Update VerifyHTTPRequest to accept a server name function (#344)

neilalexander · web-flow · commit 17b0be811afa · 2022-10-25T15:24:07.000+01:00
This is needed for matrix-org/dendrite#2829.
diff --git a/request.go b/request.go
@@ -201,17 +201,25 @@ func isSafeInHTTPQuotedString(text string) bool { // nolint: gocyclo
 // the query parameters, and the JSON content. In particular the version of
 // HTTP and the headers aren't protected by the signature.
 func VerifyHTTPRequest(
-	req *http.Request, now time.Time, destination ServerName, keys JSONVerifier,
+	req *http.Request, now time.Time,
+	destination ServerName, // the default server name, if none other is given
+	isLocalServerName func(ServerName) bool, // optional, verify secondary server names
+	keys JSONVerifier,
 ) (*FederationRequest, util.JSONResponse) {
 	request, err := readHTTPRequest(req)
 	if err != nil {
 		util.GetLogger(req.Context()).WithError(err).Print("Error parsing HTTP headers")
 		return nil, util.MessageResponse(400, "Bad Request")
 	}
-	if request.fields.Destination != "" && request.fields.Destination != destination {
-		message := "Unrecognised server name for Destination"
-		util.GetLogger(req.Context()).WithError(err).Print(message)
-		return nil, util.MessageResponse(400, message)
+	if request.fields.Destination != "" {
+		switch {
+		case isLocalServerName != nil && !isLocalServerName(request.fields.Destination):
+			fallthrough
+		case isLocalServerName == nil && destination != request.fields.Destination:
+			message := fmt.Sprintf("Unrecognised server name %q for Destination", request.fields.Destination)
+			util.GetLogger(req.Context()).Warn(message)
+			return nil, util.MessageResponse(400, message)
+		}
 	} else if request.fields.Destination == "" {
 		request.fields.Destination = destination
 	}
diff --git a/request_test.go b/request_test.go
@@ -78,7 +78,7 @@ func TestVerifyGetRequest(t *testing.T) {
 		t.Fatal(err)
 	}
 	request, jsonResp := VerifyHTTPRequest(
-		hr, time.Unix(1493142432, 96400), "localhost:44033", KeyRing{nil, &testKeyDatabase{}},
+		hr, time.Unix(1493142432, 96400), "localhost:44033", nil, KeyRing{nil, &testKeyDatabase{}},
 	)
 	if request == nil {
 		t.Fatalf("Wanted non-nil request got nil. (request was %#v, response was %#v)", hr, jsonResp)
@@ -137,7 +137,7 @@ func TestVerifyPutRequest(t *testing.T) {
 		t.Fatal(err)
 	}
 	request, jsonResp := VerifyHTTPRequest(
-		hr, time.Unix(1493142432, 96400), "localhost:44033", KeyRing{nil, &testKeyDatabase{}},
+		hr, time.Unix(1493142432, 96400), "localhost:44033", nil, KeyRing{nil, &testKeyDatabase{}},
 	)
 	if request == nil {
 		t.Fatalf("Wanted non-nil request got nil. (request was %#v, response was %#v)", hr, jsonResp)

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ func TestVerifyGetRequest(t *testing.T) {`
`78`	`78`	`t.Fatal(err)`
`79`	`79`	`}`
`80`	`80`	`request, jsonResp := VerifyHTTPRequest(`
`81`		`- hr, time.Unix(1493142432, 96400), "localhost:44033", KeyRing{nil, &testKeyDatabase{}},`
	`81`	`+ hr, time.Unix(1493142432, 96400), "localhost:44033", nil, KeyRing{nil, &testKeyDatabase{}},`
`82`	`82`	`)`
`83`	`83`	`if request == nil {`
`84`	`84`	`t.Fatalf("Wanted non-nil request got nil. (request was %#v, response was %#v)", hr, jsonResp)`
`@@ -137,7 +137,7 @@ func TestVerifyPutRequest(t *testing.T) {`
`137`	`137`	`t.Fatal(err)`
`138`	`138`	`}`
`139`	`139`	`request, jsonResp := VerifyHTTPRequest(`
`140`		`- hr, time.Unix(1493142432, 96400), "localhost:44033", KeyRing{nil, &testKeyDatabase{}},`
	`140`	`+ hr, time.Unix(1493142432, 96400), "localhost:44033", nil, KeyRing{nil, &testKeyDatabase{}},`
`141`	`141`	`)`
`142`	`142`	`if request == nil {`
`143`	`143`	`t.Fatalf("Wanted non-nil request got nil. (request was %#v, response was %#v)", hr, jsonResp)`