Lexically quote routes when generating CORS-support handlers (in case routes contain backslash) (goadesign#1069)

xeger · Raphaël Simon · commit 148222cf85d4 · 2017-02-22T12:45:24.000-08:00
diff --git a/design/apidsl/api.go b/design/apidsl/api.go
@@ -161,7 +161,7 @@ func BasePath(val string) {
 //                Credentials()                        // Sets Access-Control-Allow-Credentials header
 //        })
 //
-//        Origin("/[api|swagger].goa.design/", func() {}) // Define CORS policy with a regular expression
+//        Origin("/(api|swagger)[.]goa[.]design/", func() {}) // Define CORS policy with a regular expression
 func Origin(origin string, dsl func()) {
 	cors := &design.CORSDefinition{Origin: origin}
 
diff --git a/goagen/gen_app/writers.go b/goagen/gen_app/writers.go
@@ -699,7 +699,7 @@ func Mount{{ .Resource }}Controller(service *goa.Service, ctrl {{ .Resource }}Co
 	initService(service)
 	var h goa.Handler
 {{ $res := .Resource }}{{ if .Origins }}{{ range .PreflightPaths }}{{/*
-*/}}	service.Mux.Handle("OPTIONS", "{{ . }}", ctrl.MuxHandler("preflight", handle{{ $res }}Origin(cors.HandlePreflight()), nil))
+*/}}	service.Mux.Handle("OPTIONS", {{ printf "%q" . }}, ctrl.MuxHandler("preflight", handle{{ $res }}Origin(cors.HandlePreflight()), nil))
 {{ end }}{{ end }}{{ range .Actions }}{{ $action := . }}
 	h = func(ctx context.Context, rw http.ResponseWriter, req *http.Request) error {
 		// Check if there was an error loading the request
diff --git a/goagen/gen_app/writers_test.go b/goagen/gen_app/writers_test.go
@@ -946,14 +946,15 @@ var _ = Describe("ControllersWriter", func() {
 				BeforeEach(func() {
 					origins = []*design.CORSDefinition{
 						{
+							// NB: including backslash to ensure proper escaping
 							Origin:      "here.example.com",
 							Headers:     []string{"X-One", "X-Two"},
 							Methods:     []string{"GET", "POST"},
 							Exposed:     []string{"X-Three"},
 							Credentials: true,
 						},
 					}
-					preflightPaths = []string{"/public/*filepath"}
+					preflightPaths = []string{"/public/star\\*star/*filepath"}
 				})
 
 				It("writes the OPTIONS handler code", func() {
@@ -2134,7 +2135,7 @@ type PublicController interface {
 }
 `
 
-	fileServerOptionsHandler = `service.Mux.Handle("OPTIONS", "/public/*filepath", ctrl.MuxHandler("preflight", handlePublicOrigin(cors.HandlePreflight()), nil))`
+	fileServerOptionsHandler = `service.Mux.Handle("OPTIONS", "/public/star\\*star/*filepath", ctrl.MuxHandler("preflight", handlePublicOrigin(cors.HandlePreflight()), nil))`
 
 	simpleController = `// BottlesController is the controller interface for the Bottles actions.
 type BottlesController interface {

Original file line number	Diff line number	Diff line change
`@@ -946,14 +946,15 @@ var _ = Describe("ControllersWriter", func() {`
`946`	`946`	`BeforeEach(func() {`
`947`	`947`	`origins = []*design.CORSDefinition{`
`948`	`948`	`{`
	`949`	`+ // NB: including backslash to ensure proper escaping`
`949`	`950`	`Origin: "here.example.com",`
`950`	`951`	`Headers: []string{"X-One", "X-Two"},`
`951`	`952`	`Methods: []string{"GET", "POST"},`
`952`	`953`	`Exposed: []string{"X-Three"},`
`953`	`954`	`Credentials: true,`
`954`	`955`	`},`
`955`	`956`	`}`
`956`		`- preflightPaths = []string{"/public/*filepath"}`
	`957`	`+ preflightPaths = []string{"/public/star\\star/filepath"}`
`957`	`958`	`})`
`958`	`959`
`959`	`960`	`It("writes the OPTIONS handler code", func() {`
`@@ -2134,7 +2135,7 @@ type PublicController interface {`
`2134`	`2135`	`}`
`2135`	`2136`	`
`2136`	`2137`
`2137`		- fileServerOptionsHandler = `service.Mux.Handle("OPTIONS", "/public/*filepath", ctrl.MuxHandler("preflight", handlePublicOrigin(cors.HandlePreflight()), nil))`
	`2138`	+ fileServerOptionsHandler = `service.Mux.Handle("OPTIONS", "/public/star\\star/filepath", ctrl.MuxHandler("preflight", handlePublicOrigin(cors.HandlePreflight()), nil))`
`2138`	`2139`
`2139`	`2140`	simpleController = `// BottlesController is the controller interface for the Bottles actions.
`2140`	`2141`	`type BottlesController interface {`