improve flow
This commit is contained in:
Adrien PONSIN
parent
c76d7b4d12
commit
90d442b611
112
command/serve.go
112
command/serve.go
@ -187,70 +187,70 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
} else {
|
}
|
||||||
var (
|
var (
|
||||||
containerName string
|
containerName string
|
||||||
host, _, _ = net.SplitHostPort(r.RemoteAddr)
|
host, _, _ = net.SplitHostPort(r.RemoteAddr)
|
||||||
ip = net.ParseIP(host)
|
)
|
||||||
)
|
for containerName, mr = range containerMethodRegex {
|
||||||
for containerName, mr = range containerMethodRegex {
|
resolvedIPs, err := net.LookupIP(containerName)
|
||||||
resolvedIPs, err := net.LookupIP(containerName)
|
if err != nil {
|
||||||
if err != nil {
|
// log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
|
||||||
// log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
|
continue
|
||||||
continue
|
}
|
||||||
}
|
for _, resolvedIP := range resolvedIPs {
|
||||||
for _, resolvedIP := range resolvedIPs {
|
if resolvedIP.Equal(net.ParseIP(host)) {
|
||||||
if resolvedIP.Equal(ip) {
|
var req *regexp.Regexp
|
||||||
var req *regexp.Regexp
|
req, ok = mr[r.Method]
|
||||||
req, ok = mr[r.Method]
|
if !ok {
|
||||||
if !ok {
|
log.Error().
|
||||||
log.Error().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "denied").
|
|
||||||
Msg("this HTTP method is not in the list of those authorized for this container")
|
|
||||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if !req.MatchString(r.URL.Path) {
|
|
||||||
log.Error().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
|
||||||
Str("method", r.Method).
|
|
||||||
Str("path", r.URL.Path).
|
|
||||||
Str("decision", "denied").
|
|
||||||
Msg("this path does not match any regular expression for this HTTP method")
|
|
||||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
if err = checkMethodPath(r, mr); err != nil {
|
|
||||||
handleError(w, err)
|
|
||||||
log.Err(err).Send()
|
|
||||||
return
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
log.Info().
|
|
||||||
Str("remote_addr", r.RemoteAddr).
|
Str("remote_addr", r.RemoteAddr).
|
||||||
Str("method", r.Method).
|
Str("method", r.Method).
|
||||||
Str("path", r.URL.Path).
|
Str("path", r.URL.Path).
|
||||||
Str("decision", "authorized").
|
Str("decision", "denied").
|
||||||
Str("from", containerName).
|
Msg("this HTTP method is not in the list of those authorized for this container")
|
||||||
Msg("incoming request matches a registered regular expression")
|
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||||
ph.rp.ServeHTTP(w, r)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if !req.MatchString(r.URL.Path) {
|
||||||
|
log.Error().
|
||||||
|
Str("remote_addr", r.RemoteAddr).
|
||||||
|
Str("method", r.Method).
|
||||||
|
Str("path", r.URL.Path).
|
||||||
|
Str("decision", "denied").
|
||||||
|
Msg("this path does not match any regular expression for this HTTP method")
|
||||||
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
if err = checkMethodPath(r, mr); err != nil {
|
||||||
|
handleError(w, err)
|
||||||
|
log.Err(err).Send()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
log.Info().
|
||||||
|
Str("remote_addr", r.RemoteAddr).
|
||||||
|
Str("method", r.Method).
|
||||||
|
Str("path", r.URL.Path).
|
||||||
|
Str("decision", "authorized").
|
||||||
|
Str("from", containerName).
|
||||||
|
Msg("incoming request matches a registered regular expression")
|
||||||
|
ph.rp.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
log.Warn().
|
/*
|
||||||
Str("remote_addr", r.RemoteAddr).
|
log.Warn().
|
||||||
Str("method", r.Method).
|
Str("remote_addr", r.RemoteAddr).
|
||||||
Str("path", r.URL.Path).
|
Str("method", r.Method).
|
||||||
Str("decision", "denied").
|
Str("path", r.URL.Path).
|
||||||
Msg("this error may be transient due to the unavailability of one of the services")
|
Str("decision", "denied").
|
||||||
http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
|
Msg("this error may be transient due to the unavailability of one of the services")
|
||||||
return
|
http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
|
||||||
|
return
|
||||||
|
*/
|
||||||
}
|
}
|
||||||
|
|
||||||
// checkMethodPath executes the regular expression on the path of the HTTP request if and only if
|
// checkMethodPath executes the regular expression on the path of the HTTP request if and only if
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user