Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement cookie forwarding for api proxy #232

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Implement cookie forwarding for api proxy #232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
01797d0
fix typo
Dec 17, 2013
082450e
replace comma with semicolon
Dec 17, 2013
1c9ca86
implement cookie forwarding
Dec 17, 2013
dda05f1
remove comment, stating the obvious
Dec 17, 2013
9b25af7
disable global cookie jar to prevent cookie sharing between different…
Dec 18, 2013
00c927e
encode the whole set-cookie header retrieved from the api
Dec 18, 2013
7e3db19
ensure headers are present on the response object
Dec 19, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions server/data_adapter/rest_adapter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,8 @@ RestAdapter.prototype.apiDefaults = function(api, req) {
delete api.body;
}

// disable global cookie jar
api.jar = false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will no longer be necessary when #248 is merged

return api;
};

Expand Down
46 changes: 45 additions & 1 deletion server/middleware/apiProxy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,49 @@ var _ = require('underscore');
*/
var separator = '/-/';

function getApiCookiePrefix(apiName) {
return (apiName || 'default') + separator;
}

function extractCookieName(cookieString) {
return cookieString.split('=').shift();
}

function extractCookieValue(cookieString) {
return cookieString.split('=').pop();
}

function extractCookiesForApi(req, apiName) {
var rawCookieString = req.get('cookie') || '',
apiCookies = rawCookieString.split('; '),
apiCookiePrefix = getApiCookiePrefix(apiName);

return apiCookies
.filter(function (cookie) {
var cookieName = extractCookieName(cookie);
return cookieName.indexOf(apiCookiePrefix) === 0;
})
.map(function (cookie) {
return decodeURIComponent(extractCookieValue(cookie));
});
};

function encodeApiCookies(responseFromApi, apiName) {
var apiCookiePrefix = getApiCookiePrefix(apiName),
setCookieHeaders = [];

if (responseFromApi.headers && responseFromApi.headers['set-cookie']) {
setCookieHeaders = responseFromApi.headers['set-cookie'];
}

return setCookieHeaders.map(function (setCookieHeader) {
var cookieName = apiCookiePrefix + extractCookieName(setCookieHeader),
cookieValue = encodeURIComponent(setCookieHeader);

return cookieName + '=' + cookieValue;
});
}

/**
* Middleware handler for intercepting API routes.
*/
Expand All @@ -20,14 +63,15 @@ function apiProxy(dataAdapter) {

api.path = apiProxy.getApiPath(req.path);
api.api = apiProxy.getApiName(req.path);
api.headers = {cookie: extractCookiesForApi(req, api.api)};

dataAdapter.request(req, api, {
convertErrorCode: false
}, function(err, response, body) {
if (err) return next(err);

// Pass through statusCode.
res.status(response.statusCode);
res.setHeader('set-cookie', encodeApiCookies(response, api.api));
res.json(body);
});
};
Expand Down
75 changes: 67 additions & 8 deletions test/server/middleware/apiProxy.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,91 @@ describe('apiProxy', function() {

describe('middleware', function () {

var dataAdater, proxy, responseToClient;
var dataAdapter, proxy, responseToClient, req;

beforeEach(function () {
dataAdater = { request: sinon.stub() },
proxy = apiProxy(dataAdater),
responseToClient = { status: sinon.spy(), json: sinon.spy() };
dataAdapter = { request: sinon.stub() };
proxy = apiProxy(dataAdapter);
responseToClient = { status: sinon.spy(), json: sinon.spy(), setHeader: sinon.spy() };
req = { path: '/', get: sinon.stub() };
});

it('should pass through the status code', function () {
dataAdater.request.yields(null, {status: 200}, {});
dataAdapter.request.yields(null, {status: 200, headers: {}}, {});

proxy({ path: '/' }, responseToClient);
proxy(req, responseToClient);

responseToClient.status.should.have.been.calledOnce;
});

it('should pass through the body', function () {
var body = { what: 'ever' };
dataAdater.request.yields(null, {status: 200}, body);
dataAdapter.request.yields(null, {status: 200, headers: {}}, body);

proxy({ path: '/' }, responseToClient);
proxy(req, responseToClient);

responseToClient.json.should.have.been.calledOnce;
responseToClient.json.should.have.been.calledWith(body);
});

describe('cookie forwarding', function () {
it('should pass through prefixed cookies for the default api', function () {
var cookiesReturnedByApi = [
'FooBar=SomeCookieData; path=/',
'BarFoo=OtherCookieData; path=/'
],
expecetedEncodedCookies = [
'default/-/FooBar=' + encodeURIComponent('FooBar=SomeCookieData; path=/'),
'default/-/BarFoo=' + encodeURIComponent('BarFoo=OtherCookieData; path=/')
];


dataAdapter.request.yields(null, { headers: { 'set-cookie': cookiesReturnedByApi } });
proxy(req, responseToClient);

responseToClient.setHeader.should.have.been.calledOnce;
responseToClient.setHeader.should.have.been.calledWith('set-cookie', expecetedEncodedCookies)
});

it('should pass through prefixed cookies', function () {
var cookiesReturnedByApi = [ 'FooBar=SomeCookieData; path=/' ],
expecetedEncodedCookies = [
'apiName/-/FooBar=' + encodeURIComponent('FooBar=SomeCookieData; path=/')
];

dataAdapter.request.yields(null, { headers: { 'set-cookie': cookiesReturnedByApi } });
req.path = '/apiName/-/';
proxy(req, responseToClient);

responseToClient.setHeader.should.have.been.calledOnce;
responseToClient.setHeader.should.have.been.calledWith('set-cookie', expecetedEncodedCookies)
});

it('should pass through the cookies from client to the correct api host', function () {
var encodedClientCookies =
'apiName/-/FooBar=' + encodeURIComponent('FooBar=SomeCookieData; path=/') +
'; ' +
'otherApi/-/BarFoo=' + encodeURIComponent('BarFoo=OtherCookieData; path=/');

req.get.withArgs('cookie').returns(encodedClientCookies);

req.path = '/apiName/-/';
proxy(req, responseToClient);
dataAdapter.request.should.have.been.calledWithMatch(req, {headers: {cookie: ['FooBar=SomeCookieData; path=/']}});

req.path = '/otherApi/-/';
proxy(req, responseToClient);
dataAdapter.request.should.have.been.calledWithMatch(req, {headers: {cookie: ['BarFoo=OtherCookieData; path=/']}});
});

it('should pass through the cookies from client to the default api host', function () {
req.get.withArgs('cookie').returns('default/-/FooBar=' + encodeURIComponent('FooBar=SomeCookieData; path=/'));
proxy(req, responseToClient);

dataAdapter.request.should.have.been.calledOnce;
dataAdapter.request.should.have.been.calledWithMatch(req, {headers: {cookie: ['FooBar=SomeCookieData; path=/']}})
});
});
});

describe('getApiPath', function() {
Expand Down