forest_liana 9.19.0 → 9.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92281c1baf13dfbbdbe418f2a11833ad15a665c1109f1e4ad0a5f395e32ab090
-  data.tar.gz: 71946c62175f706e11528dbac2a3e7600f780a7847596be724c74675ef8299a0
+  metadata.gz: c37d0a61be7a37b80bab933cf4892cef1aceb25a5f8351d56c66dbd4d07e6c4d
+  data.tar.gz: d857a4ebb09833f6c99afb44d4daf2e06b396689331c6e28359fe78117e78727
 SHA512:
-  metadata.gz: f6eced39681d8c424791ed625807cb3ce9e8e741a9ed7f1ca711f225219219d2415cafa222b8df4eaa99185f57c98ca2f8766df724719d36e791af695ad1f2ee
-  data.tar.gz: 4df825ec3296694e8fcf7cdc0d7eb86a481667af477ce9b7e500ba69afdc1bb86d343049f2493d896c9a70dc19100f984dcd301e5da80703520cf17ae0121dcc
+  metadata.gz: d8e83baf30e64e0c1a0fed567e62c7f1ed8b1763924a813967090616cf703e103b5f53609b0579d811bd286fd107aef17fa50ec14d92dac67ed8cc77cfc51b12
+  data.tar.gz: d2c6655ba0c37f0a917018e32ac3afdc0bbcbc3de9ebb82bce59cf2e4043a53145c7897184322a1c372ea9e51c223cc03c59714d312b728b7466044bd8a575a1

data/app/controllers/forest_liana/workflow_executions_controller.rb

@@ -1,71 +1,126 @@
 require 'httparty'
+require 'uri'
 
 module ForestLiana
   class WorkflowExecutionsController < ApplicationController
-    FORWARDED_HEADERS = %w[Authorization Cookie].freeze
-    UPSTREAM_TIMEOUT_IN_SECONDS = 10
+    # Never forwarded (request or response): hop-by-hop, Host, and body-framing headers.
+    # render json: re-serializes the body, so the upstream length/encoding no longer match — and
+    # forwarding accept-encoding would defeat Net::HTTP's transparent gzip decompression.
+    SKIPPED_HEADERS = %w[
+      connection keep-alive transfer-encoding upgrade te trailer
+      proxy-authenticate proxy-authorization host
+      content-length content-encoding accept-encoding
+    ].freeze
+    UNSAFE_PATH_FRAGMENTS = ['..', '%2e', '%2E', '\\', "\0"].freeze
+    OPEN_TIMEOUT_IN_SECONDS = 2
+    REQUEST_TIMEOUT_IN_SECONDS = 120
     UPSTREAM_ERRORS = [
       HTTParty::Error,
       SocketError,
       Errno::ECONNREFUSED,
       Net::OpenTimeout,
       Net::ReadTimeout,
-      Timeout::Error
+      Timeout::Error,
+      OpenSSL::SSL::SSLError
     ].freeze
 
-    def show
-      forward_to_executor(method: :get, suffix: '')
-    end
-
-    def trigger
-      forward_to_executor(method: :post, suffix: '/trigger')
-    end
-
-    private
-
-    def forward_to_executor(method:, suffix:)
+    # Catch-all: forward any verb/sub-path verbatim to the executor, so a new executor route needs
+    # no change here.
+    def proxy
       base = ForestLiana.workflow_executor_url
-      if base.blank?
-        head :not_found
-        return
-      end
+      return head(:not_found) if base.blank?
+
+      normalized_base = base.sub(%r{/+\z}, '')
+      path = safe_executor_path
+      return head(:not_found) if path.nil?
+      return head(:not_found) unless same_origin?(normalized_base, path)
 
-      url = "#{base.sub(%r{/+\z}, '')}/runs/#{params[:run_id]}#{suffix}"
       response = HTTParty.send(
-        method,
-        url,
-        headers: forwarded_headers,
+        request.request_method_symbol,
+        "#{normalized_base}#{path}",
+        headers: forwarded_request_headers,
         query: forwarded_query,
-        body: forwarded_body(method),
+        body: forwarded_body,
         verify: Rails.env.production?,
-        timeout: UPSTREAM_TIMEOUT_IN_SECONDS
+        # Don't follow redirects: a 3xx Location to an off-origin host would bypass the origin guard.
+        follow_redirects: false,
+        open_timeout: OPEN_TIMEOUT_IN_SECONDS,
+        timeout: REQUEST_TIMEOUT_IN_SECONDS
       )
 
+      forward_response_headers(response)
       render json: response.parsed_response, status: response.code
     rescue *UPSTREAM_ERRORS => e
       Rails.logger.error("[ForestLiana] workflow executor proxy error: #{e.class}: #{e.message}")
       render json: { error: 'workflow_executor_unreachable' }, status: :service_unavailable
     end
 
-    def forwarded_headers
-      base = { 'Content-Type' => 'application/json' }
-      FORWARDED_HEADERS.each_with_object(base) do |name, acc|
-        value = request.headers[name]
-        acc[name] = value if value.present?
+    private
+
+    # First-pass rejection of escape attempts; the authoritative origin check is same_origin?.
+    def safe_executor_path
+      wildcard = params[:path].to_s
+      return nil if wildcard.empty? || wildcard.start_with?('/')
+      return nil if UNSAFE_PATH_FRAGMENTS.any? { |fragment| wildcard.include?(fragment) }
+
+      "/#{wildcard}"
+    end
+
+    # Authoritative SSRF check: forwarding must never leave the executor origin.
+    def same_origin?(base, path)
+      base_uri = URI.parse(base)
+      target = URI.parse("#{base}#{path}")
+      target.scheme == base_uri.scheme && target.host == base_uri.host && target.port == base_uri.port
+    rescue URI::InvalidURIError
+      false
+    end
+
+    def forwarded_request_headers
+      request.headers.env.each_with_object({}) do |(key, value), acc|
+        name = http_header_name(key.to_s)
+        next unless name
+        next if SKIPPED_HEADERS.include?(name.downcase)
+        next if value.nil? || value.to_s.empty?
+
+        acc[name] = value.to_s
       end
     end
 
+    def http_header_name(env_key)
+      if env_key.start_with?('HTTP_')
+        titleize_header(env_key.delete_prefix('HTTP_'))
+      elsif %w[CONTENT_TYPE CONTENT_LENGTH].include?(env_key)
+        titleize_header(env_key)
+      end
+    end
+
+    def titleize_header(rack_name)
+      rack_name.split('_').map(&:capitalize).join('-')
+    end
+
+    # Strip the routing key (the glob) and Rails internals so only real query params reach the executor.
     def forwarded_query
       params
-        .except(:run_id, :controller, :action, :format)
+        .except(:path, :controller, :action, :format)
         .to_unsafe_h
     end
 
-    def forwarded_body(method)
-      return nil if method == :get
+    def forwarded_body
+      return nil if request.get? || request.head?
+
+      request.raw_post.presence
+    end
+
+    # Forward executor response headers (minus hop-by-hop) so executor-set headers survive the proxy.
+    def forward_response_headers(upstream_response)
+      upstream_response.headers.each do |name, value|
+        next if name.nil? || SKIPPED_HEADERS.include?(name.to_s.downcase)
+
+        forwarded = value.is_a?(Array) ? value.join(', ') : value.to_s
+        next if forwarded.empty?
 
-      raw = request.raw_post
-      raw.presence
+        response.headers[name.to_s] = forwarded
+      end
     end
   end
 end

data/config/routes.rb

@@ -23,10 +23,10 @@ ForestLiana::Engine.routes.draw do
   # Scopes
   post '/scope-cache-invalidation' => 'scopes#invalidate_scope_cache'
 
-  # Workflow executor proxy (mounted only when ForestLiana.workflow_executor_url is set)
+  # Workflow executor proxy: single catch-all forwarding every verb/sub-path verbatim.
+  # Mounted only when ForestLiana.workflow_executor_url is set.
   if ForestLiana.workflow_executor_url.present?
-    get  '_internal/workflow-executions/:run_id'         => 'workflow_executions#show'
-    post '_internal/workflow-executions/:run_id/trigger' => 'workflow_executions#trigger'
+    match '_internal/executor/*path' => 'workflow_executions#proxy', via: :all
   end
 
   # Stripe Integration

data/lib/forest_liana/version.rb

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "9.19.0"
+  VERSION = "9.20.0"
 end

data/spec/requests/workflow_executions_spec.rb

@@ -31,7 +31,16 @@ describe 'Workflow executor proxy', type: :request do
     instance_double(
       HTTParty::Response,
       parsed_response: { 'id' => run_id, 'state' => 'pending' },
-      code: 200
+      code: 200,
+      headers: {
+        'content-type' => 'application/json',
+        # arbitrary executor response header — must be forwarded untouched.
+        'x-executor-custom' => 'passthrough-value',
+        # hop-by-hop response header — must be dropped, not forwarded.
+        'transfer-encoding' => 'chunked',
+        # body-framing header — meaningless once the body is re-serialized; must be dropped.
+        'content-encoding' => 'gzip'
+      }
     )
   end
 
@@ -42,77 +51,130 @@ describe 'Workflow executor proxy', type: :request do
 
     allow(HTTParty).to receive(:get).and_return(executor_response)
     allow(HTTParty).to receive(:post).and_return(executor_response)
+    allow(HTTParty).to receive(:delete).and_return(executor_response)
   end
 
-  describe 'GET /forest/_internal/workflow-executions/:run_id' do
-    it 'forwards GET to the executor /runs/:run_id endpoint' do
-      get "/forest/_internal/workflow-executions/#{run_id}", params: { foo: 'bar' }, headers: auth_headers
+  describe 'generic forwarding' do
+    it 'forwards a run GET (caller includes runs/), preserving the sub-path and query verbatim' do
+      get "/forest/_internal/executor/runs/#{run_id}", params: { foo: 'bar' }, headers: auth_headers
 
       expect(HTTParty).to have_received(:get).with(
         "#{executor_url}/runs/#{run_id}",
+        hash_including(query: hash_including('foo' => 'bar'))
+      )
+    end
+
+    it 'forwards a POST trigger with the raw body untouched (no reshaping)' do
+      raw = { step: 'approve', value: 42 }.to_json
+
+      post(
+        "/forest/_internal/executor/runs/#{run_id}/trigger",
+        params: raw,
+        headers: auth_headers
+      )
+
+      expect(HTTParty).to have_received(:post).with(
+        "#{executor_url}/runs/#{run_id}/trigger",
+        hash_including(body: raw)
+      )
+    end
+
+    it 'forwards a non-runs route verbatim (no /runs prefix injected)' do
+      delete '/forest/_internal/executor/mcp-oauth-credentials', headers: auth_headers
+
+      expect(HTTParty).to have_received(:delete).with(
+        "#{executor_url}/mcp-oauth-credentials",
+        anything
+      )
+    end
+
+    it 'forwards client headers (e.g. Authorization / Cookie) to the executor' do
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
+
+      expect(HTTParty).to have_received(:get).with(
+        anything,
         hash_including(
           headers: hash_including(
             'Authorization' => "Bearer #{bearer_token}",
             'Cookie' => 'forest_session_token=session-xyz'
-          ),
-          query: hash_including('foo' => 'bar')
+          )
         )
       )
     end
 
+    it 'does not follow redirects (a 3xx Location must not escape the executor origin)' do
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
+
+      expect(HTTParty).to have_received(:get).with(
+        anything,
+        hash_including(follow_redirects: false)
+      )
+    end
+
     it 'returns the executor status and body verbatim' do
-      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
 
       expect(response.status).to eq(200)
       expect(JSON.parse(response.body)).to eq('id' => run_id, 'state' => 'pending')
     end
 
-    it 'rejects unauthenticated requests with 401' do
-      get "/forest/_internal/workflow-executions/#{run_id}"
+    it 'forwards executor response headers except hop-by-hop / encoding ones' do
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
 
-      expect(response.status).to eq(401)
-      expect(HTTParty).not_to have_received(:get)
+      expect(response.headers['x-executor-custom']).to eq('passthrough-value')
+      expect(response.headers['transfer-encoding']).to be_nil
+      # content-encoding would tell the client the re-serialized JSON is gzipped → corruption.
+      expect(response.headers['content-encoding']).to be_nil
     end
-  end
 
-  describe 'POST /forest/_internal/workflow-executions/:run_id/trigger' do
-    let(:trigger_body) { { step: 'approve', value: 42 } }
+    it 'does not forward accept-encoding (would defeat transparent gzip decompression)' do
+      get "/forest/_internal/executor/runs/#{run_id}",
+          headers: auth_headers.merge('Accept-Encoding' => 'gzip, deflate')
 
-    it 'forwards POST to the executor /runs/:run_id/trigger endpoint with the body' do
-      post(
-        "/forest/_internal/workflow-executions/#{run_id}/trigger",
-        params: trigger_body.to_json,
-        headers: auth_headers
+      expect(HTTParty).to have_received(:get).with(
+        anything,
+        hash_including(headers: hash_excluding('Accept-Encoding'))
       )
+    end
+  end
 
-      expect(HTTParty).to have_received(:post).with(
-        "#{executor_url}/runs/#{run_id}/trigger",
-        hash_including(
-          headers: hash_including('Authorization' => "Bearer #{bearer_token}"),
-          body: trigger_body.to_json
-        )
-      )
+  describe 'SSRF guard (cannot escape the executor origin)' do
+    [
+      '..',
+      '../mcp-oauth-credentials',
+      "#{'run_abc123'}/../../mcp-oauth-credentials",
+      '%2e%2e/mcp-oauth-credentials'
+    ].each do |evil_path|
+      it "rejects #{evil_path.inspect} with 404 and never forwards" do
+        get "/forest/_internal/executor/#{evil_path}", headers: auth_headers
+
+        expect(response.status).to eq(404)
+        expect(HTTParty).not_to have_received(:get)
+      end
     end
+  end
 
-    it 'returns the executor response' do
-      post(
-        "/forest/_internal/workflow-executions/#{run_id}/trigger",
-        params: trigger_body.to_json,
-        headers: auth_headers
-      )
+  describe 'authentication' do
+    it 'rejects unauthenticated requests with 401' do
+      get "/forest/_internal/executor/runs/#{run_id}"
 
-      expect(response.status).to eq(200)
-      expect(JSON.parse(response.body)).to eq('id' => run_id, 'state' => 'pending')
+      expect(response.status).to eq(401)
+      expect(HTTParty).not_to have_received(:get)
     end
   end
 
   describe 'when the executor returns an error status' do
     let(:executor_response) do
-      instance_double(HTTParty::Response, parsed_response: { 'error' => 'invalid_step' }, code: 422)
+      instance_double(
+        HTTParty::Response,
+        parsed_response: { 'error' => 'invalid_step' },
+        code: 422,
+        headers: { 'content-type' => 'application/json' }
+      )
     end
 
     it 'forwards the executor status and body to the client' do
-      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
 
       expect(response.status).to eq(422)
       expect(JSON.parse(response.body)).to eq('error' => 'invalid_step')
@@ -125,7 +187,20 @@ describe 'Workflow executor proxy', type: :request do
     end
 
     it 'returns 503 service_unavailable' do
-      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
+
+      expect(response.status).to eq(503)
+      expect(JSON.parse(response.body)).to eq('error' => 'workflow_executor_unreachable')
+    end
+  end
+
+  describe 'when the executor connection fails at the transport level (e.g. SSL)' do
+    before do
+      allow(HTTParty).to receive(:get).and_raise(OpenSSL::SSL::SSLError.new('cert verify failed'))
+    end
+
+    it 'returns 503 rather than a generic 500' do
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
 
       expect(response.status).to eq(503)
       expect(JSON.parse(response.body)).to eq('error' => 'workflow_executor_unreachable')
@@ -145,7 +220,7 @@ describe 'Workflow executor proxy', type: :request do
       # Note: routes are mounted at boot based on workflow_executor_url being
       # present. This test exercises the runtime guard inside the controller
       # for scenarios where config is mutated after boot (e.g. tests).
-      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+      get "/forest/_internal/executor/runs/#{run_id}", headers: auth_headers
 
       expect(response.status).to eq(404)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forest_liana
 version: !ruby/object:Gem::Version
-  version: 9.19.0
+  version: 9.20.0
 platform: ruby
 authors:
 - Sandro Munda
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-06-10 00:00:00.000000000 Z
+date: 2026-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails