First commit

middleware/rewrite/condition.go

@@ -0,0 +1,130 @@
+package rewrite
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/miekg/coredns/middleware"
+	"github.com/miekg/dns"
+)
+
+// Operators
+const (
+	Is         = "is"
+	Not        = "not"
+	Has        = "has"
+	NotHas     = "not_has"
+	StartsWith = "starts_with"
+	EndsWith   = "ends_with"
+	Match      = "match"
+	NotMatch   = "not_match"
+)
+
+func operatorError(operator string) error {
+	return fmt.Errorf("Invalid operator %v", operator)
+}
+
+func newReplacer(r *dns.Msg) middleware.Replacer {
+	return middleware.NewReplacer(r, nil, "")
+}
+
+// condition is a rewrite condition.
+type condition func(string, string) bool
+
+var conditions = map[string]condition{
+	Is:         isFunc,
+	Not:        notFunc,
+	Has:        hasFunc,
+	NotHas:     notHasFunc,
+	StartsWith: startsWithFunc,
+	EndsWith:   endsWithFunc,
+	Match:      matchFunc,
+	NotMatch:   notMatchFunc,
+}
+
+// isFunc is condition for Is operator.
+// It checks for equality.
+func isFunc(a, b string) bool {
+	return a == b
+}
+
+// notFunc is condition for Not operator.
+// It checks for inequality.
+func notFunc(a, b string) bool {
+	return a != b
+}
+
+// hasFunc is condition for Has operator.
+// It checks if b is a substring of a.
+func hasFunc(a, b string) bool {
+	return strings.Contains(a, b)
+}
+
+// notHasFunc is condition for NotHas operator.
+// It checks if b is not a substring of a.
+func notHasFunc(a, b string) bool {
+	return !strings.Contains(a, b)
+}
+
+// startsWithFunc is condition for StartsWith operator.
+// It checks if b is a prefix of a.
+func startsWithFunc(a, b string) bool {
+	return strings.HasPrefix(a, b)
+}
+
+// endsWithFunc is condition for EndsWith operator.
+// It checks if b is a suffix of a.
+func endsWithFunc(a, b string) bool {
+	return strings.HasSuffix(a, b)
+}
+
+// matchFunc is condition for Match operator.
+// It does regexp matching of a against pattern in b
+// and returns if they match.
+func matchFunc(a, b string) bool {
+	matched, _ := regexp.MatchString(b, a)
+	return matched
+}
+
+// notMatchFunc is condition for NotMatch operator.
+// It does regexp matching of a against pattern in b
+// and returns if they do not match.
+func notMatchFunc(a, b string) bool {
+	matched, _ := regexp.MatchString(b, a)
+	return !matched
+}
+
+// If is statement for a rewrite condition.
+type If struct {
+	A        string
+	Operator string
+	B        string
+}
+
+// True returns true if the condition is true and false otherwise.
+// If r is not nil, it replaces placeholders before comparison.
+func (i If) True(r *dns.Msg) bool {
+	if c, ok := conditions[i.Operator]; ok {
+		a, b := i.A, i.B
+		if r != nil {
+			replacer := newReplacer(r)
+			a = replacer.Replace(i.A)
+			b = replacer.Replace(i.B)
+		}
+		return c(a, b)
+	}
+	return false
+}
+
+// NewIf creates a new If condition.
+func NewIf(a, operator, b string) (If, error) {
+	if _, ok := conditions[operator]; !ok {
+		return If{}, operatorError(operator)
+	}
+	return If{
+		A:        a,
+		Operator: operator,
+		B:        b,
+	}, nil
+}

middleware/rewrite/condition_test.go

@@ -0,0 +1,106 @@
+package rewrite
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+)
+
+func TestConditions(t *testing.T) {
+	tests := []struct {
+		condition string
+		isTrue    bool
+	}{
+		{"a is b", false},
+		{"a is a", true},
+		{"a not b", true},
+		{"a not a", false},
+		{"a has a", true},
+		{"a has b", false},
+		{"ba has b", true},
+		{"bab has b", true},
+		{"bab has bb", false},
+		{"a not_has a", false},
+		{"a not_has b", true},
+		{"ba not_has b", false},
+		{"bab not_has b", false},
+		{"bab not_has bb", true},
+		{"bab starts_with bb", false},
+		{"bab starts_with ba", true},
+		{"bab starts_with bab", true},
+		{"bab ends_with bb", false},
+		{"bab ends_with bab", true},
+		{"bab ends_with ab", true},
+		{"a match *", false},
+		{"a match a", true},
+		{"a match .*", true},
+		{"a match a.*", true},
+		{"a match b.*", false},
+		{"ba match b.*", true},
+		{"ba match b[a-z]", true},
+		{"b0 match b[a-z]", false},
+		{"b0a match b[a-z]", false},
+		{"b0a match b[a-z]+", false},
+		{"b0a match b[a-z0-9]+", true},
+		{"a not_match *", true},
+		{"a not_match a", false},
+		{"a not_match .*", false},
+		{"a not_match a.*", false},
+		{"a not_match b.*", true},
+		{"ba not_match b.*", false},
+		{"ba not_match b[a-z]", false},
+		{"b0 not_match b[a-z]", true},
+		{"b0a not_match b[a-z]", true},
+		{"b0a not_match b[a-z]+", true},
+		{"b0a not_match b[a-z0-9]+", false},
+	}
+
+	for i, test := range tests {
+		str := strings.Fields(test.condition)
+		ifCond, err := NewIf(str[0], str[1], str[2])
+		if err != nil {
+			t.Error(err)
+		}
+		isTrue := ifCond.True(nil)
+		if isTrue != test.isTrue {
+			t.Errorf("Test %v: expected %v found %v", i, test.isTrue, isTrue)
+		}
+	}
+
+	invalidOperators := []string{"ss", "and", "if"}
+	for _, op := range invalidOperators {
+		_, err := NewIf("a", op, "b")
+		if err == nil {
+			t.Errorf("Invalid operator %v used, expected error.", op)
+		}
+	}
+
+	replaceTests := []struct {
+		url       string
+		condition string
+		isTrue    bool
+	}{
+		{"/home", "{uri} match /home", true},
+		{"/hom", "{uri} match /home", false},
+		{"/hom", "{uri} starts_with /home", false},
+		{"/hom", "{uri} starts_with /h", true},
+		{"/home/.hiddenfile", `{uri} match \/\.(.*)`, true},
+		{"/home/.hiddendir/afile", `{uri} match \/\.(.*)`, true},
+	}
+
+	for i, test := range replaceTests {
+		r, err := http.NewRequest("GET", test.url, nil)
+		if err != nil {
+			t.Error(err)
+		}
+		str := strings.Fields(test.condition)
+		ifCond, err := NewIf(str[0], str[1], str[2])
+		if err != nil {
+			t.Error(err)
+		}
+		isTrue := ifCond.True(r)
+		if isTrue != test.isTrue {
+			t.Errorf("Test %v: expected %v found %v", i, test.isTrue, isTrue)
+		}
+	}
+}

middleware/rewrite/reverter.go

@@ -0,0 +1,38 @@
+package rewrite
+
+import "github.com/miekg/dns"
+
+// ResponseRevert reverses the operations done on the question section of a packet.
+// This is need because the client will otherwise disregards the response, i.e.
+// dig will complain with ';; Question section mismatch: got miek.nl/HINFO/IN'
+type ResponseReverter struct {
+	dns.ResponseWriter
+	original dns.Question
+}
+
+func NewResponseReverter(w dns.ResponseWriter, r *dns.Msg) *ResponseReverter {
+	return &ResponseReverter{
+		ResponseWriter: w,
+		original:       r.Question[0],
+	}
+}
+
+// WriteMsg records the status code and calls the
+// underlying ResponseWriter's WriteMsg method.
+func (r *ResponseReverter) WriteMsg(res *dns.Msg) error {
+	res.Question[0] = r.original
+	return r.ResponseWriter.WriteMsg(res)
+}
+
+// Write is a wrapper that records the size of the message that gets written.
+func (r *ResponseReverter) Write(buf []byte) (int, error) {
+	n, err := r.ResponseWriter.Write(buf)
+	return n, err
+}
+
+// Hijack implements dns.Hijacker. It simply wraps the underlying
+// ResponseWriter's Hijack method if there is one, or returns an error.
+func (r *ResponseReverter) Hijack() {
+	r.ResponseWriter.Hijack()
+	return
+}

middleware/rewrite/rewrite.go

@@ -0,0 +1,223 @@
+// Package rewrite is middleware for rewriting requests internally to
+// something different.
+package rewrite
+
+import (
+	"github.com/miekg/coredns/middleware"
+	"github.com/miekg/dns"
+)
+
+// Result is the result of a rewrite
+type Result int
+
+const (
+	// RewriteIgnored is returned when rewrite is not done on request.
+	RewriteIgnored Result = iota
+	// RewriteDone is returned when rewrite is done on request.
+	RewriteDone
+	// RewriteStatus is returned when rewrite is not needed and status code should be set
+	// for the request.
+	RewriteStatus
+)
+
+// Rewrite is middleware to rewrite requests internally before being handled.
+type Rewrite struct {
+	Next  middleware.Handler
+	Rules []Rule
+}
+
+// ServeHTTP implements the middleware.Handler interface.
+func (rw Rewrite) ServeDNS(w dns.ResponseWriter, r *dns.Msg) (int, error) {
+	wr := NewResponseReverter(w, r)
+	for _, rule := range rw.Rules {
+		switch result := rule.Rewrite(r); result {
+		case RewriteDone:
+			return rw.Next.ServeDNS(wr, r)
+		case RewriteIgnored:
+			break
+		case RewriteStatus:
+			// only valid for complex rules.
+			// if cRule, ok := rule.(*ComplexRule); ok && cRule.Status != 0 {
+			// return cRule.Status, nil
+			// }
+		}
+	}
+	return rw.Next.ServeDNS(w, r)
+}
+
+// Rule describes an internal location rewrite rule.
+type Rule interface {
+	// Rewrite rewrites the internal location of the current request.
+	Rewrite(*dns.Msg) Result
+}
+
+// SimpleRule is a simple rewrite rule. If the From and To look like a type
+// the type of the request is rewritten, otherwise the name is.
+// Note: TSIG signed requests will be invalid.
+type SimpleRule struct {
+	From, To         string
+	fromType, toType uint16
+}
+
+// NewSimpleRule creates a new Simple Rule
+func NewSimpleRule(from, to string) SimpleRule {
+	tpf := dns.StringToType[from]
+	tpt := dns.StringToType[to]
+
+	return SimpleRule{From: from, To: to, fromType: tpf, toType: tpt}
+}
+
+// Rewrite rewrites the the current request.
+func (s SimpleRule) Rewrite(r *dns.Msg) Result {
+	if s.fromType > 0 && s.toType > 0 {
+		if r.Question[0].Qtype == s.fromType {
+			r.Question[0].Qtype = s.toType
+			return RewriteDone
+		}
+
+	}
+
+	// if the question name matches the full name, or subset rewrite that
+	// s.Question[0].Name
+	return RewriteIgnored
+}
+
+/*
+// ComplexRule is a rewrite rule based on a regular expression
+type ComplexRule struct {
+	// Path base. Request to this path and subpaths will be rewritten
+	Base string
+
+	// Path to rewrite to
+	To string
+
+	// If set, neither performs rewrite nor proceeds
+	// with request. Only returns code.
+	Status int
+
+	// Extensions to filter by
+	Exts []string
+
+	// Rewrite conditions
+	Ifs []If
+
+	*regexp.Regexp
+}
+
+// NewComplexRule creates a new RegexpRule. It returns an error if regexp
+// pattern (pattern) or extensions (ext) are invalid.
+func NewComplexRule(base, pattern, to string, status int, ext []string, ifs []If) (*ComplexRule, error) {
+	// validate regexp if present
+	var r *regexp.Regexp
+	if pattern != "" {
+		var err error
+		r, err = regexp.Compile(pattern)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// validate extensions if present
+	for _, v := range ext {
+		if len(v) < 2 || (len(v) < 3 && v[0] == '!') {
+			// check if no extension is specified
+			if v != "/" && v != "!/" {
+				return nil, fmt.Errorf("invalid extension %v", v)
+			}
+		}
+	}
+
+	return &ComplexRule{
+		Base:   base,
+		To:     to,
+		Status: status,
+		Exts:   ext,
+		Ifs:    ifs,
+		Regexp: r,
+	}, nil
+}
+
+// Rewrite rewrites the internal location of the current request.
+func (r *ComplexRule) Rewrite(req *dns.Msg) (re Result) {
+	rPath := req.URL.Path
+	replacer := newReplacer(req)
+
+	// validate base
+	if !middleware.Path(rPath).Matches(r.Base) {
+		return
+	}
+
+	// validate extensions
+	if !r.matchExt(rPath) {
+		return
+	}
+
+	// validate regexp if present
+	if r.Regexp != nil {
+		// include trailing slash in regexp if present
+		start := len(r.Base)
+		if strings.HasSuffix(r.Base, "/") {
+			start--
+		}
+
+		matches := r.FindStringSubmatch(rPath[start:])
+		switch len(matches) {
+		case 0:
+			// no match
+			return
+		default:
+			// set regexp match variables {1}, {2} ...
+			for i := 1; i < len(matches); i++ {
+				replacer.Set(fmt.Sprint(i), matches[i])
+			}
+		}
+	}
+
+	// validate rewrite conditions
+	for _, i := range r.Ifs {
+		if !i.True(req) {
+			return
+		}
+	}
+
+	// if status is present, stop rewrite and return it.
+	if r.Status != 0 {
+		return RewriteStatus
+	}
+
+	// attempt rewrite
+	return To(fs, req, r.To, replacer)
+}
+
+// matchExt matches rPath against registered file extensions.
+// Returns true if a match is found and false otherwise.
+func (r *ComplexRule) matchExt(rPath string) bool {
+	f := filepath.Base(rPath)
+	ext := path.Ext(f)
+	if ext == "" {
+		ext = "/"
+	}
+
+	mustUse := false
+	for _, v := range r.Exts {
+		use := true
+		if v[0] == '!' {
+			use = false
+			v = v[1:]
+		}
+
+		if use {
+			mustUse = true
+		}
+
+		if ext == v {
+			return use
+		}
+	}
+
+	if mustUse {
+		return false
+	}
+	return true
+}
+*/

middleware/rewrite/rewrite_test.go

@@ -0,0 +1,159 @@
+package rewrite
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/miekg/coredns/middleware"
+)
+
+func TestRewrite(t *testing.T) {
+	rw := Rewrite{
+		Next: middleware.HandlerFunc(urlPrinter),
+		Rules: []Rule{
+			NewSimpleRule("/from", "/to"),
+			NewSimpleRule("/a", "/b"),
+			NewSimpleRule("/b", "/b{uri}"),
+		},
+		FileSys: http.Dir("."),
+	}
+
+	regexps := [][]string{
+		{"/reg/", ".*", "/to", ""},
+		{"/r/", "[a-z]+", "/toaz", "!.html|"},
+		{"/url/", "a([a-z0-9]*)s([A-Z]{2})", "/to/{path}", ""},
+		{"/ab/", "ab", "/ab?{query}", ".txt|"},
+		{"/ab/", "ab", "/ab?type=html&{query}", ".html|"},
+		{"/abc/", "ab", "/abc/{file}", ".html|"},
+		{"/abcd/", "ab", "/a/{dir}/{file}", ".html|"},
+		{"/abcde/", "ab", "/a#{fragment}", ".html|"},
+		{"/ab/", `.*\.jpg`, "/ajpg", ""},
+		{"/reggrp", `/ad/([0-9]+)([a-z]*)`, "/a{1}/{2}", ""},
+		{"/reg2grp", `(.*)`, "/{1}", ""},
+		{"/reg3grp", `(.*)/(.*)/(.*)`, "/{1}{2}{3}", ""},
+	}
+
+	for _, regexpRule := range regexps {
+		var ext []string
+		if s := strings.Split(regexpRule[3], "|"); len(s) > 1 {
+			ext = s[:len(s)-1]
+		}
+		rule, err := NewComplexRule(regexpRule[0], regexpRule[1], regexpRule[2], 0, ext, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		rw.Rules = append(rw.Rules, rule)
+	}
+
+	tests := []struct {
+		from       string
+		expectedTo string
+	}{
+		{"/from", "/to"},
+		{"/a", "/b"},
+		{"/b", "/b/b"},
+		{"/aa", "/aa"},
+		{"/", "/"},
+		{"/a?foo=bar", "/b?foo=bar"},
+		{"/asdf?foo=bar", "/asdf?foo=bar"},
+		{"/foo#bar", "/foo#bar"},
+		{"/a#foo", "/b#foo"},
+		{"/reg/foo", "/to"},
+		{"/re", "/re"},
+		{"/r/", "/r/"},
+		{"/r/123", "/r/123"},
+		{"/r/a123", "/toaz"},
+		{"/r/abcz", "/toaz"},
+		{"/r/z", "/toaz"},
+		{"/r/z.html", "/r/z.html"},
+		{"/r/z.js", "/toaz"},
+		{"/url/asAB", "/to/url/asAB"},
+		{"/url/aBsAB", "/url/aBsAB"},
+		{"/url/a00sAB", "/to/url/a00sAB"},
+		{"/url/a0z0sAB", "/to/url/a0z0sAB"},
+		{"/ab/aa", "/ab/aa"},
+		{"/ab/ab", "/ab/ab"},
+		{"/ab/ab.txt", "/ab"},
+		{"/ab/ab.txt?name=name", "/ab?name=name"},
+		{"/ab/ab.html?name=name", "/ab?type=html&name=name"},
+		{"/abc/ab.html", "/abc/ab.html"},
+		{"/abcd/abcd.html", "/a/abcd/abcd.html"},
+		{"/abcde/abcde.html", "/a"},
+		{"/abcde/abcde.html#1234", "/a#1234"},
+		{"/ab/ab.jpg", "/ajpg"},
+		{"/reggrp/ad/12", "/a12"},
+		{"/reggrp/ad/124a", "/a124/a"},
+		{"/reggrp/ad/124abc", "/a124/abc"},
+		{"/reg2grp/ad/124abc", "/ad/124abc"},
+		{"/reg3grp/ad/aa/66", "/adaa66"},
+		{"/reg3grp/ad612/n1n/ab", "/ad612n1nab"},
+	}
+
+	for i, test := range tests {
+		req, err := http.NewRequest("GET", test.from, nil)
+		if err != nil {
+			t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
+		}
+
+		rec := httptest.NewRecorder()
+		rw.ServeHTTP(rec, req)
+
+		if rec.Body.String() != test.expectedTo {
+			t.Errorf("Test %d: Expected URL to be '%s' but was '%s'",
+				i, test.expectedTo, rec.Body.String())
+		}
+	}
+
+	statusTests := []struct {
+		status         int
+		base           string
+		to             string
+		regexp         string
+		statusExpected bool
+	}{
+		{400, "/status", "", "", true},
+		{400, "/ignore", "", "", false},
+		{400, "/", "", "^/ignore", false},
+		{400, "/", "", "(.*)", true},
+		{400, "/status", "", "", true},
+	}
+
+	for i, s := range statusTests {
+		urlPath := fmt.Sprintf("/status%d", i)
+		rule, err := NewComplexRule(s.base, s.regexp, s.to, s.status, nil, nil)
+		if err != nil {
+			t.Fatalf("Test %d: No error expected for rule but found %v", i, err)
+		}
+		rw.Rules = []Rule{rule}
+		req, err := http.NewRequest("GET", urlPath, nil)
+		if err != nil {
+			t.Fatalf("Test %d: Could not create HTTP request: %v", i, err)
+		}
+
+		rec := httptest.NewRecorder()
+		code, err := rw.ServeHTTP(rec, req)
+		if err != nil {
+			t.Fatalf("Test %d: No error expected for handler but found %v", i, err)
+		}
+		if s.statusExpected {
+			if rec.Body.String() != "" {
+				t.Errorf("Test %d: Expected empty body but found %s", i, rec.Body.String())
+			}
+			if code != s.status {
+				t.Errorf("Test %d: Expected status code %d found %d", i, s.status, code)
+			}
+		} else {
+			if code != 0 {
+				t.Errorf("Test %d: Expected no status code found %d", i, code)
+			}
+		}
+	}
+}
+
+func urlPrinter(w http.ResponseWriter, r *http.Request) (int, error) {
+	fmt.Fprintf(w, r.URL.String())
+	return 0, nil
+}

middleware/rewrite/testdata/testfile

@@ -0,0 +1 @@
+empty