express 5: migrating routes, middleware for project ID regex, but still open issues...

Author: haraldschilly

src/packages/hub/proxy/index.ts

@@ -4,11 +4,12 @@
  */
 
 import { Application } from "express";
+
+import base_path from "@cocalc/backend/base-path";
+import { ProjectControlFunction } from "@cocalc/server/projects/control";
 import getLogger from "../logger";
 import initRequest from "./handle-request";
 import initUpgrade from "./handle-upgrade";
-import base_path from "@cocalc/backend/base-path";
-import { ProjectControlFunction } from "@cocalc/server/projects/control";
 
 const logger = getLogger("proxy");
 
@@ -20,27 +21,29 @@ interface Options {
   proxyConat: boolean;
 }
 
+const uuidRegex =
+  /^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/;
+
+function uuidMiddleware(req, _res, next) {
+  if (uuidRegex.test(req.params.project_id)) {
+    return next();
+  }
+  // Not a valid project ID UUID: skip to next matching route
+  return next("route");
+}
+
 export default function initProxy(opts: Options) {
-  const proxy_regexp = `^${
-    base_path.length <= 1 ? "" : base_path
-  }/[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}/`;
-  const proxy_pattern = `${
-    base_path.length <= 1 ? "" : base_path
-  }/:project_id/*splat`;
-  logger.info(
-    "creating proxy server with proxy_regexp",
-    proxy_regexp,
-    "proxy_pattern",
-    proxy_pattern,
-  );
-
-  // tcp connections:
+  const prefix = base_path.length <= 1 ? "" : base_path;
+  const routePath = `${prefix}/:project_id/*splat`;
+  logger.info("creating proxy server for UUIDs only", routePath);
+
   const handleProxy = initRequest(opts);
 
-  // websocket upgrades:
+  const proxy_regexp = `^${prefix}\/[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$\/(.*)$`;
   const handleUpgrade = initUpgrade(opts, proxy_regexp);
 
-  opts.app.all(proxy_pattern, handleProxy);
+  // Only handles proxy if the project_id is a valid UUID:
+  opts.app.all(routePath, uuidMiddleware, handleProxy);
 
   opts.httpServer.on("upgrade", handleUpgrade);
 }

src/packages/hub/servers/app/app-redirect.ts

@@ -4,8 +4,9 @@
    This redirect is *undone* in @cocalc/frontend/client/handle-hash-url.ts
 */
 
-import { join } from "path";
+import { join } from "node:path";
 import { Router } from "express";
+
 import basePath from "@cocalc/backend/base-path";
 import { getLogger } from "@cocalc/hub/logger";
 import { APP_ROUTES } from "@cocalc/util/routing/app";
@@ -14,7 +15,8 @@ export default function init(router: Router) {
   const winston = getLogger("app-redirect");
   const v: string[] = [];
   for (const path of APP_ROUTES) {
-    v.push(`/${path}/*splat`);
+    v.push(`/${path}`);
+    v.push(`/${path}/{*splat}`);
   }
   router.get(v, (req, res) => {
     winston.debug(req.url);

src/packages/hub/servers/app/next.ts

@@ -11,14 +11,15 @@ import { join } from "path";
 
 // @ts-ignore -- TODO: typescript doesn't like @cocalc/next/init (it is a js file).
 import initNextServer from "@cocalc/next/init";
+
 import basePath from "@cocalc/backend/base-path";
 import { getLogger } from "@cocalc/hub/logger";
 import handleRaw from "@cocalc/next/lib/share/handle-raw";
 import { callback2 } from "@cocalc/util/async-utils";
+import { separate_file_extension } from "@cocalc/util/misc";
 import { database } from "../database";
 import createLandingRedirect from "./landing-redirect";
 import shareRedirect from "./share-redirect";
-import { separate_file_extension } from "@cocalc/util/misc";
 
 export default async function init(app: Application) {
   const winston = getLogger("nextjs");
@@ -95,23 +96,24 @@ export default async function init(app: Application) {
     // 3: Redirects for backward compat; unfortunately there's slight
     // overhead for doing this on every request.
 
-    app.all(join(shareBasePath, "*splat"), shareRedirect(shareBasePath));
+    app.all(join(shareBasePath), shareRedirect(shareBasePath));
+    app.all(join(shareBasePath, "{*splat}"), shareRedirect(shareBasePath));
   }
 
   const landingRedirect = createLandingRedirect();
   app.all(join(basePath, "index.html"), landingRedirect);
   app.all(join(basePath, "doc"), landingRedirect);
-  app.all(join(basePath, "doc/*splat"), landingRedirect);
+  app.all(join(basePath, "doc", "{*splat}"), landingRedirect);
   app.all(join(basePath, "policies"), landingRedirect);
-  app.all(join(basePath, "policies/*splat"), landingRedirect);
+  app.all(join(basePath, "policies", "{*splat}"), landingRedirect);
 
   // The next.js server that serves everything else.
   winston.info(
     "Now using next.js packages/share handler to handle all endpoints not otherwise handled",
   );
 
   // nextjs listens on everything else
-  app.all("*splat", handler);
+  app.all("{*splat}", handler);
 }
 
 function parseURL(req: Request, base): { id: string; path: string } {

src/packages/project/directory-listing.ts

@@ -18,13 +18,15 @@ Browser client code only uses this through the websocket anyways.
 */
 
 import { Router } from "express";
+import { join } from "node:path";
+
 import getListing from "@cocalc/backend/get-listing";
 
 export default function init(): Router {
   const base = "/.smc/directory_listing/";
   const router = Router();
 
-  router.get(base + "*splat", async (req, res) => {
+  router.get(join(base, "{*splat}"), async (req, res) => {
     // decodeURIComponent because decodeURI(misc.encode_path('asdf/te #1/')) != 'asdf/te #1/'
     // https://github.com/sagemathinc/cocalc/issues/2400
     const path = decodeURIComponent(req.path.slice(base.length).trim());

src/packages/project/http-api/server.ts

@@ -74,8 +74,8 @@ function configure(server: express.Application, dbg: Function): void {
     }
   };
 
-  server.get("/api/v1/*", handler);
-  server.post("/api/v1/*", handler);
+  server.get("/api/v1/{*splat}", handler);
+  server.post("/api/v1/{*splat}", handler);
 }
 
 function rateLimit(server: express.Application): void {