From 3da9f201cad3b09b4e7d70dcaf023c70b4bcc026 Mon Sep 17 00:00:00 2001
From: Dan Duvall <dduvall@wikimedia.org>
Date: Fri, 19 Oct 2018 13:36:32 -0700
Subject: Support "application/json" in Blubberoid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

JSON seems a better option for a web service in general—other toolchains
in the Docker/Kubernetes space typically prefer YAML for human-edited
configs but convert to JSON on the wire. The "application/json" media
type is well established—unlike "application/yaml" which has no official
assignment by IANA—and is better supported by the OpenAPI (formerly
Swagger) specification.

Added content-type media type validation in the Blubberoid HTTP server
handler, and added a check for `json.Valid(body)` upon receiving a
"application/json" media type. Since any given valid JSON is also valid
YAML, Blubberoid simply does a shallow validation of the JSON body
before punting to `config.ReadConfig` for YAML unmarshalling and
thorough config validation.

Bug: T205920
Change-Id: I970acbde497ed446eb8eed568b1328f8c6f5aa55
---
 cmd/blubberoid/main.go      | 19 ++++++++++++++
 cmd/blubberoid/main_test.go | 61 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/cmd/blubberoid/main.go b/cmd/blubberoid/main.go
index 73b10a6..d436390 100644
--- a/cmd/blubberoid/main.go
+++ b/cmd/blubberoid/main.go
@@ -3,9 +3,11 @@
 package main
 
 import (
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
+	"mime"
 	"net/http"
 	"os"
 	"path"
@@ -71,6 +73,23 @@ func blubberoid(res http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	switch mt, _, _ := mime.ParseMediaType(req.Header.Get("content-type")); mt {
+	case "application/json":
+		// Enforce strict JSON syntax if specified, even though the config parser
+		// would technically handle anything that's at least valid YAML
+		if !json.Valid(body) {
+			res.WriteHeader(http.StatusBadRequest)
+			res.Write(responseBody("'%s' media type given but request contains invalid JSON", mt))
+			return
+		}
+	case "application/yaml", "application/x-yaml":
+		// Let the config parser validate YAML syntax
+	default:
+		res.WriteHeader(http.StatusUnsupportedMediaType)
+		res.Write(responseBody("'%s' media type is not supported", mt))
+		return
+	}
+
 	cfg, err := config.ReadYAMLConfig(body)
 
 	if err != nil {
diff --git a/cmd/blubberoid/main_test.go b/cmd/blubberoid/main_test.go
index 0d7c0d3..7898e75 100644
--- a/cmd/blubberoid/main_test.go
+++ b/cmd/blubberoid/main_test.go
@@ -10,13 +10,14 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestBlubberoid(t *testing.T) {
+func TestBlubberoidYAMLRequest(t *testing.T) {
 	rec := httptest.NewRecorder()
 	req := httptest.NewRequest("POST", "/test", strings.NewReader(`---
     version: v3
     base: foo
     variants:
       test: {}`))
+	req.Header.Set("Content-Type", "application/yaml")
 
 	blubberoid(rec, req)
 
@@ -28,3 +29,61 @@ func TestBlubberoid(t *testing.T) {
 	assert.Contains(t, string(body), "FROM foo")
 	assert.Contains(t, string(body), `LABEL blubber.variant="test"`)
 }
+
+func TestBlubberoidJSONRequest(t *testing.T) {
+	t.Run("valid JSON syntax", func(t *testing.T) {
+		rec := httptest.NewRecorder()
+		req := httptest.NewRequest("POST", "/test", strings.NewReader(`{
+			"version": "v3",
+			"base": "foo",
+			"variants": {
+				"test": {}
+			}
+		}`))
+		req.Header.Set("Content-Type", "application/json")
+
+		blubberoid(rec, req)
+
+		resp := rec.Result()
+		body, _ := ioutil.ReadAll(resp.Body)
+
+		assert.Equal(t, http.StatusOK, resp.StatusCode)
+		assert.Equal(t, "text/plain", resp.Header.Get("Content-Type"))
+		assert.Contains(t, string(body), "FROM foo")
+		assert.Contains(t, string(body), `LABEL blubber.variant="test"`)
+	})
+
+	t.Run("invalid JSON syntax", func(t *testing.T) {
+		rec := httptest.NewRecorder()
+		req := httptest.NewRequest("POST", "/test", strings.NewReader(`{
+			version: "v3",
+			base: "foo",
+			variants: {
+				test: {},
+			},
+		}`))
+		req.Header.Set("Content-Type", "application/json")
+
+		blubberoid(rec, req)
+
+		resp := rec.Result()
+		body, _ := ioutil.ReadAll(resp.Body)
+
+		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+		assert.Equal(t, string(body), "'application/json' media type given but request contains invalid JSON\n")
+	})
+}
+
+func TestBlubberoidUnsupportedMediaType(t *testing.T) {
+	rec := httptest.NewRecorder()
+	req := httptest.NewRequest("POST", "/test", strings.NewReader(``))
+	req.Header.Set("Content-Type", "application/foo")
+
+	blubberoid(rec, req)
+
+	resp := rec.Result()
+	body, _ := ioutil.ReadAll(resp.Body)
+
+	assert.Equal(t, http.StatusUnsupportedMediaType, resp.StatusCode)
+	assert.Equal(t, string(body), "'application/foo' media type is not supported\n")
+}
-- 
cgit v1.2.1