Skip to main content

camel_endpoint/
uri.rs

1use std::collections::HashMap;
2
3use camel_api::CamelError;
4
5/// Parsed components of a Camel URI.
6///
7/// Format: `scheme:path?key1=value1&key2=value2`
8#[derive(Clone, PartialEq)]
9pub struct UriComponents {
10    /// The scheme (component name), e.g. "timer", "log".
11    pub scheme: String,
12    /// The path portion after the scheme, e.g. "tick" in "timer:tick".
13    pub path: String,
14    /// Query parameters as key-value pairs.
15    pub params: HashMap<String, String>,
16}
17
18const SENSITIVE_KEYS: &[&str] = &[
19    "password",
20    "secret",
21    "token",
22    "credential",
23    "apikey",
24    "accesskey",
25    "privatekey",
26];
27
28fn is_sensitive_key(key: &str) -> bool {
29    SENSITIVE_KEYS.contains(&key.to_lowercase().as_str())
30}
31
32fn unwrap_raw(value: &str) -> &str {
33    if value.starts_with("RAW(") && value.ends_with(')') {
34        &value[4..value.len() - 1]
35    } else {
36        value
37    }
38}
39
40fn is_raw_value(value: &str) -> bool {
41    value.starts_with("RAW(") && value.ends_with(')')
42}
43
44/// Percent-decode a string per RFC 3986.
45///
46/// `%XX` sequences are replaced by the byte represented by the hex digits.
47/// `+` is NOT treated as space (Camel URIs are not form-encoded).
48/// Returns an error for incomplete or invalid `%XX` sequences, or if the
49/// resulting bytes are not valid UTF-8.
50fn percent_decode(s: &str) -> Result<String, CamelError> {
51    let bytes = s.as_bytes();
52    let mut result = Vec::with_capacity(bytes.len());
53    let mut i = 0;
54    while i < bytes.len() {
55        if bytes[i] == b'%' {
56            if i + 2 >= bytes.len() {
57                return Err(CamelError::InvalidUri(format!(
58                    "incomplete percent-encoding at position {i} in '{s}'"
59                )));
60            }
61            let hi = char::from(bytes[i + 1]);
62            let lo = char::from(bytes[i + 2]);
63            let byte = u8::from_str_radix(&format!("{hi}{lo}"), 16).map_err(|_| {
64                CamelError::InvalidUri(format!("invalid percent-encoding '%{hi}{lo}' in '{s}'"))
65            })?;
66            result.push(byte);
67            i += 3;
68        } else {
69            result.push(bytes[i]);
70            i += 1;
71        }
72    }
73    String::from_utf8(result).map_err(|e| {
74        CamelError::InvalidUri(format!("percent-decoded bytes are not valid UTF-8: {e}"))
75    })
76}
77
78impl std::fmt::Debug for UriComponents {
79    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
80        let mut redacted_params = std::collections::HashMap::new();
81        for (k, v) in &self.params {
82            if is_sensitive_key(k) {
83                redacted_params.insert(k.clone(), "***".to_string());
84            } else {
85                redacted_params.insert(k.clone(), v.clone());
86            }
87        }
88        f.debug_struct("UriComponents")
89            .field("scheme", &self.scheme)
90            .field("path", &self.path)
91            .field("params", &redacted_params)
92            .finish()
93    }
94}
95
96/// Parse a Camel-style URI into its components.
97///
98/// Format: `scheme:path?key1=value1&key2=value2`
99pub fn parse_uri(uri: &str) -> Result<UriComponents, CamelError> {
100    let (scheme, rest) = uri.split_once(':').ok_or_else(|| {
101        CamelError::InvalidUri(format!("missing scheme separator ':' in '{uri}'"))
102    })?;
103
104    if scheme.is_empty() {
105        return Err(CamelError::InvalidUri(format!("empty scheme in '{uri}'")));
106    }
107
108    // EP-005: Validate scheme characters — only alphanumeric and hyphens allowed.
109    if !scheme
110        .chars()
111        .all(|c| c.is_ascii_alphanumeric() || c == '-')
112    {
113        return Err(CamelError::InvalidUri(format!(
114            "invalid scheme '{scheme}': must contain only alphanumeric characters and hyphens"
115        )));
116    }
117
118    let (path, params) = match rest.split_once('?') {
119        Some((path, query)) => (path, parse_query(query)?),
120        None => (rest, HashMap::new()),
121    };
122
123    Ok(UriComponents {
124        scheme: scheme.to_string(),
125        path: percent_decode(path)?,
126        params,
127    })
128}
129
130fn parse_query(query: &str) -> Result<HashMap<String, String>, CamelError> {
131    let mut params = HashMap::new();
132
133    for pair in split_query_pairs(query)
134        .into_iter()
135        .filter(|s| !s.is_empty())
136    {
137        let Some((key, value)) = pair.split_once('=') else {
138            return Err(CamelError::InvalidUri(format!(
139                "query parameter '{}' has no value",
140                pair
141            )));
142        };
143
144        let decoded_key = percent_decode(key)?;
145
146        if params.contains_key(&decoded_key) {
147            return Err(CamelError::InvalidUri(format!(
148                "duplicate query parameter: {}",
149                decoded_key
150            )));
151        }
152
153        let parsed_value = if is_raw_value(value) {
154            // RAW(...) signals "treat this value literally, no further processing".
155            // For sensitive keys: unwrap the RAW(...) wrapper so the stored value is
156            // the plain secret (consistent with pre-existing sensitive key handling).
157            // For non-sensitive keys: preserve the full `RAW(...)` string intact so
158            // downstream consumers can detect it and handle it explicitly (e.g., avoid
159            // encoding it again). This is intentional, not an oversight.
160            if is_sensitive_key(&decoded_key) {
161                unwrap_raw(value).to_string()
162            } else {
163                value.to_string()
164            }
165        } else if is_sensitive_key(&decoded_key) {
166            // Sensitive non-RAW: preserve literally (no decode)
167            value.to_string()
168        } else {
169            // Non-sensitive non-RAW: percent-decode
170            percent_decode(value)?
171        };
172
173        params.insert(decoded_key, parsed_value);
174    }
175
176    Ok(params)
177}
178
179fn split_query_pairs(query: &str) -> Vec<&str> {
180    let mut pairs = Vec::new();
181    let mut start = 0usize;
182    let mut i = 0usize;
183    let mut raw_depth = 0usize;
184
185    while i < query.len() {
186        let rest = &query[i..];
187
188        if rest.starts_with("RAW(") {
189            raw_depth += 1;
190            i += 4;
191            continue;
192        }
193
194        let ch = rest.as_bytes()[0] as char;
195        match ch {
196            ')' if raw_depth > 0 => raw_depth -= 1,
197            '&' if raw_depth == 0 => {
198                pairs.push(&query[start..i]);
199                i += 1;
200                start = i;
201                continue;
202            }
203            _ => {}
204        }
205
206        i += 1;
207    }
208
209    pairs.push(&query[start..]);
210    pairs
211}
212
213/// Parse a boolean parameter from a string, case-insensitively.
214///
215/// Accepts: "true"/"True"/"TRUE"/"1"/"yes" as true,
216///          "false"/"False"/"FALSE"/"0"/"no" as false.
217pub fn parse_bool_param(s: &str) -> Result<bool, String> {
218    match s.to_lowercase().as_str() {
219        "true" | "1" | "yes" => Ok(true),
220        "false" | "0" | "no" => Ok(false),
221        _ => Err(format!("invalid boolean value: '{}'", s)),
222    }
223}
224
225#[cfg(test)]
226mod tests {
227    use super::*;
228
229    #[test]
230    fn test_parse_simple_uri() {
231        let result = parse_uri("timer:tick").unwrap();
232        assert_eq!(result.scheme, "timer");
233        assert_eq!(result.path, "tick");
234        assert!(result.params.is_empty());
235    }
236
237    #[test]
238    fn test_parse_uri_with_params() {
239        let result = parse_uri("timer:tick?period=1000&delay=500").unwrap();
240        assert_eq!(result.scheme, "timer");
241        assert_eq!(result.path, "tick");
242        assert_eq!(result.params.get("period"), Some(&"1000".to_string()));
243        assert_eq!(result.params.get("delay"), Some(&"500".to_string()));
244    }
245
246    #[test]
247    fn test_parse_uri_with_single_param() {
248        let result = parse_uri("log:info?level=debug").unwrap();
249        assert_eq!(result.scheme, "log");
250        assert_eq!(result.path, "info");
251        assert_eq!(result.params.get("level"), Some(&"debug".to_string()));
252    }
253
254    #[test]
255    fn test_parse_uri_no_scheme() {
256        let result = parse_uri("noscheme");
257        assert!(result.is_err());
258    }
259
260    #[test]
261    fn test_parse_uri_empty_scheme() {
262        let result = parse_uri(":path");
263        assert!(result.is_err());
264    }
265
266    #[test]
267    fn test_parse_direct_uri() {
268        let result = parse_uri("direct:myRoute").unwrap();
269        assert_eq!(result.scheme, "direct");
270        assert_eq!(result.path, "myRoute");
271        assert!(result.params.is_empty());
272    }
273
274    #[test]
275    fn test_parse_mock_uri() {
276        let result = parse_uri("mock:result").unwrap();
277        assert_eq!(result.scheme, "mock");
278        assert_eq!(result.path, "result");
279    }
280
281    #[test]
282    fn test_parse_http_uri_simple() {
283        let result = parse_uri("http://localhost:8080/api/users").unwrap();
284        assert_eq!(result.scheme, "http");
285        assert_eq!(result.path, "//localhost:8080/api/users");
286        assert!(result.params.is_empty());
287    }
288
289    #[test]
290    fn test_parse_https_uri_with_camel_params() {
291        let result = parse_uri(
292            "https://api.example.com/v1/data?httpMethod=POST&throwExceptionOnFailure=false",
293        )
294        .unwrap();
295        assert_eq!(result.scheme, "https");
296        assert_eq!(result.path, "//api.example.com/v1/data");
297        assert_eq!(result.params.get("httpMethod"), Some(&"POST".to_string()));
298        assert_eq!(
299            result.params.get("throwExceptionOnFailure"),
300            Some(&"false".to_string())
301        );
302    }
303
304    #[test]
305    fn test_parse_http_uri_no_path() {
306        let result = parse_uri("http://localhost:8080").unwrap();
307        assert_eq!(result.scheme, "http");
308        assert_eq!(result.path, "//localhost:8080");
309        assert!(result.params.is_empty());
310    }
311
312    #[test]
313    fn test_parse_http_uri_with_port_and_query() {
314        let result = parse_uri("http://example.com:3000/api?connectTimeout=5000").unwrap();
315        assert_eq!(result.scheme, "http");
316        assert_eq!(result.path, "//example.com:3000/api");
317        assert_eq!(
318            result.params.get("connectTimeout"),
319            Some(&"5000".to_string())
320        );
321    }
322
323    #[test]
324    fn test_uri_components_debug_redacts_sensitive_params() {
325        let uri = parse_uri("timer:tick?password=secret&token=abc123&name=hello").unwrap();
326        let debug_output = format!("{:?}", uri);
327        assert!(
328            !debug_output.contains("secret"),
329            "Debug must not contain password value"
330        );
331        assert!(
332            !debug_output.contains("abc123"),
333            "Debug must not contain token value"
334        );
335        assert!(
336            debug_output.contains("hello"),
337            "Debug should contain non-sensitive param values"
338        );
339        assert!(
340            debug_output.contains("password"),
341            "Debug should show param key 'password'"
342        );
343    }
344
345    #[test]
346    fn test_uri_components_debug_redacts_case_insensitive() {
347        let uri = parse_uri("timer:tick?Password=secret&TOKEN=abc123").unwrap();
348        let debug_output = format!("{:?}", uri);
349        assert!(
350            !debug_output.contains("secret"),
351            "Debug must redact 'Password' (capitalized)"
352        );
353        assert!(
354            !debug_output.contains("abc123"),
355            "Debug must redact 'TOKEN' (uppercase)"
356        );
357    }
358
359    #[test]
360    fn test_parse_bool_param_true_variants() {
361        for val in &["true", "True", "TRUE", "1", "yes", "Yes", "YES"] {
362            assert_eq!(
363                parse_bool_param(val),
364                Ok(true),
365                "parse_bool_param('{}') should be Ok(true)",
366                val
367            );
368        }
369    }
370
371    #[test]
372    fn test_parse_bool_param_false_variants() {
373        for val in &["false", "False", "FALSE", "0", "no", "No", "NO"] {
374            assert_eq!(
375                parse_bool_param(val),
376                Ok(false),
377                "parse_bool_param('{}') should be Ok(false)",
378                val
379            );
380        }
381    }
382
383    #[test]
384    fn test_parse_bool_param_invalid() {
385        for val in &["maybe", "yes ", " true", "2", "-1", ""] {
386            assert!(
387                parse_bool_param(val).is_err(),
388                "parse_bool_param('{}') should be Err",
389                val
390            );
391        }
392    }
393
394    #[test]
395    fn test_raw_token_extracts_value() {
396        assert_eq!(unwrap_raw("RAW(p@ss!)"), "p@ss!");
397        assert_eq!(unwrap_raw("RAW(user:pass@host)"), "user:pass@host");
398    }
399
400    #[test]
401    fn test_non_raw_value_unchanged() {
402        assert_eq!(unwrap_raw("plainvalue"), "plainvalue");
403        assert_eq!(unwrap_raw("RAW(unclosed"), "RAW(unclosed");
404    }
405
406    #[test]
407    fn test_uri_with_raw_password_parses_correctly() {
408        let result = parse_uri("redis://localhost?password=RAW(p@ss!)").unwrap();
409        assert_eq!(result.params.get("password"), Some(&"p@ss!".to_string()));
410    }
411
412    #[test]
413    fn test_uri_with_raw_password_containing_ampersand_parses_correctly() {
414        let result = parse_uri("redis://localhost?password=RAW(a&b)&db=0").unwrap();
415        assert_eq!(result.params.get("password"), Some(&"a&b".to_string()));
416        assert_eq!(result.params.get("db"), Some(&"0".to_string()));
417    }
418
419    #[test]
420    fn test_uri_with_non_sensitive_raw_value_is_unchanged() {
421        let result = parse_uri("timer:tick?name=RAW(p@ss!)").unwrap();
422        assert_eq!(result.params.get("name"), Some(&"RAW(p@ss!)".to_string()));
423    }
424
425    #[test]
426    fn test_parse_uri_duplicate_query_key_returns_error() {
427        let result = parse_uri("foo:bar?key=a&key=b");
428        assert!(result.is_err());
429        match result {
430            Err(CamelError::InvalidUri(msg)) => {
431                assert_eq!(msg, "duplicate query parameter: key");
432            }
433            _ => panic!("Expected InvalidUri for duplicate key"),
434        }
435    }
436
437    #[test]
438    fn test_parse_uri_bare_query_param_returns_error() {
439        let result = parse_uri("foo:bar?flag");
440        assert!(result.is_err());
441        match result {
442            Err(CamelError::InvalidUri(msg)) => {
443                assert_eq!(msg, "query parameter 'flag' has no value");
444            }
445            _ => panic!("Expected InvalidUri for bare query parameter"),
446        }
447    }
448
449    #[test]
450    fn test_parse_uri_duplicate_key_with_raw_ampersand_returns_error() {
451        let result = parse_uri("foo:bar?password=RAW(a&b)&password=RAW(c&d)");
452        assert!(result.is_err());
453        match result {
454            Err(CamelError::InvalidUri(msg)) => {
455                assert_eq!(msg, "duplicate query parameter: password");
456            }
457            _ => panic!("Expected InvalidUri for duplicate key with RAW value"),
458        }
459    }
460
461    // EP-005: scheme validation tests
462
463    #[test]
464    fn test_valid_scheme_alphanumeric() {
465        let result = parse_uri("timer:tick").unwrap();
466        assert_eq!(result.scheme, "timer");
467    }
468
469    #[test]
470    fn test_valid_scheme_with_hyphen() {
471        let result = parse_uri("my-component:path").unwrap();
472        assert_eq!(result.scheme, "my-component");
473    }
474
475    #[test]
476    fn test_valid_scheme_alphanumeric_only() {
477        let result = parse_uri("opensearchs://host:9200/idx").unwrap();
478        assert_eq!(result.scheme, "opensearchs");
479    }
480
481    #[test]
482    fn test_invalid_scheme_with_space() {
483        let result = parse_uri("bad scheme:path");
484        assert!(result.is_err());
485        match result {
486            Err(CamelError::InvalidUri(msg)) => {
487                assert!(msg.contains("invalid scheme"), "got: {msg}");
488            }
489            _ => panic!("Expected InvalidUri for scheme with space"),
490        }
491    }
492
493    #[test]
494    fn test_invalid_scheme_with_dot() {
495        let result = parse_uri("bad.scheme:path");
496        assert!(result.is_err());
497        match result {
498            Err(CamelError::InvalidUri(msg)) => {
499                assert!(msg.contains("invalid scheme"), "got: {msg}");
500            }
501            _ => panic!("Expected InvalidUri for scheme with dot"),
502        }
503    }
504
505    #[test]
506    fn test_invalid_scheme_with_underscore() {
507        let result = parse_uri("bad_scheme:path");
508        assert!(result.is_err());
509    }
510
511    // ENDPOINT-002: percent-decoding tests
512
513    #[test]
514    fn test_parse_uri_percent_encoded_path() {
515        let result = parse_uri("timer:my%20timer").unwrap();
516        assert_eq!(result.path, "my timer");
517    }
518
519    #[test]
520    fn test_parse_uri_percent_encoded_query_value() {
521        let result = parse_uri("log:info?description=hello%20world").unwrap();
522        assert_eq!(
523            result.params.get("description"),
524            Some(&"hello world".to_string())
525        );
526    }
527
528    #[test]
529    fn test_parse_uri_percent_encoded_special_chars() {
530        // %2F = '/', %3A = ':', %40 = '@'
531        let result = parse_uri("http://host/path?user=foo%40bar.com&redirect=%2Fhome").unwrap();
532        assert_eq!(result.params.get("user"), Some(&"foo@bar.com".to_string()));
533        assert_eq!(result.params.get("redirect"), Some(&"/home".to_string()));
534    }
535
536    #[test]
537    fn test_parse_uri_percent_encoded_path_with_slash() {
538        let result = parse_uri("file:my%2Fpath%2Fhere").unwrap();
539        assert_eq!(result.path, "my/path/here");
540    }
541
542    #[test]
543    fn test_raw_value_not_percent_decoded() {
544        // RAW(...) values bypass percent-decoding — they are already raw
545        let result = parse_uri("redis://localhost?password=RAW(%40secret)").unwrap();
546        assert_eq!(
547            result.params.get("password"),
548            Some(&"%40secret".to_string())
549        );
550    }
551
552    #[test]
553    fn test_percent_encoded_key_decoded() {
554        let result = parse_uri("foo:bar?my%20key=value").unwrap();
555        assert_eq!(result.params.get("my key"), Some(&"value".to_string()));
556    }
557
558    #[test]
559    fn test_invalid_percent_sequence_returns_error() {
560        let result = parse_uri("foo:bar?key=%ZZ");
561        assert!(
562            result.is_err(),
563            "Expected error for invalid percent sequence %ZZ"
564        );
565    }
566
567    #[test]
568    fn test_incomplete_percent_sequence_returns_error() {
569        let result = parse_uri("foo:bar?key=val%");
570        assert!(
571            result.is_err(),
572            "Expected error for incomplete percent sequence"
573        );
574        let result2 = parse_uri("foo:bar?key=val%2");
575        assert!(
576            result2.is_err(),
577            "Expected error for truncated percent sequence"
578        );
579    }
580
581    #[test]
582    fn test_percent_encoded_plus_is_not_space() {
583        // Camel URIs are NOT form-encoded; '+' is a literal plus, not space
584        let result = parse_uri("foo:bar?key=a+b").unwrap();
585        assert_eq!(result.params.get("key"), Some(&"a+b".to_string()));
586    }
587
588    #[test]
589    fn test_percent_encoded_plus_decodes_to_plus() {
590        // %2B must decode to literal '+' in both path and query value
591        let result = parse_uri("file:a%2Bb?key=c%2Bd").unwrap();
592        assert_eq!(result.path, "a+b");
593        assert_eq!(result.params.get("key"), Some(&"c+d".to_string()));
594    }
595
596    #[test]
597    fn test_percent_encoded_multibyte_utf8() {
598        // %C3%A9 = U+00E9 LATIN SMALL LETTER E WITH ACUTE ('é')
599        let result = parse_uri("file:caf%C3%A9?name=r%C3%A9sum%C3%A9").unwrap();
600        assert_eq!(result.path, "café");
601        assert_eq!(result.params.get("name"), Some(&"résumé".to_string()));
602    }
603
604    #[test]
605    fn test_percent_encoded_null_byte_allowed() {
606        // %00 decodes to NUL byte — behavior is pinned: decoder allows it, result contains '\0'
607        let result = parse_uri("foo:bar?key=val%00end").unwrap();
608        assert_eq!(result.params.get("key"), Some(&"val\0end".to_string()));
609    }
610
611    #[test]
612    fn test_sensitive_key_percent_encoded() {
613        // Key is percent-decoded before sensitivity check; sensitive value is NOT percent-decoded
614        let result = parse_uri("db:conn?pass%77ord=abc%20def").unwrap();
615        // "pass%77ord" decodes key to "password" → sensitive → value stored literal
616        assert_eq!(
617            result.params.get("password"),
618            Some(&"abc%20def".to_string())
619        );
620    }
621}