diff --git a/.gitignore b/.gitignore index b62c9a37..81df59a5 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /doc /.yardoc gemfiles/*.lock +/.idea diff --git a/lib/api_auth/headers.rb b/lib/api_auth/headers.rb index 6906ab1f..c87805cd 100644 --- a/lib/api_auth/headers.rb +++ b/lib/api_auth/headers.rb @@ -57,7 +57,7 @@ def canonical_string(override_method = nil) [request_method.upcase, @request.content_type, @request.content_md5, - parse_uri(@request.request_uri), + parse_uri(@request.original_uri || @request.request_uri), @request.timestamp].join(',') end diff --git a/lib/api_auth/request_drivers/action_controller.rb b/lib/api_auth/request_drivers/action_controller.rb index 54d0860b..534e3c5b 100644 --- a/lib/api_auth/request_drivers/action_controller.rb +++ b/lib/api_auth/request_drivers/action_controller.rb @@ -52,6 +52,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.request_uri end diff --git a/lib/api_auth/request_drivers/curb.rb b/lib/api_auth/request_drivers/curb.rb index 8509b43f..83e2cea2 100644 --- a/lib/api_auth/request_drivers/curb.rb +++ b/lib/api_auth/request_drivers/curb.rb @@ -41,6 +41,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.url end diff --git a/lib/api_auth/request_drivers/faraday.rb b/lib/api_auth/request_drivers/faraday.rb index a213bef7..f76fb5f2 100644 --- a/lib/api_auth/request_drivers/faraday.rb +++ b/lib/api_auth/request_drivers/faraday.rb @@ -52,6 +52,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri query_string = @request.params.to_query query_string = nil if query_string.empty? diff --git a/lib/api_auth/request_drivers/httpi.rb b/lib/api_auth/request_drivers/httpi.rb index c158c72d..ef7fd9c2 100644 --- a/lib/api_auth/request_drivers/httpi.rb +++ b/lib/api_auth/request_drivers/httpi.rb @@ -51,6 +51,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.url.request_uri end diff --git a/lib/api_auth/request_drivers/net_http.rb b/lib/api_auth/request_drivers/net_http.rb index 55d33e1f..d213a872 100644 --- a/lib/api_auth/request_drivers/net_http.rb +++ b/lib/api_auth/request_drivers/net_http.rb @@ -58,6 +58,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.path end diff --git a/lib/api_auth/request_drivers/rack.rb b/lib/api_auth/request_drivers/rack.rb index 80bd5d53..ae17a845 100644 --- a/lib/api_auth/request_drivers/rack.rb +++ b/lib/api_auth/request_drivers/rack.rb @@ -57,6 +57,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.fullpath end diff --git a/lib/api_auth/request_drivers/rest_client.rb b/lib/api_auth/request_drivers/rest_client.rb index a76ad485..e2a5d274 100644 --- a/lib/api_auth/request_drivers/rest_client.rb +++ b/lib/api_auth/request_drivers/rest_client.rb @@ -60,6 +60,10 @@ def content_md5 value.nil? ? '' : value end + def original_uri + find_header(%w(X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI)) + end + def request_uri @request.url end diff --git a/spec/headers_spec.rb b/spec/headers_spec.rb index ecb96302..4b2946fd 100644 --- a/spec/headers_spec.rb +++ b/spec/headers_spec.rb @@ -96,6 +96,31 @@ end end end + + context "when there's a proxy server (e.g. Nginx) with rewrite rules" do + let(:request) do + Faraday::Request.create('GET') do |req| + req.options = Faraday::RequestOptions.new(Faraday::FlatParamsEncoder) + req.params = Faraday::Utils::ParamsHash.new + req.url('/resource.xml?foo=bar&bar=foo') + req.headers = { 'X-Original-URI' => '/api/resource.xml?foo=bar&bar=foo' } + end + end + subject(:headers) { described_class.new(request) } + let(:driver) { headers.instance_variable_get('@request') } + + before do + allow(driver).to receive(:content_type).and_return 'text/html' + allow(driver).to receive(:content_md5).and_return '12345' + allow(driver).to receive(:timestamp).and_return 'Mon, 23 Jan 1984 03:29:56 GMT' + end + + context 'the driver uses the original_uri' do + it 'constructs the canonical_string with the original_uri' do + expect(headers.canonical_string).to eq 'GET,text/html,12345,/api/resource.xml?foo=bar&bar=foo,Mon, 23 Jan 1984 03:29:56 GMT' + end + end + end end end