Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable list of commands from playground repositories #897 - Commands Blacklisted #23

Merged
merged 17 commits into from
Oct 6, 2024
+39 −7
Merged

Disable list of commands from playground repositories #897 - Commands Blacklisted #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6fd9753
blacklist-added
yashbudhia Oct 4, 2024
b4276c5
fixes
yashbudhia Oct 4, 2024
c4760ed
Merge branch 'master' into blacklist
yashbudhia Oct 4, 2024
d83c716
Add trailing slash middleware to prevent unexpected API crash (#16)
tarun-29 Oct 4, 2024
11565ac
#21: Refactored repo for consistency (#24)
rishavvajpayee Oct 4, 2024
094a94d
Adding support for generic command execution (#26)
lucifercr07 Oct 5, 2024
99ce7fe
Adding support for generic command execution (#27)
lucifercr07 Oct 5, 2024
6c7383f
conflicts-resolved-2
yashbudhia Oct 6, 2024
2b1a6a5
Merge branch 'master' into blacklist
yashbudhia Oct 6, 2024
ec40c24
name-changed
yashbudhia Oct 6, 2024
dffb232
bool-applied
yashbudhia Oct 6, 2024
6ed4d06
checks-fixed
yashbudhia Oct 6, 2024
9877cbd
comments-removed
yashbudhia Oct 6, 2024
66bea7e
comments
yashbudhia Oct 6, 2024
97a84d9
error_updated
yashbudhia Oct 6, 2024
76464b3
minors
yashbudhia Oct 6, 2024
6d27e8f
Addressing review comments
lucifercr07 Oct 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions internal/server/http.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@ import (
"errors"
"log/slog"
"net/http"
"server/internal/middleware"
"strings"
"sync"
"time"

"server/internal/db"
"server/internal/middleware"
util "server/util"
)

Expand All @@ -20,8 +20,6 @@ type HTTPServer struct {
DiceClient *db.DiceDB
}

// HandlerMux wraps ServeMux and forces REST paths to lowercase
// and attaches a rate limiter with the handler
type HandlerMux struct {
mux *http.ServeMux
rateLimiter func(http.ResponseWriter, *http.Request, http.Handler)
Expand All @@ -47,10 +45,8 @@ func errorResponse(response string) string {
}

func (cim *HandlerMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Convert the path to lowercase before passing to the underlying mux.
middleware.TrailingSlashMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.URL.Path = strings.ToLower(r.URL.Path)
// Apply rate limiter
cim.rateLimiter(w, r, cim.mux)
})).ServeHTTP(w, r)
}
Expand Down Expand Up @@ -105,7 +101,7 @@ func (s *HTTPServer) HealthCheck(w http.ResponseWriter, request *http.Request) {
func (s *HTTPServer) CliHandler(w http.ResponseWriter, r *http.Request) {
diceCmd, err := util.ParseHTTPRequest(r)
if err != nil {
http.Error(w, errorResponse("error parsing http request"), http.StatusBadRequest)
http.Error(w, errorResponse(err.Error()), http.StatusBadRequest)
return
}

Expand All @@ -119,7 +115,7 @@ func (s *HTTPServer) CliHandler(w http.ResponseWriter, r *http.Request) {
respStr, ok := resp.(string)
if !ok {
slog.Error("error: response is not a string", "error", slog.Any("err", err))
http.Error(w, errorResponse("internal Server Error"), http.StatusInternalServerError)
http.Error(w, errorResponse("internal server error"), http.StatusInternalServerError)
return
}

Expand Down
36 changes: 36 additions & 0 deletions util/helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,49 @@ import (
"strings"
)

// Map of blocklisted commands
var blocklistedCommands = map[string]bool{
"FLUSHALL": true,
"FLUSHDB": true,
"DUMP": true,
"ABORT": true,
"AUTH": true,
"CONFIG": true,
"SAVE": true,
"BGSAVE": true,
"BGREWRITEAOF": true,
"RESTORE": true,
"MULTI": true,
"EXEC": true,
"DISCARD": true,
"QWATCH": true,
"QUNWATCH": true,
"LATENCY": true,
"CLIENT": true,
"SLEEP": true,
"PERSIST": true,
}

// BlockListedCommand checks if a command is blocklisted
func BlockListedCommand(cmd string) error {
if _, exists := blocklistedCommands[strings.ToUpper(cmd)]; exists {
return errors.New("ERR unknown command '" + cmd + "'")
}
return nil
}

// ParseHTTPRequest parses an incoming HTTP request and converts it into a CommandRequest for Redis commands
func ParseHTTPRequest(r *http.Request) (*cmds.CommandRequest, error) {
command := extractCommand(r.URL.Path)
if command == "" {
return nil, errors.New("invalid command")
}

// Check if the command is blocklisted
if err := BlockListedCommand(command); err != nil {
return nil, err
}

args, err := newExtractor(r)
if err != nil {
return nil, err
Expand Down