big refactoring
This commit is contained in:
Adrien PONSIN
parent
47538621c9
commit
3829a46f87
142
command/serve.go
142
command/serve.go
@ -151,36 +151,25 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
|
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
|
||||||
mr, ok := containerMethodRegex["*"]
|
mr, ok := containerMethodRegex["*"]
|
||||||
if ok {
|
if ok {
|
||||||
var req *regexp.Regexp
|
ph.checkMethodAndRegex(w, r, mr)
|
||||||
req, ok = mr[r.Method]
|
/*
|
||||||
if !ok {
|
var req *regexp.Regexp
|
||||||
log.Error().
|
req, ok = mr[r.Method]
|
||||||
Str("remote_addr", r.RemoteAddr).
|
if !ok {
|
||||||
Str("method", r.Method).
|
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "denied").
|
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||||
Msg("this HTTP method is not in the list of those authorized for this container")
|
return
|
||||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
}
|
||||||
|
if !req.MatchString(r.URL.Path) {
|
||||||
|
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
|
||||||
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
|
||||||
|
ph.rp.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
*/
|
||||||
if !req.MatchString(r.URL.Path) {
|
|
||||||
log.Error().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "denied").
|
|
||||||
Msg("this path does not match any regular expression for this HTTP method")
|
|
||||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
log.Info().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "authorized").
|
|
||||||
Msg("incoming request matches a registered regular expression")
|
|
||||||
ph.rp.ServeHTTP(w, r)
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
var (
|
var (
|
||||||
containerName string
|
containerName string
|
||||||
@ -193,47 +182,76 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
for _, resolvedIP := range resolvedIPs {
|
for _, resolvedIP := range resolvedIPs {
|
||||||
if resolvedIP.Equal(net.ParseIP(host)) {
|
if resolvedIP.Equal(net.ParseIP(host)) {
|
||||||
var req *regexp.Regexp
|
ph.checkMethodAndRegex(w, r, mr)
|
||||||
req, ok = mr[r.Method]
|
/*
|
||||||
if !ok {
|
var req *regexp.Regexp
|
||||||
log.Error().
|
req, ok = mr[r.Method]
|
||||||
Str("remote_addr", r.RemoteAddr).
|
if !ok {
|
||||||
Str("method", r.Method).
|
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
|
||||||
Str("path", r.URL.Path).
|
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||||
Str("decision", "denied").
|
return
|
||||||
Msg("this HTTP method is not in the list of those authorized for this container")
|
}
|
||||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
if !req.MatchString(r.URL.Path) {
|
||||||
|
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
|
||||||
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression")
|
||||||
|
|
||||||
|
ph.rp.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
*/
|
||||||
if !req.MatchString(r.URL.Path) {
|
|
||||||
log.Error().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "denied").
|
|
||||||
Msg("this path does not match any regular expression for this HTTP method")
|
|
||||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
log.Info().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "authorized").
|
|
||||||
Str("from", containerName).
|
|
||||||
Msg("incoming request matches a registered regular expression")
|
|
||||||
ph.rp.ServeHTTP(w, r)
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones")
|
||||||
|
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func logDeniedRequest(r *http.Request, statusCode int, message string) {
|
||||||
log.Error().
|
log.Error().
|
||||||
|
Str("remote_addr", r.RemoteAddr).Str("method", r.Method).
|
||||||
|
Str("path", r.URL.Path).Int("status_code", statusCode).
|
||||||
|
Str("status_text", http.StatusText(statusCode)).Msg(message)
|
||||||
|
}
|
||||||
|
|
||||||
|
func logAuthorizedRequest(r *http.Request, containerName, message string) {
|
||||||
|
l := log.Info().
|
||||||
Str("remote_addr", r.RemoteAddr).
|
Str("remote_addr", r.RemoteAddr).
|
||||||
Str("method", r.Method).
|
Str("method", r.Method).
|
||||||
Str("path", r.URL.Path).
|
Str("path", r.URL.Path).
|
||||||
Str("decision", "denied").
|
Int("status_code", http.StatusOK).
|
||||||
Msg("this container is not on the list of authorized ones")
|
Str("status_text", http.StatusText(http.StatusOK))
|
||||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
if containerName != "" {
|
||||||
|
l.Str("container_name", containerName)
|
||||||
|
}
|
||||||
|
l.Msg(message)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ph *ProxyHandler) checkMethodAndRegex(w http.ResponseWriter, r *http.Request, mr methodRegex) {
|
||||||
|
req, ok := mr[r.Method]
|
||||||
|
if !ok {
|
||||||
|
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
|
||||||
|
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if !req.MatchString(r.URL.Path) {
|
||||||
|
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
|
||||||
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
|
||||||
|
/*
|
||||||
|
log.Info().
|
||||||
|
Str("remote_addr", r.RemoteAddr).
|
||||||
|
Str("method", r.Method).
|
||||||
|
Str("path", r.URL.Path).
|
||||||
|
Int("status_code", http.StatusOK).
|
||||||
|
Str("status_text", http.StatusText(http.StatusOK)).
|
||||||
|
Msg("incoming request matches a registered regular expression")
|
||||||
|
*/
|
||||||
|
ph.rp.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user