refactor(playground): derive buildHonoProxy mount prefix from label#394
Open
LissaGreense wants to merge 1 commit into
Open
refactor(playground): derive buildHonoProxy mount prefix from label#394LissaGreense wants to merge 1 commit into
LissaGreense wants to merge 1 commit into
Conversation
buildHonoProxy took both `prefix` and `label`, where `prefix` was used
to strip the mount path off the incoming request and `label` was used
by executeProxyFetch to stamp `x-forwarded-prefix: /api/${label}`. By
construction the two always agreed (`prefix === "/api/" + label`) at
both call sites in static-app.ts, but the invariant was implicit and
unenforced. A mismatched mount (e.g. `buildHonoProxy("/foo", url,
"daemon")`) would silently send `x-forwarded-prefix: /api/daemon` to
the upstream while stripping `/foo` from the path — a latent footgun
surfacing downstream as wrong external URLs (OAuth callbacks, etc.).
Drop the `prefix` parameter; derive it inside the function as
`/api/${label}`. Single source of truth, invariant enforced by
construction. Also swap `replace(new RegExp(prefix), "")` for a
literal `startsWith + slice` so the prefix can't be reinterpreted as
a regex.
Updates both call sites in static-app.ts and the wrapper-specific
tests in proxy.hono.test.ts; adds a tunnel-label case that pins
the X-Forwarded-Prefix / stripped-path single-source-of-truth
property directly.
Closes #316
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
buildHonoProxy(prefix, upstream, label)took bothprefixandlabelwhere, by construction at both call sites,prefix === \"/api/\" + label:The invariant was implicit and unenforced. A mismatched mount (e.g.
buildHonoProxy(\"/foo\", url, \"daemon\")) would silently strip/foofrom the request path while still stampingx-forwarded-prefix: /api/daemonon the upstream — surfacing downstream as wrong external URLs (OAuth callbacks, etc.) with nothing failing loudly at the mount point.Drop the
prefixparameter; derive it inside the function as/api/\${label}. Single source of truth, invariant enforced by construction.Also swap
replace(new RegExp(prefix), \"\")for a literalstartsWith + sliceso the prefix can't be reinterpreted as a regex pattern (no exploit today with hardcoded labels, but the regex shape is a general footgun).Closes #316.
Scope
tools/agent-playground/src/lib/server/proxy.ts— signature change + regex → literal swaptools/agent-playground/src/lib/server/static-app.ts— both call sites updatedtools/agent-playground/src/lib/server/proxy.hono.test.ts— existing 2 tests updated for new signature; added a third tunnel-label case that pins the x-forwarded-prefix / stripped-path single-source-of-truth propertyRisks
/api/\${label}invariant already, so the derived prefix produces the identical strip + forward header.Test plan