Rename to 'allowed_outbound_hosts'

rylev · rylev · commit 0b1f3de511dc · 2023-10-24T17:13:13.000+02:00
Signed-off-by: Ryan Levick &lt;ryan.levick@fermyon.com&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/loader/src/local.rs b/crates/loader/src/local.rs
@@ -114,7 +114,7 @@ impl LocalLoader {
         let metadata = ValuesMapBuilder::new()
             .string("description", component.description)
             .string_array("allowed_http_hosts", component.allowed_http_hosts)
-            .string_array_option("allowed_redis_hosts", component.allowed_redis_hosts)
+            .string_array_option("allowed_outbound_hosts", component.allowed_outbound_hosts)
             .string_array("key_value_stores", component.key_value_stores)
             .string_array("databases", component.sqlite_databases)
             .string_array("ai_models", component.ai_models)
diff --git a/crates/manifest/src/compat.rs b/crates/manifest/src/compat.rs
@@ -69,7 +69,7 @@ pub fn v1_to_v2_app(manifest: v1::AppManifestV1) -> Result<v2::AppManifest, Erro
                 sqlite_databases,
                 ai_models,
                 build: component.build,
-                allowed_redis_hosts: component.allowed_redis_hosts,
+                allowed_outbound_hosts: component.allowed_outbound_hosts,
             },
         );
         triggers
diff --git a/crates/manifest/src/schema/v1.rs b/crates/manifest/src/schema/v1.rs
@@ -78,9 +78,9 @@ pub struct ComponentV1 {
     /// `allowed_http_hosts = ["example.com"]`
     #[serde(default)]
     pub allowed_http_hosts: Vec<String>,
-    /// `allowed_redis_hosts` = ["redis://redis.com:6379"]`
+    /// `allowed_outbound_hosts` = ["redis://redis.com:6379"]`
     #[serde(default)]
-    pub allowed_redis_hosts: Option<Vec<String>>,
+    pub allowed_outbound_hosts: Option<Vec<String>>,
     /// `key_value_stores = ["default"]`
     #[serde(default)]
     pub key_value_stores: Vec<String>,
diff --git a/crates/manifest/src/schema/v2.rs b/crates/manifest/src/schema/v2.rs
@@ -102,9 +102,9 @@ pub struct Component {
     /// `allowed_http_hosts = ["example.com"]`
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
     pub allowed_http_hosts: Vec<String>,
-    /// `allowed_redis_hosts = ["myredishost.com"]`
+    /// `allowed_outbound_hosts = ["myredishost.com"]`
     #[serde(default, skip_serializing_if = "is_none_or_empty")]
-    pub allowed_redis_hosts: Option<Vec<String>>,
+    pub allowed_outbound_hosts: Option<Vec<String>>,
     /// `key_value_stores = ["default"]`
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
     pub key_value_stores: Vec<SnakeId>,
diff --git a/crates/outbound-redis/Cargo.toml b/crates/outbound-redis/Cargo.toml
@@ -18,3 +18,4 @@ table = { path = "../table" }
 tokio = { version = "1", features = ["sync"] }
 tracing = { workspace = true }
 terminal = { path = "../terminal" }
+url = "2.4.1"
diff --git a/crates/outbound-redis/src/lib.rs b/crates/outbound-redis/src/lib.rs
@@ -10,7 +10,7 @@ use spin_world::v1::redis::{self as v1, RedisParameter, RedisResult};
 use spin_world::v2::redis::{self as v2, Connection as RedisConnection, Error};
 
 pub const ALLOWED_REDIS_HOSTS_KEY: MetadataKey<Option<HashSet<String>>> =
-    MetadataKey::new("allowed_redis_hosts");
+    MetadataKey::new("allowed_outbound_hosts");
 
 pub use host_component::OutboundRedisComponent;
 
@@ -50,21 +50,21 @@ impl Default for OutboundRedis {
 
 impl OutboundRedis {
     fn is_address_allowed(&self, address: &str, default: bool) -> bool {
-        fn do_check(allowed_hosts: Option<&HashSet<String>>, address: &str, default: bool) -> bool {
-            let Some(allowed_hosts) = allowed_hosts else {
-                return default;
-            };
-            allowed_hosts.contains(address)
-        }
+        let url = url::Url::parse(address).ok();
+        let host = url.as_ref().and_then(|u| u.host_str()).unwrap_or(address);
+        let is_allowed = if let Some(allowed_hosts) = self.allowed_hosts.as_ref() {
+            allowed_hosts.contains(host)
+        } else {
+            default
+        };
 
-        let response = do_check(self.allowed_hosts.as_ref(), address, default);
-        if !response {
+        if !is_allowed {
             terminal::warn!(
                 "A component tried to make a HTTP request to non-allowed address {address:?}."
             );
-            eprintln!("To allow requests, add 'allowed_redis_hosts = [{address:?}]' to the manifest component section.");
+            eprintln!("To allow requests, add 'allowed_outbound_hosts = [{host:?}]' to the manifest component section.");
         }
-        response
+        is_allowed
     }
 
     async fn establish_connection(
diff --git a/examples/rust-outbound-redis/spin.toml b/examples/rust-outbound-redis/spin.toml
@@ -8,7 +8,7 @@ version = "0.1.0"
 environment = { REDIS_ADDRESS = "redis://127.0.0.1:6379", REDIS_CHANNEL = "messages" }
 id = "outbound-redis"
 source = "target/wasm32-wasi/release/rust_outbound_redis.wasm"
-allowed_redis_hosts = ["redis://127.0.0.1:6379"]
+allowed_outbound_hosts = ["127.0.0.1:6379"]
 [component.trigger]
 route = "/publish"
 [component.build]
