Add redirect handling to HTTP client

Author: ShocOne

httpclient/httpclient_request.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/deploymenttheory/go-api-http-client/logger"
+	"github.com/deploymenttheory/go-api-http-client/redirecthandler"
 	"github.com/deploymenttheory/go-api-http-client/status"
 	"github.com/google/uuid"
 	"go.uber.org/zap"
@@ -17,8 +18,10 @@ import (
 // This function serves as a dispatcher, deciding whether to execute the request with or without retry logic based on the
 // idempotency of the HTTP method. Idempotent methods (GET, PUT, DELETE) are executed with retries to handle transient errors
 // and rate limits, while non-idempotent methods (POST, PATCH) are executed without retries to avoid potential side effects
-// of duplicating non-idempotent operations. function uses an instance of a logger implementing the logger.Logger interface, used to log informational messages, warnings, and
-// errors encountered during the execution of the request.
+// of duplicating non-idempotent operations. The function uses an instance of a logger implementing the logger.Logger interface,
+// used to log informational messages, warnings, and errors encountered during the execution of the request.
+// It also applies redirect handling to the client if configured, allowing the client to follow redirects up to a maximum
+// number of times.
 
 // Parameters:
 // - method: A string representing the HTTP method to be used for the request. This method determines the execution path
@@ -59,9 +62,12 @@ import (
 //   including maximum retry attempts and total retry duration.
 
 func (c *Client) DoRequest(method, endpoint string, body, out interface{}) (*http.Response, error) {
-
 	log := c.Logger
 
+	// Apply redirect handling to the client with MaxRedirects set to 10
+	redirectHandler := redirecthandler.NewRedirectHandler(log, 10)
+	redirectHandler.WithRedirectHandling(c.httpClient)
+
 	if IsIdempotentHTTPMethod(method) {
 		return c.executeRequestWithRetries(method, endpoint, body, out)
 	} else if IsNonIdempotentHTTPMethod(method) {

redirecthandler/redirecthandler.go

@@ -0,0 +1,120 @@
+package redirecthandler
+
+import (
+	"net/http"
+	"net/url"
+	"sync"
+
+	"github.com/deploymenttheory/go-api-http-client/logger"
+	"github.com/deploymenttheory/go-api-http-client/status"
+	"go.uber.org/zap"
+)
+
+// RedirectHandler handles HTTP redirects within an http.Client.
+// It provides features such as redirect loop detection, security enhancements,
+// and integration with client settings for fine-grained control over redirect behavior.
+type RedirectHandler struct {
+	Logger           logger.Logger
+	MaxRedirects     int
+	VisitedURLs      map[string]int
+	VisitedURLsMutex sync.Mutex
+	SensitiveHeaders []string
+}
+
+// NewRedirectHandler creates a new instance of RedirectHandler with the provided logger
+// and maximum number of redirects. It initializes internal structures and is ready to use.
+func NewRedirectHandler(logger logger.Logger, maxRedirects int) *RedirectHandler {
+	return &RedirectHandler{
+		Logger:           logger,
+		MaxRedirects:     maxRedirects,
+		VisitedURLs:      make(map[string]int),
+		SensitiveHeaders: []string{"Authorization", "Cookie"}, // Add other sensitive headers if needed
+	}
+}
+
+// WithRedirectHandling applies the redirect handling policy to an http.Client.
+// It sets the CheckRedirect function on the client to use the handler's logic.
+func (r *RedirectHandler) WithRedirectHandling(client *http.Client) {
+	client.CheckRedirect = r.checkRedirect
+}
+
+// checkRedirect is the core function that implements the redirect handling logic.
+// It is set as the CheckRedirect function on an http.Client and is called whenever
+// the client encounters a 3XX response. It enforces the max redirects limit,
+// detects redirect loops, applies security measures for cross-domain redirects,
+// resolves relative redirects, and optimizes performance.
+func (r *RedirectHandler) checkRedirect(req *http.Request, via []*http.Request) error {
+	// Redirect Loop Detection
+	r.VisitedURLsMutex.Lock()
+	defer r.VisitedURLsMutex.Unlock()
+	if _, exists := r.VisitedURLs[req.URL.String()]; exists {
+		r.Logger.Warn("Detected redirect loop", zap.String("url", req.URL.String()))
+		return http.ErrUseLastResponse
+	}
+	r.VisitedURLs[req.URL.String()]++
+
+	if len(via) >= r.MaxRedirects {
+		r.Logger.Warn("Stopped after maximum redirects", zap.Int("maxRedirects", r.MaxRedirects))
+		return http.ErrUseLastResponse
+	}
+
+	lastResponse := via[len(via)-1].Response
+	if status.IsRedirectStatusCode(lastResponse.StatusCode) {
+		location, err := lastResponse.Location()
+		if err != nil {
+			r.Logger.Error("Failed to get location from redirect response", zap.Error(err))
+			return err
+		}
+
+		// Resolve relative redirects against the current request URL
+		newReqURL, err := r.resolveRedirectURL(req.URL, location)
+		if err != nil {
+			r.Logger.Error("Failed to resolve redirect URL", zap.Error(err))
+			return err
+		}
+
+		// Security Measures
+		if newReqURL.Host != req.URL.Host {
+			r.secureRequest(req)
+		}
+
+		// Handling 303 See Other
+		if lastResponse.StatusCode == http.StatusSeeOther {
+			req.Method = http.MethodGet
+			req.Body = nil
+			req.GetBody = nil
+			req.ContentLength = 0
+			req.Header.Del("Content-Type")
+			r.Logger.Info("Changed request method to GET for 303 See Other response")
+		}
+
+		req.URL = newReqURL
+		r.Logger.Info("Redirecting request", zap.String("newURL", newReqURL.String()))
+		return nil
+	}
+
+	return http.ErrUseLastResponse
+}
+
+// resolveRedirectURL resolves the redirect location URL against the current request URL
+// to handle relative redirects accurately.
+func (r *RedirectHandler) resolveRedirectURL(reqURL *url.URL, redirectURL *url.URL) (*url.URL, error) {
+	if redirectURL.IsAbs() {
+		return redirectURL, nil // Absolute URL, no need to resolve
+	}
+
+	// Relative URL, resolve against the current request URL
+	absoluteURL := *reqURL
+	absoluteURL.Path = redirectURL.Path
+	absoluteURL.RawQuery = redirectURL.RawQuery
+	absoluteURL.Fragment = redirectURL.Fragment
+	return &absoluteURL, nil
+}
+
+// secureRequest removes sensitive headers from the request if the new destination is a different domain.
+func (r *RedirectHandler) secureRequest(req *http.Request) {
+	for _, header := range r.SensitiveHeaders {
+		req.Header.Del(header)
+		r.Logger.Info("Removed sensitive header due to domain change", zap.String("header", header))
+	}
+}

status/status.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 )
 
+// TranslateStatusCode provides a human-readable message for HTTP status codes.
 // TranslateStatusCode provides a human-readable message for HTTP status codes.
 func TranslateStatusCode(resp *http.Response) string {
 
@@ -15,36 +16,48 @@ func TranslateStatusCode(resp *http.Response) string {
 	}
 
 	messages := map[int]string{
-		http.StatusOK:                            "Request successful.",
-		http.StatusCreated:                       "Request to create or update resource successful.",
-		http.StatusAccepted:                      "The request was accepted for processing, but the processing has not completed.",
-		http.StatusNoContent:                     "Request successful. No content to send for this request.",
-		http.StatusBadRequest:                    "Bad request. Verify the syntax of the request.",
-		http.StatusUnauthorized:                  "Authentication failed. Verify the credentials being used for the request.",
-		http.StatusPaymentRequired:               "Payment required. Access to the requested resource requires payment.",
-		http.StatusForbidden:                     "Invalid permissions. Verify the account has the proper permissions for the resource.",
-		http.StatusNotFound:                      "Resource not found. Verify the URL path is correct.",
-		http.StatusMethodNotAllowed:              "Method not allowed. The method specified is not allowed for the resource.",
-		http.StatusNotAcceptable:                 "Not acceptable. The server cannot produce a response matching the list of acceptable values.",
-		http.StatusProxyAuthRequired:             "Proxy authentication required. You must authenticate with a proxy server before this request can be served.",
-		http.StatusRequestTimeout:                "Request timeout. The server timed out waiting for the request.",
-		http.StatusConflict:                      "Conflict. The request could not be processed because of conflict in the request.",
-		http.StatusGone:                          "Gone. The resource requested is no longer available and will not be available again.",
-		http.StatusLengthRequired:                "Length required. The request did not specify the length of its content, which is required by the requested resource.",
-		http.StatusPreconditionFailed:            "Precondition failed. The server does not meet one of the preconditions specified in the request.",
-		http.StatusRequestEntityTooLarge:         "Payload too large. The request is larger than the server is willing or able to process.",
-		http.StatusRequestURITooLong:             "Request-URI too long. The URI provided was too long for the server to process.",
-		http.StatusUnsupportedMediaType:          "Unsupported media type. The request entity has a media type which the server or resource does not support.",
-		http.StatusRequestedRangeNotSatisfiable:  "Requested range not satisfiable. The client has asked for a portion of the file, but the server cannot supply that portion.",
-		http.StatusExpectationFailed:             "Expectation failed. The server cannot meet the requirements of the Expect request-header field.",
-		http.StatusUnprocessableEntity:           "Unprocessable entity. The server understands the content type and syntax of the request but was unable to process the contained instructions.",
-		http.StatusLocked:                        "Locked. The resource that is being accessed is locked.",
-		http.StatusFailedDependency:              "Failed dependency. The request failed because it depended on another request and that request failed.",
-		http.StatusUpgradeRequired:               "Upgrade required. The client should switch to a different protocol.",
-		http.StatusPreconditionRequired:          "Precondition required. The server requires that the request be conditional.",
-		http.StatusTooManyRequests:               "Too many requests. The user has sent too many requests in a given amount of time.",
-		http.StatusRequestHeaderFieldsTooLarge:   "Request header fields too large. The server is unwilling to process the request because its header fields are too large.",
-		http.StatusUnavailableForLegalReasons:    "Unavailable for legal reasons. The server is denying access to the resource as a consequence of a legal demand.",
+		// Successful responses (200-299)
+		http.StatusOK:        "Request successful.",
+		http.StatusCreated:   "Request to create or update resource successful.",
+		http.StatusAccepted:  "The request was accepted for processing, but the processing has not completed.",
+		http.StatusNoContent: "Request successful. No content to send for this request.",
+
+		// Redirect status codes (300-399)
+		http.StatusMovedPermanently:  "Moved Permanently. The requested resource has been assigned a new permanent URI. Future references should use the returned URI.",
+		http.StatusFound:             "Found. The requested resource resides temporarily under a different URI. The client should use the Request-URI for future requests.",
+		http.StatusSeeOther:          "See Other. The response to the request can be found under a different URI. A GET method should be used to retrieve the resource.",
+		http.StatusTemporaryRedirect: "Temporary Redirect. The requested resource resides temporarily under a different URI. The request method should not change.",
+		http.StatusPermanentRedirect: "Permanent Redirect. The requested resource has been permanently moved to a new URI. The request method should not change.",
+
+		// Client error responses (400-499)
+		http.StatusBadRequest:                   "Bad request. Verify the syntax of the request.",
+		http.StatusUnauthorized:                 "Authentication failed. Verify the credentials being used for the request.",
+		http.StatusPaymentRequired:              "Payment required. Access to the requested resource requires payment.",
+		http.StatusForbidden:                    "Invalid permissions. Verify the account has the proper permissions for the resource.",
+		http.StatusNotFound:                     "Resource not found. Verify the URL path is correct.",
+		http.StatusMethodNotAllowed:             "Method not allowed. The method specified is not allowed for the resource.",
+		http.StatusNotAcceptable:                "Not acceptable. The server cannot produce a response matching the list of acceptable values.",
+		http.StatusProxyAuthRequired:            "Proxy authentication required. You must authenticate with a proxy server before this request can be served.",
+		http.StatusRequestTimeout:               "Request timeout. The server timed out waiting for the request.",
+		http.StatusConflict:                     "Conflict. The request could not be processed because of conflict in the request.",
+		http.StatusGone:                         "Gone. The resource requested is no longer available and will not be available again.",
+		http.StatusLengthRequired:               "Length required. The request did not specify the length of its content, which is required by the requested resource.",
+		http.StatusPreconditionFailed:           "Precondition failed. The server does not meet one of the preconditions specified in the request.",
+		http.StatusRequestEntityTooLarge:        "Payload too large. The request is larger than the server is willing or able to process.",
+		http.StatusRequestURITooLong:            "Request-URI too long. The URI provided was too long for the server to process.",
+		http.StatusUnsupportedMediaType:         "Unsupported media type. The request entity has a media type which the server or resource does not support.",
+		http.StatusRequestedRangeNotSatisfiable: "Requested range not satisfiable. The client has asked for a portion of the file, but the server cannot supply that portion.",
+		http.StatusExpectationFailed:            "Expectation failed. The server cannot meet the requirements of the Expect request-header field.",
+		http.StatusUnprocessableEntity:          "Unprocessable entity. The server understands the content type and syntax of the request but was unable to process the contained instructions.",
+		http.StatusLocked:                       "Locked. The resource that is being accessed is locked.",
+		http.StatusFailedDependency:             "Failed dependency. The request failed because it depended on another request and that request failed.",
+		http.StatusUpgradeRequired:              "Upgrade required. The client should switch to a different protocol.",
+		http.StatusPreconditionRequired:         "Precondition required. The server requires that the request be conditional.",
+		http.StatusTooManyRequests:              "Too many requests. The user has sent too many requests in a given amount of time.",
+		http.StatusRequestHeaderFieldsTooLarge:  "Request header fields too large. The server is unwilling to process the request because its header fields are too large.",
+		http.StatusUnavailableForLegalReasons:   "Unavailable for legal reasons. The server is denying access to the resource as a consequence of a legal demand.",
+
+		// Server error responses (500-599)
 		http.StatusInternalServerError:           "Internal server error. The server encountered an unexpected condition that prevented it from fulfilling the request.",
 		http.StatusNotImplemented:                "Not implemented. The server does not support the functionality required to fulfill the request.",
 		http.StatusBadGateway:                    "Bad gateway. The server received an invalid response from the upstream server while trying to fulfill the request.",
@@ -61,6 +74,29 @@ func TranslateStatusCode(resp *http.Response) string {
 	return fmt.Sprintf("Unknown status code: %d", resp.StatusCode)
 }
 
+// IsRedirectStatusCode checks if the provided HTTP status code is one of the redirect codes.
+// Redirect status codes instruct the client to make a new request to a different URI, as defined in the response's Location header.
+//
+// - 301 Moved Permanently: The requested resource has been assigned a new permanent URI and any future references to this resource should use one of the returned URIs.
+// - 302 Found: The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client should continue to use the Request-URI for future requests.
+// - 303 See Other: The response to the request can be found under a different URI and should be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource.
+// - 307 Temporary Redirect: The requested resource resides temporarily under a different URI. The client should not change the request method if it performs an automatic redirection to that URI.
+// - 308 Permanent Redirect: The request and all future requests should be repeated using another URI. 308 parallel the behavior of 301 but do not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly.
+//
+// The function returns true if the statusCode is one of the above redirect statuses, indicating that the client should follow the redirection as specified in the Location header of the response.
+func IsRedirectStatusCode(statusCode int) bool {
+	switch statusCode {
+	case http.StatusMovedPermanently, // 301
+		http.StatusFound,             // 302
+		http.StatusSeeOther,          // 303
+		http.StatusTemporaryRedirect, // 307
+		http.StatusPermanentRedirect: // 308
+		return true
+	default:
+		return false
+	}
+}
+
 // IsNonRetryableStatusCode checks if the provided response indicates a non-retryable error.
 func IsNonRetryableStatusCode(resp *http.Response) bool {
 	// Expanded list of non-retryable HTTP status codes