[PR #2524] [MERGED] fix: path-based routing broken due to key collisions in sanitize() #7814

New Issue

Closed

opened 2026-04-25 16:26:24 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-25 16:26:24 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/2524
Author: @shreyaspapi
Created: 2/23/2026
Status: ✅ Merged
Merged: 3/8/2026
Merged by: @oschwartz10612

Base: dev ← Head: fix/2294-path-based-routing

---

📝 Commits (4)

• 5f18c06 fix: use collision-free path encoding for Traefik router key generation
• e58f0c9 fix: preserve backward-compatible router names while fixing path collisions
• 244f497 test: add comprehensive backward compatibility tests for path routing fix
• 75a9097 fix: simplify path encoding per review — inline utils, use single key scheme

📊 Changes

4 files changed (+364 additions, -13 deletions)

View changed files

📝 server/lib/traefik/getTraefikConfig.ts (+9 -7)
➕ server/lib/traefik/pathEncoding.test.ts (+323 -0)
📝 server/lib/traefik/utils.ts (+20 -0)
📝 server/private/lib/traefik/getTraefikConfig.ts (+12 -6)

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Fixes #2294

What this fixes

The sanitize() function used to generate internal map keys for grouping targets in getTraefikConfig can cause path collisions. It replaces all non-alphanumeric characters (including /, ., _) with dashes and collapses them, so structurally different paths can produce the same key:

• sanitize("/a/b") = "a-b"
• sanitize("/a-b") = "a-b" (same!)

When two targets get the same key, they're grouped into one loadbalancer service and Traefik round-robins between them instead of routing by path.

Note: this specific collision doesn't affect the / vs /api scenario reported in the issue (those already produce different keys), but it would affect setups with paths like /api/v1 vs /api-v1 or /app.v2 vs /app/v2.

How to test?

1. Create two resources with paths that would collide under old sanitization (e.g., /api/v1 and /api-v1)
2. Verify they route to their correct backends independently (no round-robin)
3. Verify existing resources with simple paths still work with the same router names

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/2524 **Author:** [@shreyaspapi](https://github.com/shreyaspapi) **Created:** 2/23/2026 **Status:** ✅ Merged **Merged:** 3/8/2026 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `fix/2294-path-based-routing` --- ### 📝 Commits (4) - [`5f18c06`](https://github.com/fosrl/pangolin/commit/5f18c06e03695b2567ccd802c830d6533d825773) fix: use collision-free path encoding for Traefik router key generation - [`e58f0c9`](https://github.com/fosrl/pangolin/commit/e58f0c9f07cafe58b33e2f2b718709f528d1900c) fix: preserve backward-compatible router names while fixing path collisions - [`244f497`](https://github.com/fosrl/pangolin/commit/244f497a9c0c0cbdd99ac6ae2336e65c51a3a88b) test: add comprehensive backward compatibility tests for path routing fix - [`75a9097`](https://github.com/fosrl/pangolin/commit/75a909784af857e27de2de69af74aa4fdd4e80cd) fix: simplify path encoding per review — inline utils, use single key scheme ### 📊 Changes **4 files changed** (+364 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `server/lib/traefik/getTraefikConfig.ts` (+9 -7) ➕ `server/lib/traefik/pathEncoding.test.ts` (+323 -0) 📝 `server/lib/traefik/utils.ts` (+20 -0) 📝 `server/private/lib/traefik/getTraefikConfig.ts` (+12 -6) </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Fixes #2294 ## What this fixes The `sanitize()` function used to generate internal map keys for grouping targets in `getTraefikConfig` can cause path collisions. It replaces all non-alphanumeric characters (including `/`, `.`, `_`) with dashes and collapses them, so structurally different paths can produce the same key: - `sanitize("/a/b")` = `"a-b"` - `sanitize("/a-b")` = `"a-b"` (same!) When two targets get the same key, they're grouped into one loadbalancer service and Traefik round-robins between them instead of routing by path. Note: this specific collision doesn't affect the `/` vs `/api` scenario reported in the issue (those already produce different keys), but it would affect setups with paths like `/api/v1` vs `/api-v1` or `/app.v2` vs `/app/v2`. ## How to test? 1. Create two resources with paths that would collide under old sanitization (e.g., `/api/v1` and `/api-v1`) 2. Verify they route to their correct backends independently (no round-robin) 3. Verify existing resources with simple paths still work with the same router names --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-25 16:26:24 -05:00

GiteaMirror closed this issue 2026-04-25 16:26:25 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

resource-policies

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

redis

crowdin_dev

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#7814