fix trimming to inaccessible root path (#1678)

2025-07-01 16:55:08 +02:00 · 2020-09-15 11:32:31 +01:00
parent 4b4c9d1b93
commit 7f8073233a
2 changed files with 36 additions and 0 deletions
--- a/src/middleware/normalize.rs
+++ b/src/middleware/normalize.rs
@ -79,6 +79,7 @@ where
    }
 }

+#[doc(hidden)]
 pub struct NormalizePathNormalization<S> {
    service: S,
    merge_slash: Regex,
@ -113,6 +114,10 @@ where
        // normalize multiple /'s to one /
        let path = self.merge_slash.replace_all(&path, "/");

+        // Ensure root paths are still resolvable. If resulting path is blank after previous step
+        // it means the path was one or more slashes. Reduce to single slash.
+        let path = if path.is_empty() { "/" } else { path.as_ref() };
+
        // Check whether the path has been changed
        //
        // This check was previously implemented as string length comparison
@ -158,10 +163,23 @@ mod tests {
        let mut app = init_service(
            App::new()
                .wrap(NormalizePath::default())
+                .service(web::resource("/").to(HttpResponse::Ok))
                .service(web::resource("/v1/something/").to(HttpResponse::Ok)),
        )
        .await;

+        let req = TestRequest::with_uri("/").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
+        let req = TestRequest::with_uri("/?query=test").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
+        let req = TestRequest::with_uri("///").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
        let req = TestRequest::with_uri("/v1//something////").to_request();
        let res = call_service(&mut app, req).await;
        assert!(res.status().is_success());
@ -184,10 +202,24 @@ mod tests {
        let mut app = init_service(
            App::new()
                .wrap(NormalizePath(TrailingSlash::Trim))
+                .service(web::resource("/").to(HttpResponse::Ok))
                .service(web::resource("/v1/something").to(HttpResponse::Ok)),
        )
        .await;

+        // root paths should still work
+        let req = TestRequest::with_uri("/").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
+        let req = TestRequest::with_uri("/?query=test").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
+        let req = TestRequest::with_uri("///").to_request();
+        let res = call_service(&mut app, req).await;
+        assert!(res.status().is_success());
+
        let req = TestRequest::with_uri("/v1/something////").to_request();
        let res = call_service(&mut app, req).await;
        assert!(res.status().is_success());