fast-proxy icon indicating copy to clipboard operation
fast-proxy copied to clipboard

Published 20 hours ago verified publisher icon fastify

lib/util.js security feature issue

Open fornof opened this issue 4 years ago • 5 comments

I want to proxy on a per - route basis. I tried but keep getting an error in kubernetes containers and is behind an nginx ingress.

You have already researched for similar issues?


// issue ref: https://github.com/fastify/fast-proxy/issues/42
function buildURL (source, reqBase) {
  const dest = new URL(source, reqBase)

  // if base is specified, source url should not override it
  if (reqBase) {
    if (!reqBase.endsWith('/') && dest.href.length > reqBase.length) {
      reqBase = reqBase + '/'
    }

    if (!dest.href.startsWith(reqBase)) {
      throw new Error('source must be a relative path string')
    }
  }

  return dest
}

What are you trying to achieve, or the steps to reproduce?

this works:

 upstream: 'https://example.com',
  prefix: '/example',
  rewritePrefix: 'https://example.com/',
  http2: false,
  type: 'JWT',
  beforeHandler: [Function: beforeHandler] // auth works this way
}

this does not work, when I put it into kubernetes, but seems to work when I directly access on my local machine instance:

 upstream: 'https://examplek8-service',
  prefix: '/example',
  rewritePrefix: 'http://examplek8-service:1111/health/,
  http2: false,
  type: 'JWT',
  beforeHandler: [Function: beforeHandler] // auth works this way
}

What was the result you received?

error I get is

{"statusCode":500,"error":"Internal Server Error","message":"source must be a relative path string"}

What did you expect?

{success:true} // health endpoint on kubernetes.

Context

  • node version: 12
  • fastify version: >=0.37.0
  • os: Mac, Windows: mac, alpine container
  • any other relevant information: I'd like a way to turn this security feature off in a config , or find some way to proxy .I am coming from express and koa to fastly, maybe there is a simple request-get-as-proxy command I'm missing?

Please read this entire template before posting any issue. If you ignore these instructions and post an issue here that does not follow the instructions, your issue might be closed, locked, and assigned the missing discussion label. ^^ affirmative.

fornof avatar Feb 23 '21 20:02 fornof

(my bad, I thought this was about fast-proxy)

mcollina avatar Feb 24 '21 09:02 mcollina

As the error tells you, rewritePrefix must be a path, not a full URL.

mcollina avatar Feb 24 '21 09:02 mcollina

fast proxy cannot forward individual routes . This is a fast-proxy issue. /health ==> www.example.com:80/health for instance. Well, it can directly connecting to node, but as soon as that path changes in k8s, it no longer works. I ended up giving up with fast-proxy and going with axios and a fastify routes as they are less black box. I cannot forward headers for some reason, probably due to the Host header, but everything works as I need it.

fornof avatar Feb 24 '21 21:02 fornof

I would recommend to not use fast-proxy with fastify. Use fastify-http-proxy or fastify-reply-from. fast-proxy is not supported with fastify.

mcollina avatar Feb 25 '21 00:02 mcollina

I transfered this to to fast-proxy.

mcollina avatar Feb 25 '21 00:02 mcollina