Skip to content

Commit

Permalink
Health route vs access control (#654)
Browse files Browse the repository at this point in the history
* Test: health route vs access control

* Fix: register health route prior to other routes

* changelog entry
  • Loading branch information
johakoch authored Jan 4, 2023
1 parent a790816 commit 3ed2a5d
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ Unreleased changes are available as `avenga/couper:edge` container.

* **Fixed**
* [Endpoint sequences](https://docs.couper.io/configuration/block/endpoint#endpoint-sequence) not being terminated by errors (e.g. `unexpected_status`) (regression; since v1.11.0) ([#648](https://github.com/avenga/couper/pull/648))
* [Health route](https://docs.couper.io/observation/health) affected by [access control](https://docs.couper.io/configuration/access-control) (regression; since v1.11.0) ([#654](https://github.com/avenga/couper/pull/654))

---

Expand Down
1 change: 1 addition & 0 deletions server/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ func New(cmdCtx, evalCtx context.Context, log logrus.FieldLogger, settings *conf
for host, muxOpts := range hosts {
mux := NewMux(muxOpts)
registerHandler(mux.endpointRoot, []string{http.MethodGet}, settings.HealthPath, handler.NewHealthCheck(settings.HealthPath, shutdownCh))
mux.RegisterConfigured()
muxersList[host] = mux

// TODO: refactor (hosts,muxOpts, etc) format type and usage
Expand Down
30 changes: 30 additions & 0 deletions server/http_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -944,3 +944,33 @@ func TestHTTPServer_CVE_2022_2880(t *testing.T) {
t.Error(cmp.Diff(got, exp))
}
}

func TestHTTPServer_HealthVsAccessControl(t *testing.T) {
helper := test.New(t)
client := newClient()

shutdown, _ := newCouper("testdata/settings/22_couper.hcl", helper)
defer shutdown()

// Call health route
req, err := http.NewRequest(http.MethodGet, "http://example.com:8080/healthz", nil)
helper.Must(err)

res, err := client.Do(req)
helper.Must(err)

if res.StatusCode != http.StatusOK {
t.Errorf("Expected status 200, got %d", res.StatusCode)
}

// Call other route
req, err = http.NewRequest(http.MethodGet, "http://example.com:8080/foo", nil)
helper.Must(err)

res, err = client.Do(req)
helper.Must(err)

if res.StatusCode != http.StatusUnauthorized {
t.Errorf("Expected status 401, got %d", res.StatusCode)
}
}
18 changes: 10 additions & 8 deletions server/mux.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,20 +90,22 @@ func NewMux(options *runtime.MuxOptions) *Mux {
spaRoot: gmux.NewRouter(),
}

for _, path := range sortedPathPatterns(opts.EndpointRoutes) {
return mux
}

func (m *Mux) RegisterConfigured() {
for _, path := range sortedPathPatterns(m.opts.EndpointRoutes) {
// TODO: handle method option per endpoint configuration
mustAddRoute(mux.endpointRoot, path, opts.EndpointRoutes[path], true)
mustAddRoute(m.endpointRoot, path, m.opts.EndpointRoutes[path], true)
}

for _, path := range sortedPathPatterns(opts.FileRoutes) {
mustAddRoute(mux.fileRoot, utils.JoinOpenAPIPath(path, "/**"), opts.FileRoutes[path], false)
for _, path := range sortedPathPatterns(m.opts.FileRoutes) {
mustAddRoute(m.fileRoot, utils.JoinOpenAPIPath(path, "/**"), m.opts.FileRoutes[path], false)
}

for _, path := range sortedPathPatterns(opts.SPARoutes) {
mustAddRoute(mux.spaRoot, path, opts.SPARoutes[path], true)
for _, path := range sortedPathPatterns(m.opts.SPARoutes) {
mustAddRoute(m.spaRoot, path, m.opts.SPARoutes[path], true)
}

return mux
}

var noDefaultMethods []string
Expand Down
1 change: 1 addition & 0 deletions server/mux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ func TestMux_FindHandler_PathParamContext(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(subT *testing.T) {
mux := server.NewMux(testOptions)
mux.RegisterConfigured()

if got := mux.FindHandler(tt.req); reflect.DeepEqual(got, tt.want) {
subT.Errorf("FindHandler() = %v, want %v", got, tt.want)
Expand Down
18 changes: 18 additions & 0 deletions server/testdata/settings/22_couper.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
server {
access_control = ["ba"]

api {
endpoint "/**" {
response {
status = 204
}
}
}
}

definitions {
basic_auth "ba" {
user = "u"
password = "p"
}
}

0 comments on commit 3ed2a5d

Please sign in to comment.