config: inbox name checking matches git.git more closely

Actually, it turns out git.git/remote.c::valid_remote_nick
rules alone are insufficient.  More checking is performed as
part of the refname in the git.git/refs.c::check_refname_component

I also considered rejecting URL-unfriendly inbox names entirely,
but realized some users may intentionally configure names not
handled by our WWW endpoint for archives they don't want
accessible over HTTP.

diff --git a/lib/PublicInbox/Config.pm b/lib/PublicInbox/Config.pm
index a2b721d2a33c212f9f76dd3c0ac728f559fb7e7a..bea26176608e3cb30a1c958fdc52173d5887ddf2 100644 (file)
--- a/lib/PublicInbox/Config.pm
+++ b/lib/PublicInbox/Config.pm
@@ -152,6 +152,23 @@ sub git_config_dump {
        \%rv;
 }
 
+sub valid_inbox_name ($) {
+       my ($name) = @_;
+
+       # Similar rules found in git.git/remote.c::valid_remote_nick
+       # and git.git/refs.c::check_refname_component
+       # We don't reject /\.lock\z/, however, since we don't lock refs
+       if ($name eq '' || $name =~ /\@\{/ ||
+           $name =~ /\.\./ || $name =~ m![/:\?\[\]\^~\s\f[:cntrl:]\*]! ||
+           $name =~ /\A\./ || $name =~ /\.\z/) {
+               return 0;
+       }
+
+       # Note: we allow URL-unfriendly characters; users may configure
+       # non-HTTP-accessible inboxes
+       1;
+}
+
 sub _fill {
        my ($self, $pfx) = @_;
        my $rv = {};
@@ -185,8 +202,7 @@ sub _fill {
        my $name = $pfx;
        $name =~ s/\Apublicinbox\.//;
 
-       # same rules as git.git/remote.c::valid_remote_nick
-       if ($name eq '' || $name =~ m!/! || $name eq '.' || $name eq '..') {
+       if (!valid_inbox_name($name)) {
                warn "invalid inbox name: '$name'\n";
                return;
        }

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index c1c392657b96dbe023e9a70a1547c3092cf8bacb..3562e46c92a367a3ac318f8e0a79b7ac901f5448 100644 (file)
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -19,7 +19,9 @@ use URI::Escape qw(uri_unescape);
 use PublicInbox::MID qw(mid_escape);
 require PublicInbox::Git;
 use PublicInbox::GitHTTPBackend;
-our $INBOX_RE = qr!\A/([\w\.\-]+)!;
+
+# TODO: consider a routing tree now that we have more endpoints:
+our $INBOX_RE = qr!\A/([\w\-][\w\.\-]*)!;
 our $MID_RE = qr!([^/]+)!;
 our $END_RE = qr!(T/|t/|t\.mbox(?:\.gz)?|t\.atom|raw|)!;
 our $ATTACH_RE = qr!(\d[\.\d]*)-([[:alnum:]][\w\.-]+[[:alnum:]])!i;

diff --git a/t/config.t b/t/config.t
index 6a6b98c80b008842167030cf770624d95dbe4b5d..5f0a95ba746bf80b8a0c6ac4c57d006f422e1180 100644 (file)
--- a/t/config.t
+++ b/t/config.t
@@ -114,4 +114,40 @@ my $tmpdir = tempdir('pi-config-XXXXXX', TMPDIR => 1, CLEANUP => 1);
                }, 'known addresses populated');
 }
 
+my @invalid = (
+       # git rejects this because it locks refnames, but we don't have
+       # this problem with inbox names:
+       # 'inbox.lock',
+
+       # git rejects these:
+       '', '..', '.', 'stash@{9}', 'inbox.', '^caret', '~tilde',
+       '*asterisk', 's p a c e s', ' leading-space', 'trailing-space ',
+       'question?', 'colon:', '[square-brace]', "\fformfeed",
+       "\0zero", "\bbackspace",
+
+);
+
+require Data::Dumper;
+for my $s (@invalid) {
+       my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+       ok(!PublicInbox::Config::valid_inbox_name($s), "$d name rejected");
+}
+
+# obviously-valid examples
+my @valid = qw(a a@example a@example.com);
+
+# Rejecting more was considered, but then it dawned on me that
+# people may intentionally use inbox names which are not URL-friendly
+# to prevent the PSGI interface from displaying them...
+# URL-unfriendly
+# '<', '>', '%', '#', '?', '&', '(', ')',
+
+# maybe these aren't so bad, they're common in Message-IDs, even:
+# '!', '$', '=', '+'
+push @valid, qw[bang! ca$h less< more> 1% (parens) &more eql= +plus], '#hash';
+for my $s (@valid) {
+       my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+       ok(PublicInbox::Config::valid_inbox_name($s), "$d name accepted");
+}
+
 done_testing();