|
- // Copyright 2015 Google Inc. All rights reserved.
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
-
- // Package pingback provides verification that specific URLs have been seen by
- // the proxy.
- package pingback
-
- import (
- "encoding/json"
- "fmt"
- "net/http"
- "net/url"
-
- "github.com/google/martian"
- "github.com/google/martian/parse"
- "github.com/google/martian/verify"
- )
-
- const (
- errFormat = "request(%s): pingback never occurred"
- )
-
- func init() {
- parse.Register("pingback.Verifier", verifierFromJSON)
- }
-
- // Verifier verifies that the specific URL has been seen.
- type Verifier struct {
- url *url.URL
- err error
- }
-
- type verifierJSON struct {
- Scheme string `json:"scheme"`
- Host string `json:"host"`
- Path string `json:"path"`
- Query string `json:"query"`
- Scope []parse.ModifierType `json:"scope"`
- }
-
- // NewVerifier returns a new pingback verifier.
- func NewVerifier(url *url.URL) verify.RequestVerifier {
- return &Verifier{
- url: url,
- err: fmt.Errorf(errFormat, url.String()),
- }
- }
-
- // ModifyRequest verifies that the request URL matches all parts of url.
- //
- // If the value in url is non-empty, it must be an exact match. If the URL
- // matches the pingback, it is recorded by setting the error to nil. The error
- // will continue to be nil until the verifier has been reset, regardless of
- // subsequent requests matching.
- func (v *Verifier) ModifyRequest(req *http.Request) error {
- // skip requests to API
- ctx := martian.NewContext(req)
- if ctx.IsAPIRequest() {
- return nil
- }
-
- u := req.URL
-
- switch {
- case v.url.Scheme != "" && v.url.Scheme != u.Scheme:
- case v.url.Host != "" && v.url.Host != u.Host:
- case v.url.Path != "" && v.url.Path != u.Path:
- case v.url.RawQuery != "" && v.url.RawQuery != u.RawQuery:
- default:
- v.err = nil
- }
-
- return nil
- }
-
- // VerifyRequests returns an error if pingback never occurred.
- func (v *Verifier) VerifyRequests() error {
- return v.err
- }
-
- // ResetRequestVerifications clears the failed request verification.
- func (v *Verifier) ResetRequestVerifications() {
- v.err = fmt.Errorf(errFormat, v.url.String())
- }
-
- // verifierFromJSON builds a pingback.Verifier from JSON.
- //
- // Example JSON:
- // {
- // "pingback.Verifier": {
- // "scope": ["request"],
- // "scheme": "https",
- // "host": "www.google.com",
- // "path": "/proxy",
- // "query": "testing=true"
- // }
- // }
- func verifierFromJSON(b []byte) (*parse.Result, error) {
- msg := &verifierJSON{}
- if err := json.Unmarshal(b, msg); err != nil {
- return nil, err
- }
-
- v := NewVerifier(&url.URL{
- Scheme: msg.Scheme,
- Host: msg.Host,
- Path: msg.Path,
- RawQuery: msg.Query,
- })
-
- return parse.NewResult(v, msg.Scope)
- }
|