Improve URI path matching

cupakromer · cupakromer · commit 4e45d80a12da · 2016-11-21T12:23:48.000-05:00
It turns out that root endpoints were struggling with the prior patch
matching algorithm. We didn't notice this previously because we always
had at least one level of nesting inside the initial path declaration:

```ruby
json_api :api do
  namespace :v1 do
    get '/' =&gt; 'root_endpoint#index'
    # ...
  end
end
```

Since there is no `/api` route everything works just great. Things in
`v1` properly match `/api/*` including `/api/v1`. However, we now have
some endpoints which need to break away from the existing public API
wrapper. To support this they need to shift the routes to:

```ruby
namespace :api do
  json_api :v1 do
    get '/' =&gt; 'root_endpoint#index'
    # ...
  end

  # .. more stuff
end
```

This causes the wild card matcher to be `/api/v1/*` which excludes a
match on `/api/v1`. We don't want the wild card to be `/api/v1*` as that
would improperly match something like `/api/v1-old`. Thus we need to
check both the actual base path and the nested wild card. However, it
turns out that using `Pathname` was the wrong choice.

While these _are_ "relative paths" the choice of `Pathname` was the
incorrect abstraction wrapper to use. The `Pathname` class is really
meant for _file system_ paths. While it has nice support for things like
`join` it is a poor choice for URI relative paths. This was discovered
when trying to find a good way to adjust the wild card. Too much was
attempting to touch the underlying server file system making this
extremely prone to info leak and general misconceptions on how things
behave.

Looking at the available URI wrappers they also have problems when
working only with partial / relative paths. Instead it turns out that
the simple old school string comparison is not only _fast_ but it is
also the simplest solution. To ensure we don't end up with something
like `/api/v1//` for the nested path we use the `normalize_path` helper.
This ensures consistent formatting and will strip off any trailing
separators.
diff --git a/lib/kracken/json_api/path.rb b/lib/kracken/json_api/path.rb
@@ -1,14 +1,22 @@
 module Kracken
   module JsonApi
     class Path
-      attr_reader :path_match
+      attr_reader :basename
+      attr_reader :pathname
 
       def initialize(path)
-        @path_match = Pathname(path).join('*').to_path
+        @basename = ActionDispatch::Journey::Router::Utils.normalize_path(path)
+        @pathname = @basename + "/"
       end
 
       def matches?(request)
-        request.supports_json_format? && request.path.fnmatch?(path_match)
+        request.supports_json_format? && path_matches?(request.path)
+      end
+
+    private
+
+      def path_matches?(path)
+        path == basename || path.start_with?(pathname)
       end
     end
   end
diff --git a/lib/kracken/json_api/request.rb b/lib/kracken/json_api/request.rb
@@ -21,7 +21,6 @@ def path
         env['json_api.original_path'] ||= (
           env["action_dispatch.original_path"] || env["PATH_INFO"]
         )
-        Pathname(env['json_api.original_path'])
       end
 
       # File actionpack/lib/action_dispatch/http/mime_negotiation.rb

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@ def path`
`21`	`21`	`env['json_api.original_path'] \|\|= (`
`22`	`22`	`env["action_dispatch.original_path"] \|\| env["PATH_INFO"]`
`23`	`23`	`)`
`24`		`- Pathname(env['json_api.original_path'])`
`25`	`24`	`end`
`26`	`25`
`27`	`26`	`# File actionpack/lib/action_dispatch/http/mime_negotiation.rb`