From 90d442b6113f56bd9d967343000d861fed371c9a Mon Sep 17 00:00:00 2001 From: Adrien PONSIN Date: Thu, 17 Apr 2025 14:00:11 +0200 Subject: [PATCH] improve flow --- command/serve.go | 112 +++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/command/serve.go b/command/serve.go index d1667b7..7d882f0 100644 --- a/command/serve.go +++ b/command/serve.go @@ -187,70 +187,70 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } */ - } else { - var ( - containerName string - host, _, _ = net.SplitHostPort(r.RemoteAddr) - ip = net.ParseIP(host) - ) - for containerName, mr = range containerMethodRegex { - resolvedIPs, err := net.LookupIP(containerName) - if err != nil { - // log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services") - continue - } - for _, resolvedIP := range resolvedIPs { - if resolvedIP.Equal(ip) { - var req *regexp.Regexp - req, ok = mr[r.Method] - if !ok { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this HTTP method is not in the list of those authorized for this container") - http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) - return - } - if !req.MatchString(r.URL.Path) { - log.Error(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this path does not match any regular expression for this HTTP method") - http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) - return - } - /* - if err = checkMethodPath(r, mr); err != nil { - handleError(w, err) - log.Err(err).Send() - return - } - */ - log.Info(). + } + var ( + containerName string + host, _, _ = net.SplitHostPort(r.RemoteAddr) + ) + for containerName, mr = range containerMethodRegex { + resolvedIPs, err := net.LookupIP(containerName) + if err != nil { + // log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services") + continue + } + for _, resolvedIP := range resolvedIPs { + if resolvedIP.Equal(net.ParseIP(host)) { + var req *regexp.Regexp + req, ok = mr[r.Method] + if !ok { + log.Error(). Str("remote_addr", r.RemoteAddr). Str("method", r.Method). Str("path", r.URL.Path). - Str("decision", "authorized"). - Str("from", containerName). - Msg("incoming request matches a registered regular expression") - ph.rp.ServeHTTP(w, r) + Str("decision", "denied"). + Msg("this HTTP method is not in the list of those authorized for this container") + http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) return } + if !req.MatchString(r.URL.Path) { + log.Error(). + Str("remote_addr", r.RemoteAddr). + Str("method", r.Method). + Str("path", r.URL.Path). + Str("decision", "denied"). + Msg("this path does not match any regular expression for this HTTP method") + http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) + return + } + /* + if err = checkMethodPath(r, mr); err != nil { + handleError(w, err) + log.Err(err).Send() + return + } + */ + log.Info(). + Str("remote_addr", r.RemoteAddr). + Str("method", r.Method). + Str("path", r.URL.Path). + Str("decision", "authorized"). + Str("from", containerName). + Msg("incoming request matches a registered regular expression") + ph.rp.ServeHTTP(w, r) + return } } } - log.Warn(). - Str("remote_addr", r.RemoteAddr). - Str("method", r.Method). - Str("path", r.URL.Path). - Str("decision", "denied"). - Msg("this error may be transient due to the unavailability of one of the services") - http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable) - return + /* + log.Warn(). + Str("remote_addr", r.RemoteAddr). + Str("method", r.Method). + Str("path", r.URL.Path). + Str("decision", "denied"). + Msg("this error may be transient due to the unavailability of one of the services") + http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable) + return + */ } // checkMethodPath executes the regular expression on the path of the HTTP request if and only if