adrien/middleman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try fixing logic

Browse Source
This commit is contained in:
Adrien PONSIN 2025-04-17 17:11:00 +02:00
parent 52b4d44b4b
commit 3937b7cda5
No known key found for this signature in database
GPG Key ID: 7B4D4A32C05C475E
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
command/serve.go
View File

@ -151,14 +151,15 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request") log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
mr, ok := containerMethodRegex["*"] mr, ok := containerMethodRegex["*"]
if ok { if ok {
if ph.checkMethodAndRegex(mr, r, "") { if code := ph.checkMethodAndRegex(mr, r, ""); code != http.StatusOK {
ph.rp.ServeHTTP(w, r) http.Error(w, http.StatusText(code), code)
return return
} }
ph.rp.ServeHTTP(w, r)
return
} }
var ( var (
containerName string containerName string
authorized bool
host, _, _ = net.SplitHostPort(r.RemoteAddr) host, _, _ = net.SplitHostPort(r.RemoteAddr)
) )
for containerName, mr = range containerMethodRegex { for containerName, mr = range containerMethodRegex {
@ -168,19 +169,23 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
for _, resolvedIP := range resolvedIPs { for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(net.ParseIP(host)) { if resolvedIP.Equal(net.ParseIP(host)) {
if ph.checkMethodAndRegex(mr, r, containerName) { if code := ph.checkMethodAndRegex(mr, r, containerName); code != http.StatusOK {
authorized = true http.Error(w, http.StatusText(code), code)
break return
} }
ph.rp.ServeHTTP(w, r)
return
} }
} }
} }
if !authorized { http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones") return
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) /*
return if !authorized {
} http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
ph.rp.ServeHTTP(w, r) return
}
*/
} }
func logDeniedRequest(r *http.Request, statusCode int, message string) { func logDeniedRequest(r *http.Request, statusCode int, message string) {
@ -203,18 +208,18 @@ func logAuthorizedRequest(r *http.Request, containerName, message string) {
l.Msg(message) l.Msg(message)
} }
func (ph *ProxyHandler) checkMethodAndRegex(mr methodRegex, r *http.Request, containerName string) bool { func (ph *ProxyHandler) checkMethodAndRegex(mr methodRegex, r *http.Request, containerName string) int {
req, ok := mr[r.Method] req, ok := mr[r.Method]
if !ok { if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container") logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
return false return http.StatusMethodNotAllowed
} }
if !req.MatchString(r.URL.Path) { if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method") logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
return false return http.StatusForbidden
} }
logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression") logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression")
return true return http.StatusOK
} }
// action is executed when the ServeCmd command is called. // action is executed when the ServeCmd command is called.