TUN-6801: Add punycode alternatives for ingress rules

2025-07-27 20:09:58 +00:00 · 2022-09-22 16:19:06 -07:00
parent be0305ec58
commit b3e26420c0
4 changed files with 98 additions and 32 deletions
--- a/ingress/rule_test.go
+++ b/ingress/rule_test.go
@@ -14,23 +14,18 @@ import (
 )

 func Test_rule_matches(t *testing.T) {
-	type fields struct {
-		Hostname string
-		Path     *Regexp
-		Service  OriginService
-	}
 	type args struct {
 		requestURL *url.URL
 	}
 	tests := []struct {
-		name   string
-		fields fields
-		args   args
-		want   bool
+		name string
+		rule Rule
+		args args
+		want bool
 	}{
 		{
 			name: "Just hostname, pass",
-			fields: fields{
+			rule: Rule{
 				Hostname: "example.com",
 			},
 			args: args{
@@ -38,9 +33,31 @@ func Test_rule_matches(t *testing.T) {
 			},
 			want: true,
 		},
+		{
+			name: "Unicode hostname with unicode request, pass",
+			rule: Rule{
+				Hostname:         "môô.cloudflare.com",
+				punycodeHostname: "xn--m-xgaa.cloudflare.com",
+			},
+			args: args{
+				requestURL: MustParseURL(t, "https://môô.cloudflare.com"),
+			},
+			want: true,
+		},
+		{
+			name: "Unicode hostname with punycode request, pass",
+			rule: Rule{
+				Hostname:         "môô.cloudflare.com",
+				punycodeHostname: "xn--m-xgaa.cloudflare.com",
+			},
+			args: args{
+				requestURL: MustParseURL(t, "https://xn--m-xgaa.cloudflare.com"),
+			},
+			want: true,
+		},
 		{
 			name: "Entire hostname is wildcard, should match everything",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*",
 			},
 			args: args{
@@ -50,7 +67,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Just hostname, fail",
-			fields: fields{
+			rule: Rule{
 				Hostname: "example.com",
 			},
 			args: args{
@@ -60,7 +77,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Just wildcard hostname, pass",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*.example.com",
 			},
 			args: args{
@@ -70,7 +87,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Just wildcard hostname, fail",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*.example.com",
 			},
 			args: args{
@@ -80,7 +97,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Just wildcard outside of subdomain in hostname, fail",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*example.com",
 			},
 			args: args{
@@ -90,7 +107,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Wildcard over multiple subdomains",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*.example.com",
 			},
 			args: args{
@@ -100,7 +117,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Hostname and path",
-			fields: fields{
+			rule: Rule{
 				Hostname: "*.example.com",
 				Path:     &Regexp{Regexp: regexp.MustCompile("/static/.*\\.html")},
 			},
@@ -111,7 +128,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Hostname and empty Regex",
-			fields: fields{
+			rule: Rule{
 				Hostname: "example.com",
 				Path:     &Regexp{},
 			},
@@ -122,7 +139,7 @@ func Test_rule_matches(t *testing.T) {
 		},
 		{
 			name: "Hostname and nil path",
-			fields: fields{
+			rule: Rule{
 				Hostname: "example.com",
 				Path:     nil,
 			},
@@ -134,13 +151,8 @@ func Test_rule_matches(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			r := Rule{
-				Hostname: tt.fields.Hostname,
-				Path:     tt.fields.Path,
-				Service:  tt.fields.Service,
-			}
 			u := tt.args.requestURL
-			if got := r.Matches(u.Hostname(), u.Path); got != tt.want {
+			if got := tt.rule.Matches(u.Hostname(), u.Path); got != tt.want {
 				t.Errorf("rule.matches() = %v, want %v", got, tt.want)
 			}
 		})