From e58f0c9f07cafe58b33e2f2b718709f528d1900c Mon Sep 17 00:00:00 2001 From: Shreyas Date: Mon, 23 Feb 2026 12:31:30 +0530 Subject: [PATCH] fix: preserve backward-compatible router names while fixing path collisions Use encodePath only for internal map key grouping (collision-free) and sanitize for Traefik-facing router/service names (unchanged for existing users). Extract pure functions into pathUtils.ts so tests can run without DB dependencies. --- server/lib/traefik/getTraefikConfig.ts | 39 ++++++++--- server/lib/traefik/pathEncoding.test.ts | 70 ++++++++++++++++++- server/lib/traefik/pathUtils.ts | 37 ++++++++++ server/lib/traefik/utils.ts | 34 +-------- .../private/lib/traefik/getTraefikConfig.ts | 39 ++++++++--- 5 files changed, 165 insertions(+), 54 deletions(-) create mode 100644 server/lib/traefik/pathUtils.ts diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts index f503b88a3..3becfb370 100644 --- a/server/lib/traefik/getTraefikConfig.ts +++ b/server/lib/traefik/getTraefikConfig.ts @@ -127,25 +127,42 @@ export async function getTraefikConfig( resourcesWithTargetsAndSites.forEach((row) => { const resourceId = row.resourceId; const resourceName = sanitize(row.resourceName) || ""; - const targetPath = encodePath(row.path); // Encode path preserving uniqueness for key generation const pathMatchType = row.pathMatchType || ""; const rewritePath = row.rewritePath || ""; const rewritePathType = row.rewritePathType || ""; const priority = row.priority ?? 100; - // Create a unique key combining resourceId, path config, and rewrite config - const pathKey = [ - targetPath, + // Use encodePath for the internal map key to avoid collisions + // (e.g. "/a/b" vs "/a-b" must map to different groups) + const encodedPath = encodePath(row.path); + const internalPathKey = [ + encodedPath, pathMatchType, rewritePath, rewritePathType ] .filter(Boolean) .join("-"); - const mapKey = [resourceId, pathKey].filter(Boolean).join("-"); - const key = sanitize(mapKey); + const internalMapKey = [resourceId, internalPathKey] + .filter(Boolean) + .join("-"); - if (!resourcesMap.has(key)) { + // Use sanitize for the Traefik-facing key to preserve backward-compatible + // router/service names (existing sticky session cookies, etc.) + const sanitizedPath = sanitize(row.path) || ""; + const traefikPathKey = [ + sanitizedPath, + pathMatchType, + rewritePath, + rewritePathType + ] + .filter(Boolean) + .join("-"); + const traefikKey = sanitize( + [resourceId, traefikPathKey].filter(Boolean).join("-") + ); + + if (!resourcesMap.has(internalMapKey)) { const validation = validatePathRewriteConfig( row.path, row.pathMatchType, @@ -160,9 +177,10 @@ export async function getTraefikConfig( return; } - resourcesMap.set(key, { + resourcesMap.set(internalMapKey, { resourceId: row.resourceId, name: resourceName, + traefikKey: traefikKey, // backward-compatible key for Traefik names fullDomain: row.fullDomain, ssl: row.ssl, http: row.http, @@ -190,7 +208,7 @@ export async function getTraefikConfig( }); } - resourcesMap.get(key).targets.push({ + resourcesMap.get(internalMapKey).targets.push({ resourceId: row.resourceId, targetId: row.targetId, ip: row.ip, @@ -227,8 +245,9 @@ export async function getTraefikConfig( }; // get the key and the resource - for (const [key, resource] of resourcesMap.entries()) { + for (const [, resource] of resourcesMap.entries()) { const targets = resource.targets as TargetWithSite[]; + const key = resource.traefikKey; // backward-compatible key for Traefik names const routerName = `${key}-${resource.name}-router`; const serviceName = `${key}-${resource.name}-service`; diff --git a/server/lib/traefik/pathEncoding.test.ts b/server/lib/traefik/pathEncoding.test.ts index 7e6d9266f..a3575b9f2 100644 --- a/server/lib/traefik/pathEncoding.test.ts +++ b/server/lib/traefik/pathEncoding.test.ts @@ -1,5 +1,5 @@ -import { assertEquals } from "@test/assert"; -import { encodePath, sanitize } from "./utils"; +import { assertEquals } from "../../../test/assert"; +import { encodePath, sanitize } from "./pathUtils"; function runTests() { console.log("Running path encoding tests...\n"); @@ -159,6 +159,72 @@ function runTests() { console.log(" PASS: encoded values are alphanumeric"); } + // Test 9: backward compatibility - Traefik names use sanitize, internal keys use encodePath + { + // Simulate the dual-key approach from getTraefikConfig + function makeKeys( + resourceId: number, + path: string | null, + pathMatchType: string | null + ) { + // Internal map key (collision-free grouping) + const encodedPath = encodePath(path); + const internalPathKey = [encodedPath, pathMatchType || ""] + .filter(Boolean) + .join("-"); + const internalMapKey = [resourceId, internalPathKey] + .filter(Boolean) + .join("-"); + + // Traefik-facing key (backward-compatible naming) + const sanitizedPath = sanitize(path) || ""; + const traefikPathKey = [sanitizedPath, pathMatchType || ""] + .filter(Boolean) + .join("-"); + const traefikKey = sanitize( + [resourceId, traefikPathKey].filter(Boolean).join("-") + ); + + return { internalMapKey, traefikKey }; + } + + // /a/b and /a-b should have DIFFERENT internal keys (no collision) + const keysAB = makeKeys(1, "/a/b", "prefix"); + const keysDash = makeKeys(1, "/a-b", "prefix"); + assertEquals( + keysAB.internalMapKey !== keysDash.internalMapKey, + true, + "/a/b and /a-b must have different internal map keys" + ); + + // /a/b and /a-b produce the SAME Traefik key (backward compat — sanitize maps both to "a-b") + assertEquals( + keysAB.traefikKey, + keysDash.traefikKey, + "/a/b and /a-b should produce same Traefik key (sanitize behavior)" + ); + + // For a resource with no path, Traefik key should match the old behavior + const keysNoPath = makeKeys(42, null, null); + assertEquals( + keysNoPath.traefikKey, + "42", + "no-path resource should have resourceId-only Traefik key" + ); + + // Traefik key for /api prefix should match old sanitize-based output + const keysApi = makeKeys(1, "/api", "prefix"); + assertEquals( + keysApi.traefikKey, + "1-api-prefix", + "Traefik key should match old sanitize-based format" + ); + + console.log( + " PASS: backward compatibility - internal keys differ, Traefik names preserved" + ); + } + console.log("\nAll path encoding tests passed!"); } diff --git a/server/lib/traefik/pathUtils.ts b/server/lib/traefik/pathUtils.ts new file mode 100644 index 000000000..1b9d57a89 --- /dev/null +++ b/server/lib/traefik/pathUtils.ts @@ -0,0 +1,37 @@ +/** + * Pure utility functions for path/name encoding. + * No external dependencies — safe to import in tests. + */ + +export function sanitize(input: string | null | undefined): string | undefined { + if (!input) return undefined; + // clean any non alphanumeric characters from the input and replace with dashes + // the input cant be too long either, so limit to 50 characters + if (input.length > 50) { + input = input.substring(0, 50); + } + return input + .replace(/[^a-zA-Z0-9-]/g, "-") + .replace(/-+/g, "-") + .replace(/^-|-$/g, ""); +} + +/** + * Encode a URL path into a collision-free alphanumeric string suitable for use + * in Traefik map keys. + * + * Unlike sanitize(), this preserves uniqueness by encoding each non-alphanumeric + * character as its hex code. Different paths always produce different outputs. + * + * encodePath("/api") => "2fapi" + * encodePath("/a/b") => "2fa2fb" + * encodePath("/a-b") => "2fa2db" (different from /a/b) + * encodePath("/") => "2f" + * encodePath(null) => "" + */ +export function encodePath(path: string | null | undefined): string { + if (!path) return ""; + return path.replace(/[^a-zA-Z0-9]/g, (ch) => { + return ch.charCodeAt(0).toString(16); + }); +} diff --git a/server/lib/traefik/utils.ts b/server/lib/traefik/utils.ts index da876fa07..f40e2eba2 100644 --- a/server/lib/traefik/utils.ts +++ b/server/lib/traefik/utils.ts @@ -1,37 +1,7 @@ import logger from "@server/logger"; -export function sanitize(input: string | null | undefined): string | undefined { - if (!input) return undefined; - // clean any non alphanumeric characters from the input and replace with dashes - // the input cant be too long either, so limit to 50 characters - if (input.length > 50) { - input = input.substring(0, 50); - } - return input - .replace(/[^a-zA-Z0-9-]/g, "-") - .replace(/-+/g, "-") - .replace(/^-|-$/g, ""); -} - -/** - * Encode a URL path into a collision-free alphanumeric string suitable for use - * in Traefik router/service names and map keys. - * - * Unlike sanitize(), this preserves uniqueness by encoding each non-alphanumeric - * character as its hex code. Different paths always produce different outputs. - * - * encodePath("/api") => "2fapi" - * encodePath("/a/b") => "2fa2fb" - * encodePath("/a-b") => "2fa2db" (different from /a/b) - * encodePath("/") => "2f" - * encodePath(null) => "" - */ -export function encodePath(path: string | null | undefined): string { - if (!path) return ""; - return path.replace(/[^a-zA-Z0-9]/g, (ch) => { - return ch.charCodeAt(0).toString(16); - }); -} +// Re-export pure functions from dependency-free module +export { sanitize, encodePath } from "./pathUtils"; export function validatePathRewriteConfig( path: string | null, diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts index 1652427b2..b6c460072 100644 --- a/server/private/lib/traefik/getTraefikConfig.ts +++ b/server/private/lib/traefik/getTraefikConfig.ts @@ -174,7 +174,6 @@ export async function getTraefikConfig( resourcesWithTargetsAndSites.forEach((row) => { const resourceId = row.resourceId; const resourceName = sanitize(row.resourceName) || ""; - const targetPath = encodePath(row.path); // Encode path preserving uniqueness for key generation const pathMatchType = row.pathMatchType || ""; const rewritePath = row.rewritePath || ""; const rewritePathType = row.rewritePathType || ""; @@ -184,19 +183,37 @@ export async function getTraefikConfig( return; } - // Create a unique key combining resourceId, path config, and rewrite config - const pathKey = [ - targetPath, + // Use encodePath for the internal map key to avoid collisions + // (e.g. "/a/b" vs "/a-b" must map to different groups) + const encodedPath = encodePath(row.path); + const internalPathKey = [ + encodedPath, pathMatchType, rewritePath, rewritePathType ] .filter(Boolean) .join("-"); - const mapKey = [resourceId, pathKey].filter(Boolean).join("-"); - const key = sanitize(mapKey); + const internalMapKey = [resourceId, internalPathKey] + .filter(Boolean) + .join("-"); - if (!resourcesMap.has(key)) { + // Use sanitize for the Traefik-facing key to preserve backward-compatible + // router/service names (existing sticky session cookies, etc.) + const sanitizedPath = sanitize(row.path) || ""; + const traefikPathKey = [ + sanitizedPath, + pathMatchType, + rewritePath, + rewritePathType + ] + .filter(Boolean) + .join("-"); + const traefikKey = sanitize( + [resourceId, traefikPathKey].filter(Boolean).join("-") + ); + + if (!resourcesMap.has(internalMapKey)) { const validation = validatePathRewriteConfig( row.path, row.pathMatchType, @@ -211,9 +228,10 @@ export async function getTraefikConfig( return; } - resourcesMap.set(key, { + resourcesMap.set(internalMapKey, { resourceId: row.resourceId, name: resourceName, + traefikKey: traefikKey, // backward-compatible key for Traefik names fullDomain: row.fullDomain, ssl: row.ssl, http: row.http, @@ -247,7 +265,7 @@ export async function getTraefikConfig( } // Add target with its associated site data - resourcesMap.get(key).targets.push({ + resourcesMap.get(internalMapKey).targets.push({ resourceId: row.resourceId, targetId: row.targetId, ip: row.ip, @@ -300,8 +318,9 @@ export async function getTraefikConfig( }; // get the key and the resource - for (const [key, resource] of resourcesMap.entries()) { + for (const [, resource] of resourcesMap.entries()) { const targets = resource.targets as TargetWithSite[]; + const key = resource.traefikKey; // backward-compatible key for Traefik names const routerName = `${key}-${resource.name}-router`; const serviceName = `${key}-${resource.name}-service`;