adrien/middleman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix refactoring

Browse Source
This commit is contained in:
Adrien PONSIN 2025-04-17 15:07:57 +02:00
parent ec887ccb93
commit 6a1c6c5967
No known key found for this signature in database
GPG Key ID: 7B4D4A32C05C475E
1 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
command/serve.go
View File

@ -151,10 +151,14 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request") log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
mr, ok := containerMethodRegex["*"] mr, ok := containerMethodRegex["*"]
if ok { if ok {
ph.checkMethodAndRegex(w, r, mr) if ph.checkMethodAndRegex(r, mr) {
ph.rp.ServeHTTP(w, r)
return
}
} }
var ( var (
containerName string containerName string
authorized bool
host, _, _ = net.SplitHostPort(r.RemoteAddr) host, _, _ = net.SplitHostPort(r.RemoteAddr)
) )
for containerName, mr = range containerMethodRegex { for containerName, mr = range containerMethodRegex {
@ -164,13 +168,19 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
for _, resolvedIP := range resolvedIPs { for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(net.ParseIP(host)) { if resolvedIP.Equal(net.ParseIP(host)) {
ph.checkMethodAndRegex(w, r, mr) if ph.checkMethodAndRegex(r, mr) {
authorized = true
break
}
} }
} }
} }
logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones") if !authorized {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) logDeniedRequest(r, http.StatusUnauthorized, "this container is not on the list of authorized ones")
return http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
ph.rp.ServeHTTP(w, r)
} }
func logDeniedRequest(r *http.Request, statusCode int, message string) { func logDeniedRequest(r *http.Request, statusCode int, message string) {
@ -193,20 +203,23 @@ func logAuthorizedRequest(r *http.Request, containerName, message string) {
l.Msg(message) l.Msg(message)
} }
func (ph *ProxyHandler) checkMethodAndRegex(w http.ResponseWriter, r *http.Request, mr methodRegex) { func (ph *ProxyHandler) checkMethodAndRegex(r *http.Request, mr methodRegex) bool {
req, ok := mr[r.Method] req, ok := mr[r.Method]
if !ok { if !ok {
logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container") logDeniedRequest(r, http.StatusMethodNotAllowed, "this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) return false
return // http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
// return
} }
if !req.MatchString(r.URL.Path) { if !req.MatchString(r.URL.Path) {
logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method") logDeniedRequest(r, http.StatusForbidden, "this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) return false
return // http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
// return
} }
logAuthorizedRequest(r, "", "incoming request matches a registered regular expression") logAuthorizedRequest(r, "", "incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r) return true
// ph.rp.ServeHTTP(w, r)
} }
// action is executed when the ServeCmd command is called. // action is executed when the ServeCmd command is called.