Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Base URL has no validation #12

Closed
kohenkatz opened this issue Mar 2, 2023 · 0 comments · Fixed by #17
Closed

Base URL has no validation #12

kohenkatz opened this issue Mar 2, 2023 · 0 comments · Fixed by #17

Comments

@kohenkatz
Copy link
Contributor

kohenkatz commented Mar 2, 2023
edited

I noticed that my Android app was using URLs with a double slash after the hostname, like this:

https://server.example.com//com.example.v1.ExampleService/ExampleEndpoint

I realized that this is happening because I store my server base URL as an okhttp3.HttpUrl object, and then create the ProtocolClientConfig like this:

fun createConnectClient(): ProtocolClientInterface {
    return ProtocolClient(
        httpClient = ConnectOkHttpClient(),
        ProtocolClientConfig(
            host = server.toString(),
            serializationStrategy = GoogleJavaLiteProtobufStrategy(),
            networkProtocol = NetworkProtocol.CONNECT,
            interceptors = listOf(
                { AuthenticationInterceptor(User.bearerToken) },
                { LoggingInterceptor() },
            )
        ),
    )
}

For now, I work around this issue by manually building the host URL string, like this:

fun createConnectClient(): ProtocolClientInterface {
    return ProtocolClient(
        httpClient = ConnectOkHttpClient(),
        ProtocolClientConfig(
            // We cannot use `server.toString()` because it adds a trailing slash
            host = "${server.scheme}://${server.host}:${server.port}",
            serializationStrategy = GoogleJavaLiteProtobufStrategy(),
            networkProtocol = NetworkProtocol.CONNECT,
            interceptors = listOf(
                { AuthenticationInterceptor(User.bearerToken) },
                { LoggingInterceptor() },
            )
        ),
    )
}

However, I do not think this is a good long-term solution, for three reasons:

  1. It is confusing for future developers who read the code and need to understand why we did this (requiring extra comments to explain).
  2. In general, it would be nice to have some kind of validation that a proper URL has been provided.
  3. The way that ProtocolClient builds a URL by concatenating strings (url = URL("${config.host}/${methodSpec.path}")) seems fragile.

I suggest that the host be stored as a URL object instead of as a String. Doing that fixes all three of my issues listed above, as follows:

  1. Constructing the URL object from a String doesn't care if there's a trailing slash or not (or, in my case, using the toUrl() method on the HttpUrl object).
  2. If an invalid URL is provided, the exception will be thrown immediately on construction instead of waiting until execution to fail.
  3. You can build new URLs without string concatenation using the two-argument URL constructor that takes a base URL as "context": url = URL(config.host, methodSpec.path)

Regarding the last point about building the URL with a context, note that all five of the following invocations produce identical output:

URL("https://example.com/test")
URL(URL("https://example.com/"), "/test"))
URL(URL("https://example.com/"), "test"))
URL(URL("https://example.com"), "/test"))
URL(URL("https://example.com"), "test"))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure URL resiliency connectrpc/connect-kotlin
1 participant
@kohenkatz