diff --git a/swift/common/middleware/domain_remap.py b/swift/common/middleware/domain_remap.py index 6d0f423e36..081aa67b9a 100644 --- a/swift/common/middleware/domain_remap.py +++ b/swift/common/middleware/domain_remap.py @@ -28,9 +28,23 @@ class DomainRemapMiddleware(object): account.storageurl/path_root/container/object gets translated to account.storageurl/path_root/account/container/object - Browsers can convert a url to lowercase, so check that reseller_prefix - is the correct case and fix if necessary - + Browsers can convert a host header to lowercase, so check that reseller + prefix on the account is the correct case. This is done by comparing the + items in the reseller_prefixes config option to the found prefix. If they + match except for case, the item from reseller_prefixes will be used + instead of the found reseller prefix. The reseller_prefixes list is + exclusive. If defined, any request with an account prefix not in that list + will be ignored by this middleware. reseller_prefixes defaults to 'AUTH'. + + Note that this middleware requires that container names and account names + (except as described above) must be DNS-compatible. This means that the + account name created in the system and the containers created by users + cannot exceede 63 characters or have UTF-8 characters. These are + restrictions over and above what swift requires and are not explicitly + checked. Simply put, the this middleware will do a best-effort attempt to + derive account and container names from elements in the domain name and + put those derived values into the URL path (leaving the Host header + unchanged). """ def __init__(self, app, conf): @@ -39,7 +53,11 @@ class DomainRemapMiddleware(object): if self.storage_domain and self.storage_domain[0] != '.': self.storage_domain = '.' + self.storage_domain self.path_root = conf.get('path_root', 'v1').strip('/') - self.reseller_prefixes = conf.get('reseller_prefixes','AUTH').split(','); + prefixes = conf.get('reseller_prefixes', 'AUTH') + self.reseller_prefixes = [x.strip() for x in prefixes.split(',') + if x.strip()] + self.reseller_prefixes_lower = [x.lower() + for x in self.reseller_prefixes] def __call__(self, env, start_response): if not self.storage_domain: @@ -63,12 +81,16 @@ class DomainRemapMiddleware(object): return resp(env, start_response) if '_' not in account and '-' in account: account = account.replace('-', '_', 1) - for reseller_prefix in self.reseller_prefixes: - if account.lower().startswith(reseller_prefix.lower()): - if not account.startswith(reseller_prefix): - account_suffix = account[len(reseller_prefix):] - account = reseller_prefix + account_suffix - break + account_reseller_prefix = account.split('_', 1)[0].lower() + if account_reseller_prefix not in self.reseller_prefixes_lower: + # account prefix is not in config list. bail. + return self.app(env, start_response) + prefix_index = self.reseller_prefixes_lower.index( + account_reseller_prefix) + real_prefix = self.reseller_prefixes[prefix_index] + if not account.startswith(real_prefix): + account_suffix = account[len(real_prefix):] + account = real_prefix + account_suffix path = env['PATH_INFO'].strip('/') new_path_parts = ['', self.path_root, account] if container: diff --git a/test/unit/common/middleware/test_domain_remap.py b/test/unit/common/middleware/test_domain_remap.py index fe079cbeda..b7b000a053 100644 --- a/test/unit/common/middleware/test_domain_remap.py +++ b/test/unit/common/middleware/test_domain_remap.py @@ -47,49 +47,49 @@ class TestDomainRemap(unittest.TestCase): def test_domain_remap_account(self): req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'a.example.com'}) + headers={'Host': 'AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a') + self.assertEquals(resp, '/v1/AUTH_a') req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'a-uuid.example.com'}) + headers={'Host': 'AUTH-uuid.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a_uuid') + self.assertEquals(resp, '/v1/AUTH_uuid') def test_domain_remap_account_container(self): req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'c.a.example.com'}) + headers={'Host': 'c.AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a/c') + self.assertEquals(resp, '/v1/AUTH_a/c') def test_domain_remap_extra_subdomains(self): req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'x.y.c.a.example.com'}) + headers={'Host': 'x.y.c.AUTH_a.example.com'}) resp = self.app(req.environ, start_response) self.assertEquals(resp, ['Bad domain in host header']) def test_domain_remap_account_with_path_root(self): req = Request.blank('/v1', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'a.example.com'}) + headers={'Host': 'AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a') + self.assertEquals(resp, '/v1/AUTH_a') def test_domain_remap_account_container_with_path_root(self): req = Request.blank('/v1', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'c.a.example.com'}) + headers={'Host': 'c.AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a/c') + self.assertEquals(resp, '/v1/AUTH_a/c') def test_domain_remap_account_container_with_path(self): req = Request.blank('/obj', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'c.a.example.com'}) + headers={'Host': 'c.AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a/c/obj') + self.assertEquals(resp, '/v1/AUTH_a/c/obj') def test_domain_remap_account_container_with_path_root_and_path(self): req = Request.blank('/v1/obj', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'c.a.example.com'}) + headers={'Host': 'c.AUTH_a.example.com'}) resp = self.app(req.environ, start_response) - self.assertEquals(resp, '/v1/a/c/obj') + self.assertEquals(resp, '/v1/AUTH_a/c/obj') def test_domain_remap_account_matching_ending_not_domain(self): req = Request.blank('/dontchange', environ={'REQUEST_METHOD': 'GET'}, @@ -101,7 +101,23 @@ class TestDomainRemap(unittest.TestCase): self.app = domain_remap.DomainRemapMiddleware(FakeApp(), {'storage_domain': ''}) req = Request.blank('/test', environ={'REQUEST_METHOD': 'GET'}, - headers={'Host': 'c.a.example.com'}) + headers={'Host': 'c.AUTH_a.example.com'}) + resp = self.app(req.environ, start_response) + self.assertEquals(resp, '/test') + + def test_domain_remap_configured_with_prefixes(self): + conf = {'reseller_prefixes': 'PREFIX'} + self.app = domain_remap.DomainRemapMiddleware(FakeApp(), conf) + req = Request.blank('/test', environ={'REQUEST_METHOD': 'GET'}, + headers={'Host': 'c.prefix_uuid.example.com'}) + resp = self.app(req.environ, start_response) + self.assertEquals(resp, '/v1/PREFIX_uuid/c/test') + + def test_domain_remap_configured_with_bad_prefixes(self): + conf = {'reseller_prefixes': 'UNKNOWN'} + self.app = domain_remap.DomainRemapMiddleware(FakeApp(), conf) + req = Request.blank('/test', environ={'REQUEST_METHOD': 'GET'}, + headers={'Host': 'c.prefix_uuid.example.com'}) resp = self.app(req.environ, start_response) self.assertEquals(resp, '/test')