fix: restore yaml parser

Signed-off-by: Thomas Bétrancourt <thomas@betrancourt.net>

Author: rclsilver

api/api_test.go

@@ -290,6 +290,61 @@ func TestPasswordInput(t *testing.T) {
 	tester.Run()
 }
 
+func TestResolutionEdit(t *testing.T) {
+	tester := iffy.NewTester(t, hdl)
+
+	dbp, err := zesty.NewDBProvider(utask.DBName)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tmpl := dummyTemplate()
+
+	_, err = tasktemplate.LoadFromName(dbp, tmpl.Name)
+	if err != nil {
+		if !errors.IsNotFound(err) {
+			t.Fatal(err)
+		}
+		if err := dbp.DB().Insert(&tmpl); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	tester.AddCall("getTemplate", http.MethodGet, "/template/"+tmpl.Name, "").
+		Headers(regularHeaders).
+		Checkers(
+			iffy.ExpectStatus(200),
+		)
+
+	tester.AddCall("newTask", http.MethodPost, "/task", `{"template_name":"{{.getTemplate.name}}","input":{"id":"foo"}}`).
+		Headers(regularHeaders).
+		Checkers(iffy.ExpectStatus(201))
+
+	tester.AddCall("jsonUpdate", http.MethodPut, "/task/{{.newTask.id}}", `{"input":{"id":"bar-json"}}`).
+		Headers(regularHeaders).
+		Checkers(iffy.ExpectStatus(200))
+
+	tester.AddCall("getAfterJson", http.MethodGet, "/task/{{.newTask.id}}", "").
+		Headers(adminHeaders).
+		Checkers(
+			iffy.ExpectStatus(200),
+			iffy.ExpectJSONBranch("input", "id", "bar-json"),
+		)
+
+	tester.AddCall("yamlUpdate", http.MethodPut, "/task/{{.newTask.id}}", "input:\n  id: bar-yaml").
+		Headers(regularHeaders).
+		Checkers(iffy.ExpectStatus(200))
+
+	tester.AddCall("getAfterYaml", http.MethodGet, "/task/{{.newTask.id}}", "").
+		Headers(adminHeaders).
+		Checkers(
+			iffy.ExpectStatus(200),
+			iffy.ExpectJSONBranch("input", "id", "bar-yaml"),
+		)
+
+	tester.Run()
+}
+
 func TestStartOver(t *testing.T) {
 	tester := iffy.NewTester(t, hdl)
 

api/bind.go

@@ -1,40 +1,94 @@
 package api
 
 import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
 	"reflect"
 
+	"github.com/ghodss/yaml"
 	"github.com/gin-gonic/gin"
-	"github.com/loopfz/gadgeto/tonic"
 )
 
-// bodyBindHook is a wrapper around the default binding hook of tonic.
+const (
+	// default max body bytes: 256KB
+	// this can be overridden via configuration
+	defaultMaxBodyBytes = 256 * 1024
+
+	// absolute upper limit for configuration max body bytes: 10MB
+	upperLimitMaxBodyBytes = 10 * 1024 * 1024
+
+	// absolute lower limit for configuration max body bytes: 1KB
+	lowerLimitMaxBodyBytes = 1024
+)
+
+var yamlBind = yamlBinding{}
+
+type yamlBinding struct{}
+
+func (yamlBinding) Name() string { return "yamlBinding" }
+func (yamlBinding) Bind(req *http.Request, obj interface{}) error {
+	bodyBytes, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		return err
+	}
+	defer req.Body.Close()
+	return yaml.Unmarshal(bodyBytes, obj, jsonNumberOpt)
+}
+
+// defaultBindingHook is a wrapper around the yaml binding.
 // It adds the possibility to bind a specific field in an object rather than
 // unconditionally binding the whole object.
-func bodyBindHook(c *gin.Context, v interface{}) error {
-	val := reflect.ValueOf(v)
-	typ := reflect.TypeOf(v).Elem()
-
-	for i := 0; i < typ.NumField(); i++ {
-		ft := typ.Field(i)
-		if _, ok := ft.Tag.Lookup("body"); !ok {
-			continue
-		}
-		flt := ft.Type
-		var fv reflect.Value
-		if flt.Kind() == reflect.Map {
-			fv = reflect.New(flt)
-		} else {
-			fv = reflect.New(flt.Elem())
+func defaultBindingHook(maxBodyBytes int64) func(*gin.Context, interface{}) error {
+	if maxBodyBytes == 0 {
+		maxBodyBytes = defaultMaxBodyBytes
+	} else if maxBodyBytes > upperLimitMaxBodyBytes {
+		maxBodyBytes = upperLimitMaxBodyBytes
+	} else if maxBodyBytes < lowerLimitMaxBodyBytes {
+		maxBodyBytes = lowerLimitMaxBodyBytes
+	}
+
+	return func(c *gin.Context, v interface{}) error {
+		c.Request.Body = http.MaxBytesReader(c.Writer, c.Request.Body, maxBodyBytes)
+		if c.Request.ContentLength == 0 || c.Request.Method == http.MethodGet {
+			return nil
 		}
-		if err := tonic.DefaultBindingHook(c, fv.Interface()); err != nil {
-			return err
+
+		val := reflect.ValueOf(v)
+		typ := reflect.TypeOf(v).Elem()
+
+		for i := 0; i < typ.NumField(); i++ {
+			ft := typ.Field(i)
+			if _, ok := ft.Tag.Lookup("body"); !ok {
+				continue
+			}
+			flt := ft.Type
+			var fv reflect.Value
+			if flt.Kind() == reflect.Map {
+				fv = reflect.New(flt)
+			} else {
+				fv = reflect.New(flt.Elem())
+			}
+			if err := c.ShouldBindWith(fv.Interface(), yamlBind); err != nil && err != io.EOF {
+				return fmt.Errorf("error parsing request body: %s", err.Error())
+			}
+			if flt.Kind() == reflect.Map {
+				val.Elem().Field(i).Set(fv.Elem())
+			} else {
+				val.Elem().Field(i).Set(fv)
+			}
 		}
-		if flt.Kind() == reflect.Map {
-			val.Elem().Field(i).Set(fv.Elem())
-		} else {
-			val.Elem().Field(i).Set(fv)
+
+		if err := c.ShouldBindWith(v, yamlBind); err != nil && err != io.EOF {
+			return fmt.Errorf("error parsing request body: %s", err.Error())
 		}
+		return nil
 	}
+}
 
-	return tonic.DefaultBindingHook(c, v)
+func jsonNumberOpt(dec *json.Decoder) *json.Decoder {
+	dec.UseNumber()
+	return dec
 }

api/server.go

@@ -228,8 +228,7 @@ func (s *Server) build(ctx context.Context) {
 		router.Use(ajaxHeadersMiddleware, auditLogsMiddleware)
 
 		tonic.SetErrorHook(jujerr.ErrHook)
-		tonic.SetBindHook(yamlBindHook(s.maxBodyBytes))
-		tonic.SetBindHook(bodyBindHook)
+		tonic.SetBindHook(defaultBindingHook(s.maxBodyBytes))
 		tonic.SetRenderHook(yamljsonRenderHook, "application/json")
 
 		authRoutes := router.Group("/", "x-misc", "Misc authenticated routes", s.authMiddleware)

api/yamlbinding.go

@@ -80,6 +80,7 @@ func exec(stepName string, config interface{}, ctx interface{}) (interface{}, in
 		return map[string]interface{}{
 			"id":     cb.PublicID,
 			"url":    buildUrl(cb),
+			"token":  cb.Secret,
 			"schema": cb.Schema,
 		}, nil, nil