big refactoring

2025-04-17 14:55:34 +02:00 · 2025-04-17 14:55:34 +02:00 · 3829a46f87
commit 3829a46f87
parent 47538621c9
1 changed files with 80 additions and 62 deletions
--- a/command/serve.go
+++ b/command/serve.go
@ -151,36 +151,25 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
 	mr, ok := containerMethodRegex["*"]
 	if ok {
+		ph.checkMethodAndRegex(w, r, mr)
+		/*
 			var req *regexp.Regexp
 			req, ok = mr[r.Method]
 			if !ok {
-			log.Error().
-				Str("remote_addr", r.RemoteAddr).
-				Str("method", r.Method).
-				Str("path", r.URL.Path).
-				Str("decision", "denied").
-				Msg("this HTTP method is not in the list of those authorized for this container")
+				logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
+
 				http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
 				return
 			}
 			if !req.MatchString(r.URL.Path) {
-			log.Error().
-				Str("remote_addr", r.RemoteAddr).
-				Str("method", r.Method).
-				Str("path", r.URL.Path).
-				Str("decision", "denied").
-				Msg("this path does not match any regular expression for this HTTP method")
+				logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
 				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 				return
 			}
-		log.Info().
-			Str("remote_addr", r.RemoteAddr).
-			Str("method", r.Method).
-			Str("path", r.URL.Path).
-			Str("decision", "authorized").
-			Msg("incoming request matches a registered regular expression")
+			logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
 			ph.rp.ServeHTTP(w, r)
 			return
+		*/
 	}
 	var (
 		containerName string
@ -193,49 +182,78 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 		for _, resolvedIP := range resolvedIPs {
 			if resolvedIP.Equal(net.ParseIP(host)) {
+				ph.checkMethodAndRegex(w, r, mr)
+				/*
 					var req *regexp.Regexp
 					req, ok = mr[r.Method]
 					if !ok {
-					log.Error().
-						Str("remote_addr", r.RemoteAddr).
-						Str("method", r.Method).
-						Str("path", r.URL.Path).
-						Str("decision", "denied").
-						Msg("this HTTP method is not in the list of those authorized for this container")
+						logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
 						http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
 						return
 					}
 					if !req.MatchString(r.URL.Path) {
-					log.Error().
-						Str("remote_addr", r.RemoteAddr).
-						Str("method", r.Method).
-						Str("path", r.URL.Path).
-						Str("decision", "denied").
-						Msg("this path does not match any regular expression for this HTTP method")
+						logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
 						http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 						return
 					}
+					logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression")
+
+					ph.rp.ServeHTTP(w, r)
+					return
+				*/
+			}
+		}
+	}
+	logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones")
+	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+	return
+}
+
+func logDeniedRequest(r *http.Request, statusCode int, message string) {
+	log.Error().
+		Str("remote_addr", r.RemoteAddr).Str("method", r.Method).
+		Str("path", r.URL.Path).Int("status_code", statusCode).
+		Str("status_text", http.StatusText(statusCode)).Msg(message)
+}
+
+func logAuthorizedRequest(r *http.Request, containerName, message string) {
+	l := log.Info().
+		Str("remote_addr", r.RemoteAddr).
+		Str("method", r.Method).
+		Str("path", r.URL.Path).
+		Int("status_code", http.StatusOK).
+		Str("status_text", http.StatusText(http.StatusOK))
+	if containerName != "" {
+		l.Str("container_name", containerName)
+	}
+	l.Msg(message)
+}
+
+func (ph *ProxyHandler) checkMethodAndRegex(w http.ResponseWriter, r *http.Request, mr methodRegex) {
+	req, ok := mr[r.Method]
+	if !ok {
+		logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
+		return
+	}
+	if !req.MatchString(r.URL.Path) {
+		logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
+		http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+		return
+	}
+	logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
+	/*
 		log.Info().
 			Str("remote_addr", r.RemoteAddr).
 			Str("method", r.Method).
 			Str("path", r.URL.Path).
-					Str("decision", "authorized").
-					Str("from", containerName).
+			Int("status_code", http.StatusOK).
+			Str("status_text", http.StatusText(http.StatusOK)).
 			Msg("incoming request matches a registered regular expression")
+	*/
 	ph.rp.ServeHTTP(w, r)
 	return
 }
-		}
-	}
-	log.Error().
-		Str("remote_addr", r.RemoteAddr).
-		Str("method", r.Method).
-		Str("path", r.URL.Path).
-		Str("decision", "denied").
-		Msg("this container is not on the list of authorized ones")
-	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-	return
-}

 // action is executed when the ServeCmd command is called.
 func (s serve) action(ctx context.Context, command *cli.Command) error {