From 3829a46f87fabfc5d44d32a2509da650491e2840 Mon Sep 17 00:00:00 2001 From: Adrien PONSIN Date: Thu, 17 Apr 2025 14:55:34 +0200 Subject: [PATCH] big refactoring --- command/serve.go | 142 ++++++++++++++++++++++++++--------------------- 1 file changed, 80 insertions(+), 62 deletions(-) diff --git a/command/serve.go b/command/serve.go index 3cb5e51..b4a65c3 100644 --- a/command/serve.go +++ b/command/serve.go @@ -151,36 +151,25 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request") mr, ok := containerMethodRegex["*"] if ok { - var req *regexp.Regexp - req, ok = mr[r.Method] - if !ok { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this HTTP method is not in the list of those authorized for this container") - http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) + ph.checkMethodAndRegex(w, r, mr) + /* + var req *regexp.Regexp + req, ok = mr[r.Method] + if !ok { + logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container") + + http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) + return + } + if !req.MatchString(r.URL.Path) { + logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method") + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + logAuthorizedRequest(r, "", "incoming request matches a registered regular expression") + ph.rp.ServeHTTP(w, r) return - } - if !req.MatchString(r.URL.Path) { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this path does not match any regular expression for this HTTP method") - http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) - return - } - log.Info(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "authorized"). - Msg("incoming request matches a registered regular expression") - ph.rp.ServeHTTP(w, r) - return + */ } var ( containerName string @@ -193,47 +182,76 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } for _, resolvedIP := range resolvedIPs { if resolvedIP.Equal(net.ParseIP(host)) { - var req *regexp.Regexp - req, ok = mr[r.Method] - if !ok { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this HTTP method is not in the list of those authorized for this container") - http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) + ph.checkMethodAndRegex(w, r, mr) + /* + var req *regexp.Regexp + req, ok = mr[r.Method] + if !ok { + logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container") + http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) + return + } + if !req.MatchString(r.URL.Path) { + logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method") + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression") + + ph.rp.ServeHTTP(w, r) return - } - if !req.MatchString(r.URL.Path) { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this path does not match any regular expression for this HTTP method") - http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) - return - } - log.Info(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "authorized"). - Str("from", containerName). - Msg("incoming request matches a registered regular expression") - ph.rp.ServeHTTP(w, r) - return + */ } } } + logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones") + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return +} + +func logDeniedRequest(r *http.Request, statusCode int, message string) { log.Error(). + Str("remote_addr", r.RemoteAddr).Str("method", r.Method). + Str("path", r.URL.Path).Int("status_code", statusCode). + Str("status_text", http.StatusText(statusCode)).Msg(message) +} + +func logAuthorizedRequest(r *http.Request, containerName, message string) { + l := log.Info(). Str("remote_addr", r.RemoteAddr). Str("method", r.Method). Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this container is not on the list of authorized ones") - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + Int("status_code", http.StatusOK). + Str("status_text", http.StatusText(http.StatusOK)) + if containerName != "" { + l.Str("container_name", containerName) + } + l.Msg(message) +} + +func (ph *ProxyHandler) checkMethodAndRegex(w http.ResponseWriter, r *http.Request, mr methodRegex) { + req, ok := mr[r.Method] + if !ok { + logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container") + http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) + return + } + if !req.MatchString(r.URL.Path) { + logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method") + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + logAuthorizedRequest(r, "", "incoming request matches a registered regular expression") + /* + log.Info(). + Str("remote_addr", r.RemoteAddr). + Str("method", r.Method). + Str("path", r.URL.Path). + Int("status_code", http.StatusOK). + Str("status_text", http.StatusText(http.StatusOK)). + Msg("incoming request matches a registered regular expression") + */ + ph.rp.ServeHTTP(w, r) return }