adrien/middleman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

big refactoring

Browse Source
This commit is contained in:
Adrien PONSIN 2025-04-17 14:55:34 +02:00
parent 47538621c9
commit 3829a46f87
No known key found for this signature in database
GPG Key ID: 7B4D4A32C05C475E
1 changed files with 80 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
command/serve.go
View File

@ -151,36 +151,25 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
mr, ok := containerMethodRegex["*"]
if ok {
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
ph.checkMethodAndRegex(w, r, mr)
/*
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
return
}
if !req.MatchString(r.URL.Path) {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
log.Info().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "authorized").
Msg("incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
return
*/
}
var (
containerName string
@ -193,47 +182,76 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(net.ParseIP(host)) {
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
ph.checkMethodAndRegex(w, r, mr)
/*
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
return
}
if !req.MatchString(r.URL.Path) {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
log.Info().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "authorized").
Str("from", containerName).
Msg("incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
return
*/
}
}
}
logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
func logDeniedRequest(r *http.Request, statusCode int, message string) {
log.Error().
Str("remote_addr", r.RemoteAddr).Str("method", r.Method).
Str("path", r.URL.Path).Int("status_code", statusCode).
Str("status_text", http.StatusText(statusCode)).Msg(message)
}
func logAuthorizedRequest(r *http.Request, containerName, message string) {
l := log.Info().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this container is not on the list of authorized ones")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
Int("status_code", http.StatusOK).
Str("status_text", http.StatusText(http.StatusOK))
if containerName != "" {
l.Str("container_name", containerName)
}
l.Msg(message)
}
func (ph *ProxyHandler) checkMethodAndRegex(w http.ResponseWriter, r *http.Request, mr methodRegex) {
req, ok := mr[r.Method]
if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
/*
log.Info().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Int("status_code", http.StatusOK).
Str("status_text", http.StatusText(http.StatusOK)).
Msg("incoming request matches a registered regular expression")
*/
ph.rp.ServeHTTP(w, r)
return
}