tauri-apps/archived-tauri-plugin-http
1
0
Fork 0
mirror of https://github.com/tauri-apps/tauri-plugin-http.git synced 2026-01-31 00:45:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(http): inconsistencies on urlpattern usage on scope (#1059)

Browse Source 
* fix(http): inconsistencies on urlpattern usage on scope

* fix tests

* enhance tests

Committed via a GitHub action: https://github.com/tauri-apps/plugins-workspace/actions/runs/8236507330

Co-authored-by: lucasfernog <lucasfernog@users.noreply.github.com>
This commit is contained in:
Lucas Fernandes Nogueira
2024-03-11 16:41:15 +00:00
committed by tauri-bot
parent 6383291d8e
commit 26ad0438a4
1 changed files with 59 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
src/scope.rs
View File

@@ -6,7 +6,7 @@ use std::sync::Arc;
use serde::{Deserialize, Deserializer};
use url::Url;
use urlpattern::{UrlPattern, UrlPatternInit, UrlPatternMatchInput};
use urlpattern::{UrlPattern, UrlPatternMatchInput};
#[allow(rustdoc::bare_urls)]
#[derive(Debug)]
@@ -15,7 +15,21 @@ pub struct Entry {
}
fn parse_url_pattern(s: &str) -> Result<UrlPattern, urlpattern::quirks::Error> {
let init = UrlPatternInit::parse_constructor_string::<regex::Regex>(s, None)?;
let mut init = urlpattern::UrlPatternInit::parse_constructor_string::<regex::Regex>(s, None)?;
if init.search.as_ref().map(|p| p.is_empty()).unwrap_or(true) {
init.search.replace("*".to_string());
}
if init.hash.as_ref().map(|p| p.is_empty()).unwrap_or(true) {
init.hash.replace("*".to_string());
}
if init
.pathname
.as_ref()
.map(|p| p.is_empty() || p == "/")
.unwrap_or(true)
{
init.pathname.replace("*".to_string());
}
UrlPattern::parse(init)
}
@@ -100,6 +114,7 @@ mod tests {
let deny = Arc::new("http://localhost:8080/*".parse().unwrap());
let scope = super::Scope::new(vec![&allow], vec![&deny]);
assert!(!scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080?framework=tauri".parse().unwrap()));
}
#[test]
@@ -109,9 +124,10 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/path/to/asset.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/path/list?limit=50".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/path/to/asset.png".parse().unwrap()));
assert!(!scope.is_allowed(&"https://localhost:8080".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8081".parse().unwrap()));
assert!(!scope.is_allowed(&"http://local:8080".parse().unwrap()));
@@ -124,6 +140,7 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file.png?q=1".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080".parse().unwrap()));
assert!(!scope.is_allowed(&"http://localhost:8080/file".parse().unwrap()));
@@ -136,7 +153,13 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://localhost:8080/file.png".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/file.png#head".parse().unwrap()));
assert!(scope.is_allowed(&"http://localhost:8080/assets/file.png".parse().unwrap()));
assert!(scope.is_allowed(
&"http://localhost:8080/assets/file.png?width=100&height=200"
.parse()
.unwrap()
));
assert!(!scope.is_allowed(&"http://localhost:8080/file.jpeg".parse().unwrap()));
}
@@ -147,7 +170,15 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://something.else".parse().unwrap()));
assert!(!scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else#tauri".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else?rel=tauri".parse().unwrap()));
assert!(scope.is_allowed(
&"http://something.else/path/to/file.mp4?start=500"
.parse()
.unwrap()
));
assert!(!scope.is_allowed(&"https://something.else".parse().unwrap()));
let entry = Arc::new("http://*/*".parse().unwrap());
@@ -163,10 +194,11 @@ mod tests {
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"http://something.else".parse().unwrap()));
assert!(!scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"http://something.else/path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"file://path".parse().unwrap()));
assert!(!scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else?x=1#frag".parse().unwrap()));
let entry = Arc::new("*://*/*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
@@ -176,4 +208,24 @@ mod tests {
assert!(scope.is_allowed(&"file://path/to/file".parse().unwrap()));
assert!(scope.is_allowed(&"https://something.else".parse().unwrap()));
}
#[test]
fn validate_query() {
let entry = Arc::new("https://tauri.app/path?x=*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"https://tauri.app/path?x=5".parse().unwrap()));
assert!(!scope.is_allowed(&"https://tauri.app/path?y=5".parse().unwrap()));
}
#[test]
fn validate_hash() {
let entry = Arc::new("https://tauri.app/path#frame*".parse().unwrap());
let scope = super::Scope::new(vec![&entry], Vec::new());
assert!(scope.is_allowed(&"https://tauri.app/path#frame".parse().unwrap()));
assert!(!scope.is_allowed(&"https://tauri.app/path#work".parse().unwrap()));
}
}