dip/vendor/github.com/labstack/echo/v4/middleware/slash.go

130 lines
3.3 KiB
Go
Raw Normal View History

2024-04-28 13:08:41 +02:00
// SPDX-License-Identifier: MIT
// SPDX-FileCopyrightText: © 2015 LabStack LLC and Echo contributors
2020-02-11 19:33:19 +01:00
package middleware
import (
"strings"
"github.com/labstack/echo/v4"
)
2024-04-28 13:08:41 +02:00
// TrailingSlashConfig defines the config for TrailingSlash middleware.
type TrailingSlashConfig struct {
// Skipper defines a function to skip middleware.
Skipper Skipper
2020-02-11 19:33:19 +01:00
2024-04-28 13:08:41 +02:00
// Status code to be used when redirecting the request.
// Optional, but when provided the request is redirected using this code.
RedirectCode int `yaml:"redirect_code"`
}
2020-02-11 19:33:19 +01:00
2024-04-28 13:08:41 +02:00
// DefaultTrailingSlashConfig is the default TrailingSlash middleware config.
var DefaultTrailingSlashConfig = TrailingSlashConfig{
Skipper: DefaultSkipper,
}
2020-02-11 19:33:19 +01:00
// AddTrailingSlash returns a root level (before router) middleware which adds a
// trailing slash to the request `URL#Path`.
//
// Usage `Echo#Pre(AddTrailingSlash())`
func AddTrailingSlash() echo.MiddlewareFunc {
return AddTrailingSlashWithConfig(DefaultTrailingSlashConfig)
}
2023-01-14 20:50:39 +01:00
// AddTrailingSlashWithConfig returns an AddTrailingSlash middleware with config.
2020-02-11 19:33:19 +01:00
// See `AddTrailingSlash()`.
func AddTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc {
// Defaults
if config.Skipper == nil {
config.Skipper = DefaultTrailingSlashConfig.Skipper
}
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if config.Skipper(c) {
return next(c)
}
req := c.Request()
url := req.URL
path := url.Path
qs := c.QueryString()
if !strings.HasSuffix(path, "/") {
path += "/"
uri := path
if qs != "" {
uri += "?" + qs
}
// Redirect
if config.RedirectCode != 0 {
2021-11-12 12:28:10 +01:00
return c.Redirect(config.RedirectCode, sanitizeURI(uri))
2020-02-11 19:33:19 +01:00
}
// Forward
req.RequestURI = uri
url.Path = path
}
return next(c)
}
}
}
// RemoveTrailingSlash returns a root level (before router) middleware which removes
// a trailing slash from the request URI.
//
// Usage `Echo#Pre(RemoveTrailingSlash())`
func RemoveTrailingSlash() echo.MiddlewareFunc {
return RemoveTrailingSlashWithConfig(TrailingSlashConfig{})
}
// RemoveTrailingSlashWithConfig returns a RemoveTrailingSlash middleware with config.
// See `RemoveTrailingSlash()`.
func RemoveTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc {
// Defaults
if config.Skipper == nil {
config.Skipper = DefaultTrailingSlashConfig.Skipper
}
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
if config.Skipper(c) {
return next(c)
}
req := c.Request()
url := req.URL
path := url.Path
qs := c.QueryString()
l := len(path) - 1
if l > 0 && strings.HasSuffix(path, "/") {
path = path[:l]
uri := path
if qs != "" {
uri += "?" + qs
}
// Redirect
if config.RedirectCode != 0 {
2021-11-12 12:28:10 +01:00
return c.Redirect(config.RedirectCode, sanitizeURI(uri))
2020-02-11 19:33:19 +01:00
}
// Forward
req.RequestURI = uri
url.Path = path
}
return next(c)
}
}
}
2021-11-12 12:28:10 +01:00
func sanitizeURI(uri string) string {
// double slash `\\`, `//` or even `\/` is absolute uri for browsers and by redirecting request to that uri
// we are vulnerable to open redirect attack. so replace all slashes from the beginning with single slash
if len(uri) > 1 && (uri[0] == '\\' || uri[0] == '/') && (uri[1] == '\\' || uri[1] == '/') {
uri = "/" + strings.TrimLeft(uri, `/\`)
}
return uri
}