rapid-cdn: c->h: Implement disabled-cookie-list

e5b2a05c · Łukasz Nowak · 102cfd02 · e5b2a05c · e5b2a05c · e5b2a05c
Commit e5b2a05c authored Aug 29, 2022 by Łukasz Nowak
4 changed files
--- a/software/rapid-cdn/buildout.hash.cfg
+++ b/software/rapid-cdn/buildout.hash.cfg
@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181

 [template-frontend-haproxy-configuration]
 _update_hash_filename_ = templates/frontend-haproxy.cfg.in
-md5sum = 7c96b713bd25fdad23ff20660e625a58
+md5sum = d115e229b7b76bcc6aba4ba62e887ccb

 [template-frontend-haproxy-crt-list]
 _update_hash_filename_ = templates/frontend-haproxy-crt-list.in

--- a/software/rapid-cdn/templates/default-virtualhost.conf.in
+++ b/software/rapid-cdn/templates/default-virtualhost.conf.in
@@ -87,10 +87,6 @@
    without /prefer-gzip
    header_upstream Accept-Encoding gzip
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
-    # Remove cookie {{ disabled_cookie }} from client Cookies
-    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
-{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}

 {%-   if slave_parameter['disable-no-cache-request'] %}
    header_upstream -Cache-Control

--- a/software/rapid-cdn/templates/frontend-haproxy.cfg.in
+++ b/software/rapid-cdn/templates/frontend-haproxy.cfg.in
@@ -109,6 +109,9 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
  http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
 {%-           endif %}
 {%-         endif %}
+{%-         for disabled_cookie in slave_instance['disabled-cookie-list'] %}
+  http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
+{%-         endfor %}
 {%-         if info_dict['path'] %}
  http-request set-path {{ info_dict['path'] }}%[path]
 {%-         endif %} {# if info_dict['path'] #}

--- a/software/rapid-cdn/test/test.py
+++ b/software/rapid-cdn/test/test.py
@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
 import json
 import multiprocessing
 import subprocess
-from unittest import skip, expectedFailure
+from unittest import skip
 import ssl
 from http.server import HTTPServer
 from http.server import BaseHTTPRequestHandler
@@ -2104,9 +2104,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
      'domain': 'example.com',
-      'accepted-slave-amount': '55',
+      'accepted-slave-amount': '56',
      'rejected-slave-amount': '0',
-      'slave-amount': '55',
+      'slave-amount': '56',
      'rejected-slave-dict': {
      },
      'warning-slave-dict': {
@@ -4531,37 +4531,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
        curl_command, out, err))
    return out, err

-  @expectedFailure
  def test_disabled_cookie_list(self):
    parameter_dict = self.assertSlaveBase('disabled-cookie-list')
    out, err = self._curl(
      parameter_dict['domain'], TEST_IP, HTTPS_PORT,
      # Note: Cookie order is extremely important here, do not change
      # or test will start to pass incorrectly
-      'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent',
+      'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
+      'Coffee=present; Vanilia=absent; Water=present',
    )
    # self check - were the cookies sent in required order?
    self.assertIn(
-      'ookie: Coconut=absent; Chocolate=absent; Coffee=present; '
-      'Vanilia=absent',
+      'ookie: Tea=present; Coconut=absent; DarkChocolate=present; '
+      'Chocolate=absent; Coffee=present; Vanilia=absent; Water=present',
      err.decode())
    # real test - all configured cookies are dropped
    self.assertEqual(
-      'Coffee=present', json.loads(out)['Incoming Headers']['cookie'])
+      'Tea=present; DarkChocolate=present; Coffee=present; Water=present',
+      json.loads(out)['Incoming Headers']['cookie'])

  def test_disabled_cookie_list_simple(self):
-    parameter_dict = self.assertSlaveBase('disabled-cookie-list')
+    parameter_dict = self.assertSlaveBase('disabled-cookie-list-simple')
    out, err = self._curl(
      parameter_dict['domain'], TEST_IP, HTTPS_PORT,
-      'WhiteChocolate=present; Chocolate=absent; Coffee=present',
+      'Chocolate=absent; Coffee=present',
    )
    # self check - were the cookies sent in required order?
    self.assertIn(
-      'ookie: WhiteChocolate=present; Chocolate=absent; Coffee=present',
+      'ookie: Chocolate=absent; Coffee=present',
      err.decode())
    # real test - all configured cookies are dropped
    self.assertEqual(
-      'WhiteChocolate=present ; Coffee=present',
+      'Coffee=present',
      json.loads(out)['Incoming Headers']['cookie'])

  def test_https_url(self):