lib/util.js security feature issue

[fornof]

I want to proxy on a per - route basis. I tried but keep getting an error in kubernetes containers and is behind an nginx ingress.

You have already researched for similar issues?

// issue ref: https://github.com/fastify/fast-proxy/issues/42
function buildURL (source, reqBase) {
  const dest = new URL(source, reqBase)

  // if base is specified, source url should not override it
  if (reqBase) {
    if (!reqBase.endsWith('/') && dest.href.length > reqBase.length) {
      reqBase = reqBase + '/'
    }

    if (!dest.href.startsWith(reqBase)) {
      throw new Error('source must be a relative path string')
    }
  }

  return dest
}

What are you trying to achieve, or the steps to reproduce?

this works:

 upstream: 'https://example.com',
  prefix: '/example',
  rewritePrefix: 'https://example.com/',
  http2: false,
  type: 'JWT',
  beforeHandler: [Function: beforeHandler] // auth works this way
}

this does not work, when I put it into kubernetes, but seems to work when I directly access on my local machine instance:

 upstream: 'https://examplek8-service',
  prefix: '/example',
  rewritePrefix: 'http://examplek8-service:1111/health/,
  http2: false,
  type: 'JWT',
  beforeHandler: [Function: beforeHandler] // auth works this way
}

What was the result you received?

error I get is

{"statusCode":500,"error":"Internal Server Error","message":"source must be a relative path string"}

What did you expect?

{success:true} // health endpoint on kubernetes.

Context

• node version: 12
• fastify version: >=0.37.0
• os: Mac, Windows: mac, alpine container
• any other relevant information: I'd like a way to turn this security feature off in a config , or find some way to proxy .I am coming from express and koa to fastly, maybe there is a simple request-get-as-proxy command I'm missing?

Please read this entire template before posting any issue. If you ignore these instructions
and post an issue here that does not follow the instructions, your issue might be closed,
locked, and assigned the missing discussion label.
^^ affirmative.

[mcollina]

(my bad, I thought this was about fast-proxy)

[mcollina]

As the error tells you, rewritePrefix must be a path, not a full URL.

[fornof]

fast proxy cannot forward individual routes . This is a fast-proxy issue.
/health ==> www.example.com:80/health
for instance. Well, it can directly connecting to node, but as soon as that path changes in k8s, it no longer works.
I ended up giving up with fast-proxy and going with axios and a fastify routes as they are less black box. I cannot forward headers for some reason, probably due to the Host header, but everything works as I need it.

[mcollina]

I would recommend to not use fast-proxy with fastify. Use fastify-http-proxy or fastify-reply-from. fast-proxy is not supported with fastify.

[mcollina]

I transfered this to to fast-proxy.