+		if meta == nil {
+			t.Fatal("FastlyMeta() returned nil")
+		}
+
+		if got, want := meta.SandboxID, os.Getenv("FASTLY_TRACE_ID"); got != want {
+			t.Errorf("FastlyMeta.SandboxID = %q, want: %q", got, want)
+		}
+		if got, want := meta.RequestID, ""; got != want {
+			t.Errorf("FastlyMeta.RequestID = %q, want: %q", got, want)
+		}
+		if got, want := meta.SandboxRequests, 0; got != want {
+			t.Errorf("FastlyMeta.SandboxRequests = %d, want: %d", got, want)
+		}
+	})
+
+	t.Run("TLSClientCertificateInfo", func(t *testing.T) {
+		req, err := fsthttp.NewRequest("GET", "http://anyplace.horse", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		ti, err := req.TLSClientCertificateInfo()
+		if err != nil {
+			t.Fatalf("TLSClientCertificateInfo: %v", err)
+		}
+		if ti == nil {
+			t.Fatal("TLSClientCertificateInfo() returned nil")
+		}
+
+		if got, want := len(ti.RawClientCertificate), 0; got != want {
+			t.Errorf("len(TLSClientCertificateInfo.RawClientCertificate) = %d, want: %d", got, want)
+		}
+	})
+
+	t.Run("HandoffWebsocket", func(t *testing.T) {
+		req, err := fsthttp.NewRequest("GET", "http://anyplace.horse", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if got, want := req.HandoffWebsocket("self"), fsthttp.ErrHandoffNotSupported; got != want {
+			t.Errorf("HandoffWebsocket() = %v, want: %v", got, want)
+		}
+	})
+
+	t.Run("HandoffFanout", func(t *testing.T) {
+		req, err := fsthttp.NewRequest("GET", "http://anyplace.horse", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if got, want := req.HandoffFanout("self"), fsthttp.ErrHandoffNotSupported; got != want {
+			t.Errorf("HandoffFanout() = %v, want: %v", got, want)
+		}
+	})
+}
diff --git a/fsthttp/request.go b/fsthttp/request.go
@@ -371,29 +371,31 @@ func (req *Request) FastlyMeta() (*FastlyMeta, error) {
 		SandboxRequests: req.sandboxRequests,
 	}
 
-	fastlyMeta.RequestID, err = req.downstream.req.DownstreamRequestID()
-	if err != nil {
-		return nil, fmt.Errorf("get request ID: %w", err)
-	}
+	if req.downstream.req != nil {
+		fastlyMeta.RequestID, err = req.downstream.req.DownstreamRequestID()
+		if err != nil {
+			return nil, fmt.Errorf("get request ID: %w", err)
+		}
 
-	fastlyMeta.H2, err = req.downstream.req.DownstreamH2Fingerprint()
-	if err = ignoreNoneError(err); err != nil {
-		return nil, fmt.Errorf("get H2 fingerprint: %w", err)
-	}
+		fastlyMeta.H2, err = req.downstream.req.DownstreamH2Fingerprint()
+		if err = ignoreNoneError(err); err != nil {
+			return nil, fmt.Errorf("get H2 fingerprint: %w", err)
+		}
 
-	fastlyMeta.OH, err = req.downstream.req.DownstreamOHFingerprint()
-	if err = ignoreNoneError(err); err != nil {
-		return nil, fmt.Errorf("get OH fingerprint: %w", err)
-	}
+		fastlyMeta.OH, err = req.downstream.req.DownstreamOHFingerprint()
+		if err = ignoreNoneError(err); err != nil {
+			return nil, fmt.Errorf("get OH fingerprint: %w", err)
+		}
 
-	fastlyMeta.DDOSDetected, err = req.downstream.req.DownstreamDDOSDetected()
-	if err != nil {
-		return nil, fmt.Errorf("get ddos detected: %w", err)
-	}
+		fastlyMeta.DDOSDetected, err = req.downstream.req.DownstreamDDOSDetected()
+		if err != nil {
+			return nil, fmt.Errorf("get ddos detected: %w", err)
+		}
 
-	fastlyMeta.FastlyKeyIsValid, err = req.downstream.req.DownstreamFastlyKeyIsValid()
-	if err != nil {
-		return nil, fmt.Errorf("get fastly key is valid: %w", err)
+		fastlyMeta.FastlyKeyIsValid, err = req.downstream.req.DownstreamFastlyKeyIsValid()
+		if err != nil {
+			return nil, fmt.Errorf("get fastly key is valid: %w", err)
+		}
 	}
 
 	req.fastlyMeta = fastlyMeta
@@ -563,7 +565,6 @@ func (req *Request) sendToImageOpto(ctx context.Context, backend string) (*Respo
 	abiResp, abiBody, err := req.abi.req.SendToImageOpto(req.abi.body, backend, query)
 	if err != nil {
 		return nil, err
-
 	}
 
 	resp, err := newResponse(req, backend, abiResp, abiBody)
@@ -1053,15 +1054,17 @@ func (req *Request) TLSClientCertificateInfo() (*TLSClientCertificateInfo, error
 	var err error
 	var cert TLSClientCertificateInfo
 
-	cert.RawClientCertificate, err = req.downstream.req.DownstreamTLSRawClientCertificate()
-	if err = ignoreNoneError(err); err != nil {
-		return nil, fmt.Errorf("get TLS raw client certificate: %w", err)
-	}
+	if req.downstream.req != nil {
+		cert.RawClientCertificate, err = req.downstream.req.DownstreamTLSRawClientCertificate()
+		if err = ignoreNoneError(err); err != nil {
+			return nil, fmt.Errorf("get TLS raw client certificate: %w", err)
+		}
 
-	if cert.RawClientCertificate != nil {
-		cert.ClientCertIsVerified, err = req.downstream.req.DownstreamTLSClientCertVerifyResult()
-		if err != nil {
-			return nil, fmt.Errorf("get TLS client certificate verify: %w", err)
+		if cert.RawClientCertificate != nil {
+			cert.ClientCertIsVerified, err = req.downstream.req.DownstreamTLSClientCertVerifyResult()
+			if err != nil {
+				return nil, fmt.Errorf("get TLS client certificate verify: %w", err)
+			}
 		}
 	}
 
@@ -1115,6 +1118,8 @@ type DecompressResponseOptions struct {
 	Gzip bool
 }
 
+var ErrHandoffNotSupported = errors.New("handoff not supported on this request")
+
 // HandoffWebsocket passes the WebSocket directly to a backend.
 //
 // This can only be used on services that have the WebSockets feature
@@ -1124,6 +1129,9 @@ type DecompressResponseOptions struct {
 // Once this method has been called, no other response can be sent to this
 // request, and the application can exit without affecting the send.
 func (r *Request) HandoffWebsocket(backend string) error {
+	if r.downstream.req == nil {
+		return ErrHandoffNotSupported
+	}
 	return r.downstream.req.HandoffWebsocket(backend)
 }
 
@@ -1136,7 +1144,10 @@ func (r *Request) HandoffWebsocket(backend string) error {
 // called, no other response can be sent to this request, and the
 // application can exit without affecting the send.
 func (r *Request) HandoffFanout(backend string) error {
-	return r.downstream.req.HandoffWebsocket(backend)
+	if r.downstream.req == nil {
+		return ErrHandoffNotSupported
+	}
+	return r.downstream.req.HandoffFanout(backend)
 }
 
 // nopCloser is functionally the same as io.NopCloser, except that we
