adrien/middleman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try fixing logic

Browse Source
This commit is contained in:
Adrien PONSIN 2025-04-17 17:11:00 +02:00
parent 52b4d44b4b
commit 3937b7cda5
No known key found for this signature in database
GPG Key ID: 7B4D4A32C05C475E
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
command/serve.go
View File

@ -151,14 +151,15 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
mr, ok := containerMethodRegex["*"]
if ok {
if ph.checkMethodAndRegex(mr, r, "") {
ph.rp.ServeHTTP(w, r)
if code := ph.checkMethodAndRegex(mr, r, ""); code != http.StatusOK {
http.Error(w, http.StatusText(code), code)
return
}
ph.rp.ServeHTTP(w, r)
return
}
var (
containerName string
authorized bool
host, _, _ = net.SplitHostPort(r.RemoteAddr)
)
for containerName, mr = range containerMethodRegex {
@ -168,19 +169,23 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(net.ParseIP(host)) {
if ph.checkMethodAndRegex(mr, r, containerName) {
authorized = true
break
if code := ph.checkMethodAndRegex(mr, r, containerName); code != http.StatusOK {
http.Error(w, http.StatusText(code), code)
return
}
ph.rp.ServeHTTP(w, r)
return
}
}
}
if !authorized {
logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
ph.rp.ServeHTTP(w, r)
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
/*
if !authorized {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
*/
}
func logDeniedRequest(r *http.Request, statusCode int, message string) {
@ -203,18 +208,18 @@ func logAuthorizedRequest(r *http.Request, containerName, message string) {
l.Msg(message)
}
func (ph *ProxyHandler) checkMethodAndRegex(mr methodRegex, r *http.Request, containerName string) bool {
func (ph *ProxyHandler) checkMethodAndRegex(mr methodRegex, r *http.Request, containerName string) int {
req, ok := mr[r.Method]
if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
return false
return http.StatusMethodNotAllowed
}
if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
return false
return http.StatusForbidden
}
logAuthorizedRequest(r, containerName, "incoming request matches a registered regular expression")
return true
return http.StatusOK
}
// action is executed when the ServeCmd command is called.