Skip to content
This repository has been archived by the owner on Aug 18, 2020. It is now read-only.

[CO-370] Make Content-Type parsing more lenient #3596

Merged
merged 5 commits into from
Sep 15, 2018
Merged

[CO-370] Make Content-Type parsing more lenient #3596

merged 5 commits into from
Sep 15, 2018

Conversation

KtorZ
Copy link
Contributor

@KtorZ KtorZ commented Sep 14, 2018

Description

We have had a lot of trouble where people will send no content-type or
simply 'application/json' and request would fail with 415 Unsupported
Media Type. Without knowing where to look, the error looks quite
unexpected and could give a lot of headache. This commit does two
changes:

  • It slightly modifies the 'Accept' instance to use 'contentTypes'
    instead of 'contentType'. The latter is defined from the former by
    simply taking the head of the list returned by 'contentTypes', which in
    our case is 'application/json;charset=utf-8'

  • It provides a default content-type 'application/json' when no
    content-type is provided

TODO

  • Add entry in the CHANGELOG once changing base against develop

Linked issue

[CO-370]

Type of change

  • 🐞 Bug fix (non-breaking change which fixes an issue)
  • 🛠 New feature (non-breaking change which adds functionality)
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to change)
  • 🏭 Refactoring that does not change existing functionality but does improve things like code readability, structure etc
  • 🔨 New or improved tests for existing code
  • ⛑ git-flow chore (backport, hotfix, etc)

Developer checklist

  • I have read the style guide document, and my code follows the code style of this project.
  • If my code deals with exceptions, it follows the guidelines.
  • I have updated any documentation accordingly, if needed. Documentation changes can be reflected in opening a PR on cardanodocs.com, amending the inline Haddock comments, any relevant README file or one of the document listed in the docs directory.
  • CHANGELOG entry has been added and is linked to the correct PR on GitHub.

Testing checklist

  • I have added tests to cover my changes.
  • All new and existing tests passed.

QA Steps

With cURL:

Content-Type is "application/json;charset=utf-8"

POST /api/v1/wallets HTTP/1.1
Host: localhost:8090
User-Agent: curl/7.47.0
Accept: */*
Content-Type: application/json;charset=utf-8
Content-Length: 209

< HTTP/1.1 201 Created
< Transfer-Encoding: chunked
< Date: Fri, 14 Sep 2018 04:53:31 GMT
< Server: Warp/3.2.22
< Content-Type: application/json;charset=utf-8

Content-Type is "application/json"

POST /api/v1/wallets HTTP/1.1
Host: localhost:8090
User-Agent: curl/7.47.0
Accept: */*
Content-Type: application/json
Content-Length: 209

< HTTP/1.1 201 Created
< Transfer-Encoding: chunked
< Date: Fri, 14 Sep 2018 04:51:55 GMT
< Server: Warp/3.2.22
< Content-Type: application/json;charset=utf-8

Content-Type is not defined

POST /api/v1/wallets HTTP/1.1
Host: localhost:8090
User-Agent: curl/7.47.0
Accept: /
Content-Length: 209

< HTTP/1.1 201 Created
< Transfer-Encoding: chunked
< Date: Fri, 14 Sep 2018 04:56:23 GMT
< Server: Warp/3.2.22
< Content-Type: application/json;charset=utf-8

Content-Type is "application/x-www-form-urlencoded"

POST /api/v1/wallets HTTP/1.1
Host: localhost:8090
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 209
Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 415 Unsupported Media Type
< Transfer-Encoding: chunked
< Date: Fri, 14 Sep 2018 04:56:08 GMT
< Server: Warp/3.2.22

Screenshots (if available)

@KtorZ KtorZ requested a review from akegalj September 14, 2018 05:04
@KtorZ
Copy link
Contributor Author

KtorZ commented Sep 14, 2018

@akegalj This is currently targetting the throttling branch as I added the middleware on top of your refactor.
Once it got merged into develop, I'll change the base branch of this PR to develop as well, but for now, it makes it easier for the review 👍

KtorZ
KtorZ commented Sep 14, 2018
View reviewed changes
wallet-new/src/Cardano/Wallet/API/Response.hs
@@ -226,7 +226,7 @@ instance FromJSON a => MimeUnrender ValidJSON a where
Right v -> return v

instance Accept ValidJSON where
contentType _ = contentType (Proxy @ JSON)
contentTypes _ = contentTypes (Proxy @ JSON)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This simple change already makes the parser accept both application/json and application/json;charset=utf-8.

Actually, contentType is defined using the head of what's returned by contentTypes, which in the case of JSON is application/json;charset=utf-8 !

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@KtorZ Interesting, good catch! I am wondering if this change, alone, suffice to make the content type lenient or if we do need the extra middleware machinery at all? 🤔

Copy link
Contributor Author

@KtorZ KtorZ Sep 14, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This alone covers the requirements 1, 2 and 4 from CO-369

The middleware machinery covers the requirement 3.

akegalj
akegalj approved these changes Sep 14, 2018
View reviewed changes
Copy link
Contributor

@akegalj akegalj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

wallet-new/server/Main.hs Outdated
@@ -109,6 +111,7 @@ actionWithLegacyWallet coreConfig walletConfig txpConfig sscParams nodeParams nt
mconcat [ LegacyPlugins.conversation wArgs
, LegacyPlugins.legacyWalletBackend coreConfig txpConfig wArgs ntpStatus
[ throttleMiddleware (ccThrottle walletConfig)
, withDefaultHeader (Headers.applicationJson)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you really like these parens :D

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hahaha, yeah, that's called refactoring 😂 And now I don't have hlint to warn me about those since we disabled the extra-parens rule 😶

@KtorZ KtorZ force-pushed the Squad1/CBR-179/bouncing-and-throttling branch 2 times, most recently from dcce5c1 to 992ee9c Compare September 14, 2018 15:59
@KtorZ KtorZ force-pushed the KtorZ/CO-370/lenient-content-type-parser branch from 430a0ed to 74cc084 Compare September 15, 2018 03:22
@KtorZ KtorZ changed the base branch from Squad1/CBR-179/bouncing-and-throttling to develop September 15, 2018 03:23
@KtorZ KtorZ force-pushed the KtorZ/CO-370/lenient-content-type-parser branch 3 times, most recently from 4de9471 to bdf68fc Compare September 15, 2018 04:55
akegalj and others added 5 commits September 15, 2018 15:43
@akegalj @KtorZ
[CBR-179] Add requst throttling for new wallet layer
2bcf426 
Add request throttling feature for new wallet. It is
possible now to extend list of Middleware's with other
middlewares such as gzip Middleware or others defined
in wai-extra. Legacy middlewares are also cleaned up
and untangled in the same way and it is possible to
list all Middlewares top level in a similar way as
we list all Plugins and other workers.
@akegalj @KtorZ
[CBR-179] Move middlewares to dedicated module
05a16a3
@KtorZ
[CBR-179] Remove wai-cors dependency
52b7e06
@KtorZ
[CO-370] Make Content-Type parsing more lenient
ad61962 
We have had a lot of trouble where people will send no content-type or
simply 'application/json' and request would fail with 415 Unsupported
Media Type. Without knowing where to look, the error looks quite
unexpected and could give a lot of headache. This commit does two
changes:

- It slightly modifies the 'Accept' instance to use 'contentTypes'
  instead of 'contentType'. The latter is defined from the former by
  simply taking the head of the list returned by 'contentTypes', which in
  our case is 'application/json;charset=utf-8'

- It provides a default content-type 'application/json' when no
  content-type is provided
@KtorZ
[CO-370] Update CHANGELOG entry
49b06f0
@KtorZ KtorZ force-pushed the KtorZ/CO-370/lenient-content-type-parser branch from bdf68fc to 49b06f0 Compare September 15, 2018 13:52
@KtorZ KtorZ merged commit 8fdc1a0 into develop Sep 15, 2018
@KtorZ KtorZ deleted the KtorZ/CO-370/lenient-content-type-parser branch September 15, 2018 16:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@adinapoli-iohk adinapoli-iohk adinapoli-iohk approved these changes

@akegalj akegalj akegalj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KtorZ @akegalj @adinapoli-iohk