Fix restricted path

.github/workflows/main.yml

@@ -13,7 +13,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 'stable'
           check-latest: true
 
       - name: Check out code
@@ -30,7 +30,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 'stable'
           check-latest: true
 
       - name: Check out code

Makefile

@@ -21,5 +21,8 @@ check: ## Linting and static analysis
 
 	@./bin/golangci-lint run -c .golangci.yml
 
+	@go install golang.org/x/vuln/cmd/govulncheck@latest
+	@govulncheck ./... 
+
 help: ## Show help
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

cache.go

@@ -42,6 +42,7 @@ import (
 
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/gommon/log"
+	"golang.org/x/exp/slices"
 )
 
 // Response is the cached response data structure.
@@ -116,7 +117,7 @@ type Adapter interface {
 func (client *Client) Middleware() echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
-			if !client.isAllowedPathToCache(c.Request().URL.String()) {
+			if slices.Contains(client.restrictedPaths, c.Path()) {
 				return next(c)
 			}
 			if client.cacheableMethod(c.Request().Method) {
@@ -217,15 +218,6 @@ func (client *Client) cacheableMethod(method string) bool {
 	return false
 }
 
-func (client *Client) isAllowedPathToCache(URL string) bool {
-	for _, p := range client.restrictedPaths {
-		if strings.Contains(URL, p) {
-			return false
-		}
-	}
-	return true
-}
-
 // BytesToResponse converts bytes array into Response data structure.
 func BytesToResponse(b []byte) Response {
 	var r Response

cache_test.go

@@ -13,6 +13,8 @@ import (
 	"time"
 
 	"github.com/labstack/echo/v4"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type adapterMock struct {
@@ -31,7 +33,7 @@ func (a *adapterMock) Get(key uint64) ([]byte, bool) {
 	return nil, false
 }
 
-func (a *adapterMock) Set(key uint64, response []byte, expiration time.Time) error {
+func (a *adapterMock) Set(key uint64, response []byte, _ time.Time) error {
 	a.Lock()
 	defer a.Unlock()
 	a.store[key] = response
@@ -45,7 +47,7 @@ func (a *adapterMock) Release(key uint64) error {
 	return nil
 }
 
-func (errReader) Read(p []byte) (n int, err error) {
+func (errReader) Read(_ []byte) (n int, err error) {
 	return 0, errors.New("readAll error")
 }
 
@@ -83,6 +85,7 @@ func TestMiddleware(t *testing.T) {
 		ClientWithTTL(1*time.Minute),
 		ClientWithRefreshKey("rk"),
 		ClientWithMethods([]string{http.MethodGet, http.MethodPost}),
+		ClientWithRestrictedPaths([]string{"/restricted", "/another/:id/restricted"}),
 	)
 
 	middleware := client.Middleware()
@@ -228,6 +231,80 @@ func TestMiddleware(t *testing.T) {
 	}
 }
 
+func TestRestrictedPaths(t *testing.T) {
+	tests := []struct {
+		name        string
+		url         string
+		method      string
+		handlerPath string
+		restricted  bool
+	}{
+		{
+			name:        "restricted with path value",
+			url:         "/another/10/path",
+			handlerPath: "/another/:id/path",
+			method:      http.MethodGet,
+			restricted:  true,
+		},
+		{
+			name:        "restricted path",
+			url:         "/restricted",
+			handlerPath: "/restricted",
+			method:      http.MethodGet,
+			restricted:  true,
+		},
+		{
+			name:        "restricted with query param",
+			url:         "/restricted?foo=barr",
+			handlerPath: "/restricted",
+			method:      http.MethodGet,
+			restricted:  true,
+		},
+		{
+			name:        "not restricted path",
+			url:         "/not-restricted",
+			handlerPath: "/not-restricted",
+			method:      http.MethodGet,
+			restricted:  false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			e := echo.New()
+
+			adapter := &adapterMock{
+				store: map[uint64][]byte{},
+			}
+
+			client, _ := NewClient(
+				ClientWithAdapter(adapter),
+				ClientWithTTL(1*time.Minute),
+				ClientWithRefreshKey("rk"),
+				ClientWithMethods([]string{http.MethodGet, http.MethodPost}),
+				ClientWithRestrictedPaths([]string{"/restricted", "/another/:id/path"}),
+			)
+
+			rec := httptest.NewRecorder()
+			e.Use(client.Middleware())
+			e.Add(http.MethodGet, tt.handlerPath, func(c echo.Context) error {
+				return c.NoContent(http.StatusOK)
+			})
+
+			req, err := http.NewRequest(tt.method, tt.url, nil)
+			require.NoError(t, err)
+
+			e.Server.Handler.ServeHTTP(rec, req)
+
+			if tt.restricted {
+				assert.Len(t, adapter.store, 0)
+			} else {
+				assert.GreaterOrEqual(t, len(adapter.store), 1)
+			}
+		})
+	}
+}
+
 func TestBytesToResponse(t *testing.T) {
 	r := Response{
 		Value:      []byte("value 1"),

go.mod

@@ -3,44 +3,37 @@ module github.com/coinpaprika/echo-http-cache
 go 1.19
 
 require (
-	github.com/go-redis/cache/v8 v8.0.0-beta.11
-	github.com/go-redis/redis/v8 v8.0.0-beta.5
-	github.com/labstack/echo/v4 v4.9.1
+	github.com/go-redis/cache/v8 v8.4.4
+	github.com/go-redis/redis/v8 v8.11.5
+	github.com/labstack/echo/v4 v4.11.1
 	github.com/labstack/gommon v0.4.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/peterbourgon/diskv v2.0.1+incompatible
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.4
 )
 
 require (
-	github.com/VictoriaMetrics/fastcache v1.5.7 // indirect
-	github.com/cespare/xxhash v1.1.0 // indirect
-	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/vmihailenco/go-tinylfu v0.2.2 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+)
+
+require (
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200624174652-8d2f3be8b2d9 // indirect
-	github.com/golang/protobuf v1.4.2 // indirect
-	github.com/golang/snappy v0.0.3 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/go-cmp v0.5.4 // indirect
-	github.com/klauspost/compress v1.12.3 // indirect
+	github.com/klauspost/compress v1.13.6 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	github.com/vmihailenco/bufpool v0.1.11 // indirect
-	github.com/vmihailenco/msgpack/v5 v5.0.0-beta.1 // indirect
-	github.com/vmihailenco/tagparser v0.1.1 // indirect
-	go.opentelemetry.io/otel v0.7.0 // indirect
-	golang.org/x/crypto v0.3.0 // indirect
-	golang.org/x/net v0.2.0 // indirect
-	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 // indirect
-	golang.org/x/sys v0.2.0 // indirect
-	golang.org/x/text v0.4.0 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/appengine v1.6.6 // indirect
-	google.golang.org/grpc v1.30.0 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
+	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )