🩹Fix: Adaptor middleware duplicates cookies (#3151)

* 🩹Fix: Adaptor middleware duplicates cookies * 🩹Fix: add extra cases for Test_HTTPMiddlewareWithCookies --------- Co-authored-by: Juan Calderon-Perez <[email protected]>
gofiber · Oct 3, 2024 · 85a5fb8 · 85a5fb8 · github-actions · Oct 3, 2024
1 parent 44cd700
commit 85a5fb8
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/middleware/adaptor/adaptor.go b/middleware/adaptor/adaptor.go
@@ -101,6 +101,8 @@ func HTTPMiddleware(mw func(http.Handler) http.Handler) fiber.Handler {
 			c.Request().SetHost(r.Host)
 			c.Request().Header.SetHost(r.Host)
 
+			// Remove all cookies before setting, see https://github.com/valyala/fasthttp/pull/1864
+			c.Request().Header.DelAllCookies()
 			for key, val := range r.Header {
 				for _, v := range val {
 					c.Request().Header.Set(key, v)

diff --git a/middleware/adaptor/adaptor_test.go b/middleware/adaptor/adaptor_test.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"strings"
 	"testing"
 
 	"github.com/gofiber/fiber/v3"
@@ -200,6 +201,81 @@ func Test_HTTPMiddleware(t *testing.T) {
 	require.Equal(t, "okay", resp.Header.Get("context_second_okay"))
 }
 
+func Test_HTTPMiddlewareWithCookies(t *testing.T) {
+	const (
+		cookieHeader    = "Cookie"
+		setCookieHeader = "Set-Cookie"
+		cookieOneName   = "cookieOne"
+		cookieTwoName   = "cookieTwo"
+		cookieOneValue  = "valueCookieOne"
+		cookieTwoValue  = "valueCookieTwo"
+	)
+	nethttpMW := func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.Method != http.MethodPost {
+				w.WriteHeader(http.StatusMethodNotAllowed)
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+
+	app := fiber.New()
+	app.Use(HTTPMiddleware(nethttpMW))
+	app.Post("/", func(c fiber.Ctx) error {
+		// RETURNING CURRENT COOKIES TO RESPONSE
+		var cookies []string = strings.Split(c.Get(cookieHeader), "; ")
+		for _, cookie := range cookies {
+			c.Set(setCookieHeader, cookie)
+		}
+		return c.SendStatus(fiber.StatusOK)
+	})
+
+	// Test case for POST request with cookies
+	t.Run("POST request with cookies", func(t *testing.T) {
+		req, err := http.NewRequestWithContext(context.Background(), fiber.MethodPost, "/", nil)
+		require.NoError(t, err)
+		req.AddCookie(&http.Cookie{Name: cookieOneName, Value: cookieOneValue})
+		req.AddCookie(&http.Cookie{Name: cookieTwoName, Value: cookieTwoValue})
+
+		resp, err := app.Test(req)
+		require.NoError(t, err)
+		cookies := resp.Cookies()
+		require.Len(t, cookies, 2)
+		for _, cookie := range cookies {
+			switch cookie.Name {
+			case cookieOneName:
+				require.Equal(t, cookieOneValue, cookie.Value)
+			case cookieTwoName:
+				require.Equal(t, cookieTwoValue, cookie.Value)
+			default:
+				t.Error("unexpected cookie key")
+			}
+		}
+	})
+
+	// New test case for GET request
+	t.Run("GET request", func(t *testing.T) {
+		req, err := http.NewRequestWithContext(context.Background(), fiber.MethodGet, "/", nil)
+		require.NoError(t, err)
+
+		resp, err := app.Test(req)
+		require.NoError(t, err)
+		require.Equal(t, http.StatusMethodNotAllowed, resp.StatusCode)
+	})
+
+	// New test case for request without cookies
+	t.Run("POST request without cookies", func(t *testing.T) {
+		req, err := http.NewRequestWithContext(context.Background(), fiber.MethodPost, "/", nil)
+		require.NoError(t, err)
+
+		resp, err := app.Test(req)
+		require.NoError(t, err)
+		require.Equal(t, http.StatusOK, resp.StatusCode)
+		require.Empty(t, resp.Cookies())
+	})
+}
+
 func Test_FiberHandler(t *testing.T) {
 	testFiberToHandlerFunc(t, false)
 }
Benchmark suite	Current: `85a5fb8`	Previous: `6e74114`	Ratio
`Benchmark_Utils_GetOffer/1_parameter`	`222.5` ns/op 0 B/op 0 allocs/op	`131.1` ns/op 0 B/op 0 allocs/op	`1.70`
`Benchmark_Utils_GetOffer/1_parameter - ns/op`	`222.5` ns/op	`131.1` ns/op	`1.70`
`Benchmark_Middleware_BasicAuth - B/op`	`80` B/op	`48` B/op	`1.67`
`Benchmark_Middleware_BasicAuth - allocs/op`	`5` allocs/op	`3` allocs/op	`1.67`
`Benchmark_Middleware_BasicAuth_Upper - B/op`	`80` B/op	`48` B/op	`1.67`
`Benchmark_Middleware_BasicAuth_Upper - allocs/op`	`5` allocs/op	`3` allocs/op	`1.67`
`Benchmark_CORS_NewHandler - B/op`	`16` B/op	`0` B/op	`+∞`
`Benchmark_CORS_NewHandler - allocs/op`	`1` allocs/op	`0` allocs/op	`+∞`
`Benchmark_CORS_NewHandlerSingleOrigin - B/op`	`16` B/op	`0` B/op	`+∞`
`Benchmark_CORS_NewHandlerSingleOrigin - allocs/op`	`1` allocs/op	`0` allocs/op	`+∞`
`Benchmark_CORS_NewHandlerPreflight - B/op`	`104` B/op	`0` B/op	`+∞`
`Benchmark_CORS_NewHandlerPreflight - allocs/op`	`5` allocs/op	`0` allocs/op	`+∞`
`Benchmark_CORS_NewHandlerPreflightSingleOrigin - B/op`	`104` B/op	`0` B/op	`+∞`
`Benchmark_CORS_NewHandlerPreflightSingleOrigin - allocs/op`	`5` allocs/op	`0` allocs/op	`+∞`
`Benchmark_CORS_NewHandlerPreflightWildcard - B/op`	`104` B/op	`0` B/op	`+∞`
`Benchmark_CORS_NewHandlerPreflightWildcard - allocs/op`	`5` allocs/op	`0` allocs/op	`+∞`
`Benchmark_Middleware_CSRF_GenerateToken - B/op`	`517` B/op	`334` B/op	`1.55`
`Benchmark_Middleware_CSRF_GenerateToken - allocs/op`	`10` allocs/op	`6` allocs/op	`1.67`