Fix behavior for PathPrefixStrip

[seryl]

When pushing data to downstream proxies; malformed requests were being
sent.

The corrected behavior is as follows:

Route Stripped	URL	Passed to Backend
/	/	/

Route Stripped	URL	Passed to Backend
/stat	/stat	/
/stat	/stat/	/
/stat	/status	/status
/stat	/stat/us	/us

Route Stripped	URL	Passed to Backend
/stat/	/stat	/stat
/stat/	/stat/	/
/stat/	/status	/status
/stat/	/stat/us	/us

Prior, we could strip the prefixing /, and we'd also ignore the case
where you want to serve something like /api as both the index and as a
subpath.

Additionally, this should resolve a myriad of issues relating to
kubernetes ingress PathPrefixStrip.

Description

Should fix the following tickets:

• Basic URL Rewriting #133
• PathPrefixStrip that ends with / causes 400 bad request #374
• Need URL rewrite to add trailing slash #563
• Proxying traefik web gui  #591
• [Question] Traefik and KeyBox (jetty/websocket application) #850
• How to use pathprefixstrip and provide path value on Kubernetes Ingress #863
• path routing with websockets not working  #920
• Routing logic bug #924
• Kubernetes routing priority issue #943
• Paths matching order #1011
• Traefik not routing path correctly #1037
• Support for default route for k8s backend #1051
• Accessing WebUI through PathPrefixStrip frontend returns 404 #1081
• Docker swarm and traefik always error 404 #1106

Potentially fixes:

• Error forwarding with err: EOF in logs when using pathprefixstrip on / route in kubernetes setup #1054
• Redirect path to domain.com/web is not working (Docker Swarm Mode 1.13) #1123

[seryl]

Example of malformed requests:

10.244.0.164 - - [19/May/2017:23:58:14 +0000] "GET app.301d8f1c250fa1437ad7.js HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [19/May/2017:23:58:15 +0000] "GET app.301d8f1c250fa1437ad7.js HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [19/May/2017:23:58:17 +0000] "GET app.301d8f1c250fa1437ad7.js HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [19/May/2017:23:58:58 +0000] "GET _/public/img/pack.png HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [19/May/2017:23:59:07 +0000] "GET favicon.ico HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [20/May/2017:00:00:35 +0000] "GET app.301d8f1c250fa1437ad7.js HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [20/May/2017:00:00:35 +0000] "GET app.301d8f1c250fa1437ad7.js HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [20/May/2017:00:00:38 +0000] "GET favicon.ico HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [20/May/2017:00:00:41 +0000] "GET favicon.ico HTTP/1.1" 400 173 "-" "-" "-"
10.244.0.164 - - [20/May/2017:00:00:44 +0000] "GET favicon.ico HTTP/1.1" 400 173 "-" "-" "-

Note: They are all missing prefixed paths.

[timoreimann]

Thanks for the contribution -- looking forward to seeing a long-standing issue getting resolved!

I left a few comments.

[timoreimann]

I suppose org stands for original? If so, could we maybe rename it to orig?

[timoreimann]

I think we should also have a test for a prefix containing white spaces.

[timoreimann]

I think a more elegant and concise way to implement the previous block would be

prefix = strings.TrimSuffix(orgPrefix, "/") + "/"

[timoreimann]

Similarly here:

r.URL.Path = "/" + strings.TrimPrefix(p, "/")

[timoreimann]

No blank line here.

[timoreimann]

Does err give enough context to understand we ran into an error while sending the GET query?

When in doubt, I'd add a bit of context like

t.Fatalf("failed to send GET request: %s", err)

[timoreimann]

Context question/comment from above applies here too.

[timoreimann]

I don't think we need to have a newline in the error string.

[timoreimann]

In Go, error strings should name the actual value first and expected second. For instance

t.Errorf("got response '%s', expected '%s'", response, test.expectedResponse)

[seryl]

I understand, I was just following the other PathPrefixStripRegex example.

I'll add these fixes shortly.

[timoreimann]

I'm wondering if we need all existing test cases here. For instance, what's the difference between /statand a/api, or /stat/ and /c/api/123/?

While it's not terribly bad to have too many test cases, ideally there should be one representative case per code path only.

[timoreimann]

@emilevauge @ldez what do you think, should we have this fix be part of 1.3?

[seryl]

@timoreimann Updated with your requested changes.

Let me know if there's anything else we need (rebase, etc).

[ldez]

Good job 👍

[ldez]

To enhance readability, create 2 types at the below of the file:

type stripPrefixTestSuite struct {
	server *httptest.Server
	desc   string
	tests  []stripPrefixTestCase
}

type stripPrefixTestCase struct {
	url                string
	expectedStatusCode int
	expectedBody       string
}

[ldez]

You can use Testify, to enhance readability:

resp, err := http.Get(suite.server.URL + test.url)
require.NoError(t, err, "Failed to send GET request")
assert.Equal(t, test.expectedStatusCode, resp.StatusCode, "Unexpected status code")

if test.expectedBody != "" {
	response, err := ioutil.ReadAll(resp.Body)
	require.NoError(t, err, "Failed to read response body")

	assert.Equal(t, test.expectedBody, string(response), "Unexpected response received")
}

[seryl]

Alright, these changes were added as well as your above suggestions.

[ldez]

for the expressivity of the test, you can drop all expected: ""

[ldez]

can you re-odering? Put code before expected

[ldez]

Please, put this 2 types at the bottom part of the file.

[seryl]

Will rebase as soon as we get a thumbs up.

[timoreimann]

I noticed a few problems with the new approach. See my remarks.

We also seem to have lost test cases verifying that the the first matching prefix will be applied. At the same time, I still think that a few cases are verifying existing behavior redundantly.

I went ahead and put together a proposal on what I think could be a more simple approach while solving the given problems. I pushed it here timoreimann@224f2a1 and would be curious to hear what you think.

Thanks!

[timoreimann]

This should probably be better called path.

[timoreimann]

The given nested suite/test cases approach comes with a few drawbacks:

• Since the description is attached to the suite, we can't see which test case exactly is failing.
• For the same reason, we cannot execute individual test cases.
• If one test in a suite fails, the entire suite is aborted.

Overall, I also find the nested approach more difficult to understand.

All of this should be solvable by going back to a single, flat hierarchy.

[seryl]

I added what I thought were the right test to begin with.

I ended up added test to validate per request status; tradeoffs are perf. I don't know if we lose anything here to be frank.

[timoreimann]

I'm definitely okay with the (unique set of) tests you have selected. (In fact, I think you included some which I would have likely forgotten.)

It's just that I think structurally, we're not reaping the benefits of sub-tests with the current approach; notably the points described in the Table-driven tests using subtests section of the introductory blog post.

[timoreimann]

Initializing the servers outside of the parallelized context could be problematic. For instance, if I execute your test like this

go test -count 20 -cpu 1,2,4 -run ^TestStripPrefix$ ./middlewares

I immediately run into too many open files problems on my Mac.

This might not be an issue now but could possibly become one in the future.

[seryl]

Help me understand why you're seeing multiple files opened.

I'm not sure it has anything to do with this at all. Sounds unrelated.

[timoreimann]

Linux/Unix (which Mac is, technically) represent almost everything in terms of files, including sockets. When I repeated the test 20 times and simulated multiples cores above, a higher number of sockets (and thus file handles) would be consumed concurrently by the test server.

It's perfectly okay to hit the limit at some point because my Mac machine obviously isn't optimized for highly concurrent request throughput. What's interesting though is that with the simpler approach creating one test server per more narrow-scoped test execution routine, I only see the limit when running on 32 or 64 cores.

This really isn't supposed to be a hard blocker on the given approach at all, just an indication on which implementation may be easier on the resource consumption IMHO.

[ldez]

@timoreimann your timoreimann@224f2a1 is a very clean way to test ❤️

[timoreimann]

LGTM. 👍

Thanks for the contribution. This one should make a bunch of folks happy.

[ldez]

LGTM

I have rebase the PR on the 1.3 branch.

[emilevauge]

Thanks very much @seryl !
Awesome contribution, this will help a lot 👏
LGTM