From 653721541ca3d946c8690f0ef13d08124d8c2a94 Mon Sep 17 00:00:00 2001 From: Tom DNetto Date: Wed, 7 Feb 2024 15:37:23 -0800 Subject: [PATCH] tsweb: normalize passkey identities in bucketed stats Signed-off-by: Tom DNetto Updates: corp#17075 --- tsweb/tsweb.go | 7 ++++--- tsweb/tsweb_test.go | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tsweb/tsweb.go b/tsweb/tsweb.go index 8d3cdd8b9..c69e65760 100644 --- a/tsweb/tsweb.go +++ b/tsweb/tsweb.go @@ -196,8 +196,8 @@ type BucketedStatsOptions struct { // normalizePathRegex matches components in a HTTP request path // that should be replaced. // -// See: https://regex101.com/r/WIfpaR/1 for the explainer and test cases. -var normalizePathRegex = regexp.MustCompile("([a-fA-F0-9]{9,}|([^\\/])+\\.([^\\/]){2,}|((n|k|u|L|t|S)[a-zA-Z0-9]{5,}(CNTRL|Djz1H|LV5CY|mxgaY|jNy1b)))") +// See: https://regex101.com/r/WIfpaR/3 for the explainer and test cases. +var normalizePathRegex = regexp.MustCompile("([a-fA-F0-9]{9,}|([^\\/])+\\.([^\\/]){2,}|((n|k|u|L|t|S)[a-zA-Z0-9]{5,}(CNTRL|Djz1H|LV5CY|mxgaY|jNy1b))|(([^\\/])+\\@passkey))") // NormalizedPath returns the given path with the following modifications: // @@ -206,7 +206,8 @@ var normalizePathRegex = regexp.MustCompile("([a-fA-F0-9]{9,}|([^\\/])+\\.([^\\/ // replaced by an ellipsis // - any path component containing a period with at least two characters // after the period (i.e. an email or domain) -// - any path component consisting of a common Tailscale Stable ID. +// - any path component consisting of a common Tailscale Stable ID +// - any path segment *@passkey. func NormalizedPath(p string) string { // Fastpath: No hex sequences in there we might have to trim. // Avoids allocating. diff --git a/tsweb/tsweb_test.go b/tsweb/tsweb_test.go index 154769ddc..cb9ea100a 100644 --- a/tsweb/tsweb_test.go +++ b/tsweb/tsweb_test.go @@ -686,6 +686,7 @@ func TestBucket(t *testing.T) { {"/a/831a4bf39856?refreshed=true", "/a/…"}, {"/c2n/nxaaa1CNTRL", "/c2n/…"}, {"/api/v2/tailnet/blueberries.com/keys/kxaDK21CNTRL", "/api/v2/tailnet/…/keys/…"}, + {"/api/v2/tailnet/bloop@passkey/devices", "/api/v2/tailnet/…/devices"}, } for _, tc := range tcs {