middleware for content type and accept headers (#14075)

* middleware for content type * adding accept middleware too and tests * Update beacon-chain/rpc/endpoints.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update beacon-chain/rpc/endpoints.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update beacon-chain/rpc/endpoints.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update beacon-chain/rpc/endpoints.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * including radek's review --------- Co-authored-by: Radosław Kapka <rkapka@wp.pl>
2026-01-09 15:37:56 -05:00 · 2024-06-04 15:38:21 -05:00
parent 57830435d7
commit 1b40f941cf
17 changed files with 825 additions and 295 deletions
--- a/api/server/middleware/BUILD.bazel
+++ b/api/server/middleware/BUILD.bazel
@@ -0,0 +1,29 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "middleware.go",
+        "util.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/server/middleware",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@com_github_gorilla_mux//:go_default_library",
+        "@com_github_rs_cors//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "middleware_test.go",
+        "util_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//api:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+    ],
+)
--- a/api/server/middleware/middleware.go
+++ b/api/server/middleware/middleware.go
@@ -0,0 +1,112 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/gorilla/mux"
+	"github.com/rs/cors"
+)
+
+// NormalizeQueryValuesHandler normalizes an input query of "key=value1,value2,value3" to "key=value1&key=value2&key=value3"
+func NormalizeQueryValuesHandler(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		query := r.URL.Query()
+		NormalizeQueryValues(query)
+		r.URL.RawQuery = query.Encode()
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+// CorsHandler sets the cors settings on api endpoints
+func CorsHandler(allowOrigins []string) mux.MiddlewareFunc {
+	c := cors.New(cors.Options{
+		AllowedOrigins:   allowOrigins,
+		AllowedMethods:   []string{http.MethodPost, http.MethodGet, http.MethodDelete, http.MethodOptions},
+		AllowCredentials: true,
+		MaxAge:           600,
+		AllowedHeaders:   []string{"*"},
+	})
+
+	return c.Handler
+}
+
+// ContentTypeHandler checks request for the appropriate media types otherwise returning a http.StatusUnsupportedMediaType error
+func ContentTypeHandler(acceptedMediaTypes []string) mux.MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// skip the GET request
+			if r.Method == http.MethodGet {
+				next.ServeHTTP(w, r)
+				return
+			}
+			contentType := r.Header.Get("Content-Type")
+			if contentType == "" {
+				http.Error(w, "Content-Type header is missing", http.StatusUnsupportedMediaType)
+				return
+			}
+
+			accepted := false
+			for _, acceptedType := range acceptedMediaTypes {
+				if strings.TrimSpace(contentType) == strings.TrimSpace(acceptedType) {
+					accepted = true
+					break
+				}
+			}
+
+			if !accepted {
+				http.Error(w, fmt.Sprintf("Unsupported media type: %s", contentType), http.StatusUnsupportedMediaType)
+				return
+			}
+
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// AcceptHeaderHandler checks if the client's response preference is handled
+func AcceptHeaderHandler(serverAcceptedTypes []string) mux.MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			acceptHeader := r.Header.Get("Accept")
+			// header is optional and should skip if not provided
+			if acceptHeader == "" {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			accepted := false
+			acceptTypes := strings.Split(acceptHeader, ",")
+			// follows rules defined in https://datatracker.ietf.org/doc/html/rfc2616#section-14.1
+			for _, acceptType := range acceptTypes {
+				acceptType = strings.TrimSpace(acceptType)
+				if acceptType == "*/*" {
+					accepted = true
+					break
+				}
+				for _, serverAcceptedType := range serverAcceptedTypes {
+					if strings.HasPrefix(acceptType, serverAcceptedType) {
+						accepted = true
+						break
+					}
+					if acceptType != "/*" && strings.HasSuffix(acceptType, "/*") && strings.HasPrefix(serverAcceptedType, acceptType[:len(acceptType)-2]) {
+						accepted = true
+						break
+					}
+				}
+				if accepted {
+					break
+				}
+			}
+
+			if !accepted {
+				http.Error(w, fmt.Sprintf("Not Acceptable: %s", acceptHeader), http.StatusNotAcceptable)
+				return
+			}
+
+			next.ServeHTTP(w, r)
+		})
+	}
+}
--- a/api/server/middleware/middleware_test.go
+++ b/api/server/middleware/middleware_test.go
@@ -0,0 +1,199 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/api"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+)
+
+func TestNormalizeQueryValuesHandler(t *testing.T) {
+	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, err := w.Write([]byte("next handler"))
+		require.NoError(t, err)
+	})
+
+	handler := NormalizeQueryValuesHandler(nextHandler)
+
+	tests := []struct {
+		name          string
+		inputQuery    string
+		expectedQuery string
+	}{
+		{
+			name:          "3 values",
+			inputQuery:    "key=value1,value2,value3",
+			expectedQuery: "key=value1&key=value2&key=value3", // replace with expected normalized value
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			req, err := http.NewRequest("GET", "/test?"+test.inputQuery, nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			rr := httptest.NewRecorder()
+			handler.ServeHTTP(rr, req)
+
+			if rr.Code != http.StatusOK {
+				t.Errorf("handler returned wrong status code: got %v want %v", rr.Code, http.StatusOK)
+			}
+
+			if req.URL.RawQuery != test.expectedQuery {
+				t.Errorf("query not normalized: got %v want %v", req.URL.RawQuery, test.expectedQuery)
+			}
+
+			if rr.Body.String() != "next handler" {
+				t.Errorf("next handler was not executed")
+			}
+		})
+	}
+}
+
+func TestContentTypeHandler(t *testing.T) {
+	acceptedMediaTypes := []string{api.JsonMediaType, api.OctetStreamMediaType}
+
+	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, err := w.Write([]byte("next handler"))
+		require.NoError(t, err)
+	})
+
+	handler := ContentTypeHandler(acceptedMediaTypes)(nextHandler)
+
+	tests := []struct {
+		name               string
+		contentType        string
+		expectedStatusCode int
+		isGet              bool
+	}{
+		{
+			name:               "Accepted Content-Type - application/json",
+			contentType:        api.JsonMediaType,
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Accepted Content-Type - ssz format",
+			contentType:        api.OctetStreamMediaType,
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Unsupported Content-Type - text/plain",
+			contentType:        "text/plain",
+			expectedStatusCode: http.StatusUnsupportedMediaType,
+		},
+		{
+			name:               "Missing Content-Type",
+			contentType:        "",
+			expectedStatusCode: http.StatusUnsupportedMediaType,
+		},
+		{
+			name:               "GET request skips content type check",
+			contentType:        "",
+			expectedStatusCode: http.StatusOK,
+			isGet:              true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			httpMethod := http.MethodPost
+			if tt.isGet {
+				httpMethod = http.MethodGet
+			}
+			req := httptest.NewRequest(httpMethod, "/", nil)
+			if tt.contentType != "" {
+				req.Header.Set("Content-Type", tt.contentType)
+			}
+			rr := httptest.NewRecorder()
+
+			handler.ServeHTTP(rr, req)
+
+			if status := rr.Code; status != tt.expectedStatusCode {
+				t.Errorf("handler returned wrong status code: got %v want %v", status, tt.expectedStatusCode)
+			}
+		})
+	}
+}
+
+func TestAcceptHeaderHandler(t *testing.T) {
+	acceptedTypes := []string{"application/json", "application/octet-stream"}
+
+	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, err := w.Write([]byte("next handler"))
+		require.NoError(t, err)
+	})
+
+	handler := AcceptHeaderHandler(acceptedTypes)(nextHandler)
+
+	tests := []struct {
+		name               string
+		acceptHeader       string
+		expectedStatusCode int
+	}{
+		{
+			name:               "Accepted Accept-Type - application/json",
+			acceptHeader:       "application/json",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Accepted Accept-Type - application/octet-stream",
+			acceptHeader:       "application/octet-stream",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Accepted Accept-Type with parameters",
+			acceptHeader:       "application/json;q=0.9, application/octet-stream;q=0.8",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Unsupported Accept-Type - text/plain",
+			acceptHeader:       "text/plain",
+			expectedStatusCode: http.StatusNotAcceptable,
+		},
+		{
+			name:               "Missing Accept header",
+			acceptHeader:       "",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "*/* is accepted",
+			acceptHeader:       "*/*",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "application/* is accepted",
+			acceptHeader:       "application/*",
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "/* is unsupported",
+			acceptHeader:       "/*",
+			expectedStatusCode: http.StatusNotAcceptable,
+		},
+		{
+			name:               "application/ is unsupported",
+			acceptHeader:       "application/",
+			expectedStatusCode: http.StatusNotAcceptable,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := httptest.NewRequest("GET", "/", nil)
+			if tt.acceptHeader != "" {
+				req.Header.Set("Accept", tt.acceptHeader)
+			}
+			rr := httptest.NewRecorder()
+
+			handler.ServeHTTP(rr, req)
+
+			if status := rr.Code; status != tt.expectedStatusCode {
+				t.Errorf("handler returned wrong status code: got %v want %v", status, tt.expectedStatusCode)
+			}
+		})
+	}
+}
--- a/api/server/middleware/util.go
+++ b/api/server/middleware/util.go
@@ -0,0 +1,17 @@
+package middleware
+
+import (
+	"net/url"
+	"strings"
+)
+
+// NormalizeQueryValues replaces comma-separated values with individual values
+func NormalizeQueryValues(queryParams url.Values) {
+	for key, vals := range queryParams {
+		splitVals := make([]string, 0)
+		for _, v := range vals {
+			splitVals = append(splitVals, strings.Split(v, ",")...)
+		}
+		queryParams[key] = splitVals
+	}
+}
--- a/api/server/middleware/util_test.go
+++ b/api/server/middleware/util_test.go
@@ -0,0 +1,21 @@
+package middleware
+
+import (
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/assert"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+)
+
+func TestNormalizeQueryValues(t *testing.T) {
+	input := make(map[string][]string)
+	input["key"] = []string{"value1", "value2,value3,value4", "value5"}
+
+	NormalizeQueryValues(input)
+	require.Equal(t, 5, len(input["key"]))
+	assert.Equal(t, "value1", input["key"][0])
+	assert.Equal(t, "value2", input["key"][1])
+	assert.Equal(t, "value3", input["key"][2])
+	assert.Equal(t, "value4", input["key"][3])
+	assert.Equal(t, "value5", input["key"][4])
+}