adrien/middleman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve flow

Browse Source
This commit is contained in:
Adrien PONSIN 2025-04-17 14:00:11 +02:00
parent c76d7b4d12
commit 90d442b611
No known key found for this signature in database
GPG Key ID: 7B4D4A32C05C475E
1 changed files with 56 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
command/serve.go
View File

@ -187,70 +187,70 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
*/
} else {
var (
containerName string
host, _, _ = net.SplitHostPort(r.RemoteAddr)
ip = net.ParseIP(host)
)
for containerName, mr = range containerMethodRegex {
resolvedIPs, err := net.LookupIP(containerName)
if err != nil {
// log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
continue
}
for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(ip) {
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
if !req.MatchString(r.URL.Path) {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
/*
if err = checkMethodPath(r, mr); err != nil {
handleError(w, err)
log.Err(err).Send()
return
}
*/
log.Info().
}
var (
containerName string
host, _, _ = net.SplitHostPort(r.RemoteAddr)
)
for containerName, mr = range containerMethodRegex {
resolvedIPs, err := net.LookupIP(containerName)
if err != nil {
// log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
continue
}
for _, resolvedIP := range resolvedIPs {
if resolvedIP.Equal(net.ParseIP(host)) {
var req *regexp.Regexp
req, ok = mr[r.Method]
if !ok {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "authorized").
Str("from", containerName).
Msg("incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
Str("decision", "denied").
Msg("this HTTP method is not in the list of those authorized for this container")
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return
}
if !req.MatchString(r.URL.Path) {
log.Error().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this path does not match any regular expression for this HTTP method")
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
/*
if err = checkMethodPath(r, mr); err != nil {
handleError(w, err)
log.Err(err).Send()
return
}
*/
log.Info().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "authorized").
Str("from", containerName).
Msg("incoming request matches a registered regular expression")
ph.rp.ServeHTTP(w, r)
return
}
}
}
log.Warn().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this error may be transient due to the unavailability of one of the services")
http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
return
/*
log.Warn().
Str("remote_addr", r.RemoteAddr).
Str("method", r.Method).
Str("path", r.URL.Path).
Str("decision", "denied").
Msg("this error may be transient due to the unavailability of one of the services")
http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
return
*/
}
// checkMethodPath executes the regular expression on the path of the HTTP request if and only if