feat: allow custom backend uris

Closes #14

Author: t-heuser

Classes/Http/CspHeaderMiddleware.php

@@ -4,19 +4,20 @@
 
 namespace Flowpack\ContentSecurityPolicy\Http;
 
-use Exception;
 use Flowpack\ContentSecurityPolicy\Exceptions\DirectivesNormalizerException;
 use Flowpack\ContentSecurityPolicy\Exceptions\InvalidDirectiveException;
 use Flowpack\ContentSecurityPolicy\Factory\PolicyFactory;
 use Flowpack\ContentSecurityPolicy\Helpers\TagHelper;
 use Flowpack\ContentSecurityPolicy\Model\Nonce;
 use Flowpack\ContentSecurityPolicy\Model\Policy;
 use GuzzleHttp\Psr7\Utils;
+use InvalidArgumentException;
 use Neos\Flow\Annotations as Flow;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Psr\Log\LoggerInterface;
 
 class CspHeaderMiddleware implements MiddlewareInterface
 {
@@ -49,6 +50,17 @@ class CspHeaderMiddleware implements MiddlewareInterface
      */
     protected array $policies;
 
+    // TODO: rename to throw-on-configuration-error in next major version
+    /**
+     * @Flow\InjectConfiguration(path="throw-invalid-directive-exception")
+     */
+    protected bool $throwInvalidDirectiveException;
+
+    /**
+     * @Flow\Inject
+     */
+    protected LoggerInterface $logger;
+
     /**
      * @inheritDoc
      * @throws InvalidDirectiveException
@@ -87,7 +99,16 @@ private function getPolicyByCurrentContext(ServerRequestInterface $request): Pol
         );
 
         foreach ($backendUris as $pattern) {
-            if (preg_match('#' . $pattern . '#', $path)) {
+            $result = preg_match('#' . str_replace('#', '\#', $pattern) . '#', $path);
+            if ($result === false) {
+                $message = sprintf('Invalid matchUri pattern "%s": %s', $pattern, preg_last_error_msg());
+                if ($this->throwInvalidDirectiveException) {
+                    throw new InvalidArgumentException($message);
+                }
+                $this->logger->critical($message);
+                continue;
+            }
+            if ($result === 1) {
                 return $this->policyFactory->create(
                     $this->nonce,
                     $this->configuration['backend'],

Tests/Unit/Http/CspHeaderMiddlewareTest.php

@@ -17,6 +17,7 @@
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Message\UriInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Psr\Log\LoggerInterface;
 use ReflectionClass;
 use Throwable;
 
@@ -34,6 +35,7 @@ class CspHeaderMiddlewareTest extends TestCase
     private readonly UriInterface&MockObject $uriMock;
     private readonly PolicyFactory&MockObject $policyFactoryMock;
     private readonly Policy&MockObject $policyMock;
+    private readonly LoggerInterface&MockObject $loggerMock;
 
     /**
      * @throws Throwable
@@ -51,6 +53,7 @@ protected function setUp(): void
         $this->uriMock = $this->createMock(UriInterface::class);
         $this->policyFactoryMock = $this->createMock(PolicyFactory::class);
         $this->policyMock = $this->createMock(Policy::class);
+        $this->loggerMock = $this->createMock(LoggerInterface::class);
 
         $this->middlewareReflection = new ReflectionClass($this->middleware);
 
@@ -75,6 +78,12 @@ protected function setUp(): void
             ['backend' => ['matchUris' => ['^/neos']], 'custom-backend' => ['matchUris' => []]]
         );
 
+        $reflectionProperty = $this->middlewareReflection->getProperty('throwInvalidDirectiveException');
+        $reflectionProperty->setValue($this->middleware, true);
+
+        $reflectionProperty = $this->middlewareReflection->getProperty('logger');
+        $reflectionProperty->setValue($this->middleware, $this->loggerMock);
+
         $this->requestHandlerMock->expects($this->once())->method('handle')->willReturn($this->responseMock);
     }
 
@@ -166,4 +175,42 @@ public function testProcessShouldNotMatchNeosWhenBackendMatchUrisOverridden(): v
 
         $this->middleware->process($this->requestMock, $this->requestHandlerMock);
     }
+
+    public function testProcessThrowsOnInvalidMatchUriPattern(): void
+    {
+        $reflectionProperty = $this->middlewareReflection->getProperty('policies');
+        $reflectionProperty->setValue(
+            $this->middleware,
+            ['backend' => ['matchUris' => ['^/neos(']], 'custom-backend' => ['matchUris' => []]]
+        );
+
+        $this->requestMock->expects($this->once())->method('getUri')->willReturn($this->uriMock);
+        $this->uriMock->expects($this->once())->method('getPath')->willReturn('/neos');
+
+        $this->expectException(\InvalidArgumentException::class);
+
+        $this->middleware->process($this->requestMock, $this->requestHandlerMock);
+    }
+
+    public function testProcessLogsInvalidMatchUriPatternInProduction(): void
+    {
+        $reflectionProperty = $this->middlewareReflection->getProperty('throwInvalidDirectiveException');
+        $reflectionProperty->setValue($this->middleware, false);
+
+        $reflectionProperty = $this->middlewareReflection->getProperty('policies');
+        $reflectionProperty->setValue(
+            $this->middleware,
+            ['backend' => ['matchUris' => ['^/neos(']], 'custom-backend' => ['matchUris' => []]]
+        );
+
+        $this->requestMock->expects($this->once())->method('getUri')->willReturn($this->uriMock);
+        $this->uriMock->expects($this->once())->method('getPath')->willReturn('/neos');
+
+        $this->loggerMock->expects($this->once())->method('critical');
+        $this->policyFactoryMock->expects($this->once())->method('create')->willReturn($this->policyMock);
+        $this->policyMock->expects($this->once())->method('hasNonceDirectiveValue')->willReturn(false);
+        $this->responseMock->expects($this->once())->method('withAddedHeader')->willReturnSelf();
+
+        $this->middleware->process($this->requestMock, $this->requestHandlerMock);
+    }
 }