Always match routes against percent-encoded paths. (#78)

* feat: decode percent-encoded path segments per RFC 3986 for route matching

* refactor: match routes against percent-encoded paths instead of decoding segments

Author: tigerwill90

benchmark_test.go

@@ -78,7 +78,12 @@ func BenchmarkGithubAll(b *testing.B) {
 		require.NoError(b, onlyError(f.Add([]string{route.method}, route.path, emptyHandler)))
 	}
 
-	benchRoute(b, f, githubAPI)
+	data := make([]route, 0, len(githubAPI))
+	for _, r := range githubAPI {
+		data = append(data, route{method: r.method, path: replaceParams.ReplaceAllString(r.path, "xxx")})
+	}
+
+	benchRoute(b, f, data)
 }
 
 func BenchmarkStaticAllMux(b *testing.B) {

context.go

@@ -208,12 +208,10 @@ func (c *Context) Method() string {
 
 // Path returns the request [url.URL.RawPath] if not empty, or fallback to the [url.URL.Path].
 func (c *Context) Path() string {
-	path := c.req.URL.Path
 	if len(c.req.URL.RawPath) > 0 {
-		// Using RawPath to prevent unintended match (e.g. /search/a%2Fb/1)
-		path = c.req.URL.RawPath
+		return c.req.URL.RawPath
 	}
-	return path
+	return c.req.URL.Path
 }
 
 // Host returns the request host.

fox.go

@@ -19,6 +19,7 @@ import (
 	"sync/atomic"
 
 	"github.com/fox-toolkit/fox/internal/slicesutil"
+	"github.com/fox-toolkit/fox/internal/stringsutil"
 )
 
 const (
@@ -362,7 +363,7 @@ func (fox *Router) Match(method string, r *http.Request) (route *Route, tsr bool
 	defer tree.pool.Put(c)
 	c.resetWithRequest(r)
 
-	path := c.Path()
+	path := routingPath(r)
 
 	idx, n, tsr := tree.lookup(method, r.Host, path, c, true)
 	if n != nil {
@@ -381,7 +382,7 @@ func (fox *Router) Lookup(w ResponseWriter, r *http.Request) (route *Route, cc *
 	c := tree.pool.Get().(*Context)
 	c.resetWithWriter(w, r)
 
-	path := c.Path()
+	path := routingPath(r)
 
 	idx, n, tsr := tree.lookup(r.Method, r.Host, path, c, false)
 	if n != nil {
@@ -591,7 +592,7 @@ func (fox *Router) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	c := tree.pool.Get().(*Context)
 	c.reset(w, r)
 
-	path := c.Path()
+	path := routingPath(r)
 
 	idx, n, tsr := tree.lookup(r.Method, r.Host, path, c, false)
 	if !tsr && n != nil {
@@ -998,7 +999,7 @@ func Sub(router *Router) HandlerFunc {
 		// reslice from the original path to include it, avoiding an allocation from "/" + suffix.
 		suffix := cmp.Or((*c.params)[len(*c.params)-1], "/")
 		if !strings.HasPrefix(suffix, "/") {
-			path := c.Path()
+			path := routingPath(c.req)
 			slashPos := len(path) - len(suffix) - 1
 			if path[slashPos] == slashDelim {
 				suffix = path[slashPos:]
@@ -1469,6 +1470,13 @@ func braceIndice(s string, startLevel int) int {
 	return -1
 }
 
+func routingPath(r *http.Request) string {
+	if r.URL.RawPath == "" {
+		return r.URL.EscapedPath()
+	}
+	return stringsutil.NormalizeHexUppercase(r.URL.EscapedPath())
+}
+
 func applyMiddleware(scope HandlerScope, mws []middleware, h HandlerFunc) HandlerFunc {
 	m := h
 	for i := len(mws) - 1; i >= 0; i-- {

fox_test.go

@@ -12,6 +12,7 @@ import (
 	"math/rand/v2"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"regexp"
 	"slices"
 	"strings"
@@ -33,6 +34,8 @@ var (
 	patternHandler = HandlerFunc(func(c *Context) { _ = c.String(200, c.Pattern()) })
 )
 
+var replaceParams = regexp.MustCompile(`[*+]?\{[^}]+}`)
+
 type mockResponseWriter struct{}
 
 func (m mockResponseWriter) Header() (h http.Header) { return http.Header{} }
@@ -1086,7 +1089,8 @@ func TestParamsRoute(t *testing.T) {
 				key = match[1 : len(match)-1]
 			}
 			value := match
-			assert.Equal(t, value, c.Param(key))
+			ps, _ := url.PathUnescape(c.Param(key))
+			assert.Equal(t, value, ps)
 		}
 		assert.Equal(t, c.Path(), c.Pattern())
 		_ = c.String(200, c.Path())
@@ -1213,7 +1217,8 @@ func TestParamsRouteTxn(t *testing.T) {
 				key = match[1 : len(match)-1]
 			}
 			value := match
-			assert.Equal(t, value, c.Param(key))
+			ps, _ := url.PathUnescape(c.Param(key))
+			assert.Equal(t, value, ps)
 		}
 		assert.Equal(t, c.Path(), c.Pattern())
 		_ = c.String(200, c.Path())
@@ -1249,7 +1254,8 @@ func TestParamsRouteWithDomain(t *testing.T) {
 				key = match[1 : len(match)-1]
 			}
 			value := match
-			assert.Equal(t, value, c.Param(key))
+			ps, _ := url.PathUnescape(c.Param(key))
+			assert.Equal(t, value, ps)
 		}
 
 		assert.Equal(t, netutil.StripHostPort(c.Host())+c.Path(), c.Pattern())
@@ -1281,7 +1287,8 @@ func TestParamsRouteWithDomainTxn(t *testing.T) {
 				key = match[1 : len(match)-1]
 			}
 			value := match
-			assert.Equal(t, value, c.Param(key))
+			ps, _ := url.PathUnescape(c.Param(key))
+			assert.Equal(t, value, ps)
 		}
 
 		assert.Equal(t, netutil.StripHostPort(c.Host())+c.Path(), c.Pattern())
@@ -1311,11 +1318,18 @@ func TestParamsRouteMalloc(t *testing.T) {
 	for _, route := range githubAPI {
 		require.NoError(t, onlyError(r.Add([]string{route.method}, route.path, emptyHandler)))
 	}
-	for _, route := range githubAPI {
+
+	data := make([]route, 0, len(githubAPI))
+	for _, r := range githubAPI {
+		data = append(data, route{method: r.method, path: replaceParams.ReplaceAllString(r.path, "xxx")})
+	}
+
+	for _, route := range data {
 		req := httptest.NewRequest(route.method, route.path, nil)
 		w := httptest.NewRecorder()
 		allocs := testing.AllocsPerRun(100, func() { r.ServeHTTP(w, req) })
 		assert.Equal(t, float64(0), allocs)
+		assert.Equal(t, http.StatusOK, w.Code)
 	}
 }
 
@@ -1472,7 +1486,13 @@ func TestParamsRouteWithDomainMalloc(t *testing.T) {
 	for _, route := range githubAPI {
 		require.NoError(t, onlyError(r.Add([]string{route.method}, "foo.{bar}.com"+route.path, emptyHandler)))
 	}
-	for _, route := range githubAPI {
+
+	data := make([]route, 0, len(githubAPI))
+	for _, r := range githubAPI {
+		data = append(data, route{method: r.method, path: replaceParams.ReplaceAllString(r.path, "xxx")})
+	}
+
+	for _, route := range data {
 		req := httptest.NewRequest(route.method, route.path, nil)
 		req.Host = "foo.{bar}.com"
 		w := httptest.NewRecorder()
@@ -1486,7 +1506,13 @@ func TestOverlappingRouteMalloc(t *testing.T) {
 	for _, route := range overlappingRoutes {
 		require.NoError(t, onlyError(r.Add([]string{route.method}, route.path, emptyHandler)))
 	}
-	for _, route := range overlappingRoutes {
+
+	data := make([]route, 0, len(overlappingRoutes))
+	for _, r := range overlappingRoutes {
+		data = append(data, route{method: r.method, path: replaceParams.ReplaceAllString(r.path, "xxx")})
+	}
+
+	for _, route := range data {
 		req := httptest.NewRequest(route.method, route.path, nil)
 		w := httptest.NewRecorder()
 		allocs := testing.AllocsPerRun(100, func() { r.ServeHTTP(w, req) })
@@ -4721,7 +4747,8 @@ func TestRouter_Lookup(t *testing.T) {
 				key = match[1 : len(match)-1]
 			}
 			value := match
-			assert.Equal(t, value, cc.Param(key))
+			ps, _ := url.PathUnescape(cc.Param(key))
+			assert.Equal(t, value, ps)
 		}
 
 		cc.Close()
@@ -5273,12 +5300,12 @@ func TestFuzzInsertLookupUpdateAndDelete(t *testing.T) {
 	inserted := 0
 	_ = r.Updates(func(txn *Txn) error {
 		for rte := range routes {
-			rte, err := txn.Add(MethodGet, "/"+rte, emptyHandler, WithName("/"+rte))
+			rr, err := txn.Add(MethodGet, "/"+rte, emptyHandler, WithName("/"+rte))
 			if err != nil {
-				assert.Nil(t, rte, "route /%s", rte)
+				assert.Nilf(t, rr, "route /%s", rte)
 				continue
 			}
-			assert.NotNilf(t, rte, "route /%v", rte)
+			assert.NotNilf(t, rr, "route /%s", rte)
 			inserted++
 		}
 		return nil

internal/stringutil/stringutil.go internal/stringsutil/stringutils.gointernal/stringutil/stringutil.go renamed to internal/stringsutil/stringutils.go

@@ -1,4 +1,6 @@
-package stringutil
+package stringsutil
+
+import "strings"
 
 // EqualStringsASCIIIgnoreCase performs case-insensitive comparison of two strings
 // containing ASCII characters. Only supports ASCII letters (A-Z, a-z), digits (0-9), hyphen (-) and underscore (_).
@@ -46,3 +48,43 @@ func ToLowerASCII(b byte) byte {
 	}
 	return b
 }
+
+func NormalizeHexUppercase(s string) string {
+	var buf strings.Builder
+	for i := 0; i < len(s); i++ {
+		if s[i] != '%' || i+2 >= len(s) {
+			if buf.Len() > 0 {
+				buf.WriteByte(s[i])
+			}
+			continue
+		}
+		hi, lo := s[i+1], s[i+2]
+		hiUpper := upperHex(hi)
+		loUpper := upperHex(lo)
+		if hi != hiUpper || lo != loUpper {
+			if buf.Len() == 0 {
+				buf.Grow(len(s))
+				buf.WriteString(s[:i])
+			}
+			buf.WriteByte('%')
+			buf.WriteByte(hiUpper)
+			buf.WriteByte(loUpper)
+		} else if buf.Len() > 0 {
+			buf.WriteByte('%')
+			buf.WriteByte(hi)
+			buf.WriteByte(lo)
+		}
+		i += 2
+	}
+	if buf.Len() == 0 {
+		return s
+	}
+	return buf.String()
+}
+
+func upperHex(c byte) byte {
+	if 'a' <= c && c <= 'f' {
+		return c - ('a' - 'A')
+	}
+	return c
+}