add more info

command/serve.go

@@ -151,11 +151,42 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	log.Debug().Str("remote_addr", r.RemoteAddr).Str("method", r.Method).Str("path", r.URL.Path).Msg("incoming request")
 	mr, ok := containerMethodRegex["*"]
 	if ok {
+		var req *regexp.Regexp
+		req, ok = mr[r.Method]
+		if !ok {
+			log.Error().
+				Str("remote_addr", r.RemoteAddr).
+				Str("method", r.Method).
+				Str("path", r.URL.Path).
+				Str("decision", "denied").
+				Msg("this HTTP method is not in the list of those authorized for this container")
+			http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
+			return
+		}
+		if !req.MatchString(r.URL.Path) {
+			log.Error().
+				Str("remote_addr", r.RemoteAddr).
+				Str("method", r.Method).
+				Str("path", r.URL.Path).
+				Str("decision", "denied").
+				Msg("this path does not match any regular expression for this HTTP method")
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
+		log.Info().
+			Str("remote_addr", r.RemoteAddr).
+			Str("method", r.Method).
+			Str("path", r.URL.Path).
+			Str("decision", "authorized").
+			Msg("incoming request matches a registered regular expression")
+		return
+		/*
 			if err := checkMethodPath(r, mr); err != nil {
 				handleError(w, err)
 				log.Err(err).Send()
 				return
 			}
+		*/
 	} else {
 		var (
 			containerName string
@@ -165,19 +196,45 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		for containerName, mr = range containerMethodRegex {
 			resolvedIPs, err := net.LookupIP(containerName)
 			if err != nil {
-				log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
+				// log.Warn().Err(err).Msg("this error may be transient due to the unavailability of one of the services")
+				continue
 			}
 			for _, resolvedIP := range resolvedIPs {
 				if resolvedIP.Equal(ip) {
+					var req *regexp.Regexp
+					req, ok = mr[r.Method]
+					if !ok {
+						log.Error().
+							Str("remote_addr", r.RemoteAddr).
+							Str("method", r.Method).
+							Str("path", r.URL.Path).
+							Str("decision", "denied").
+							Msg("this HTTP method is not in the list of those authorized for this container")
+						http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
+						return
+					}
+					if !req.MatchString(r.URL.Path) {
+						log.Error().
+							Str("remote_addr", r.RemoteAddr).
+							Str("method", r.Method).
+							Str("path", r.URL.Path).
+							Str("decision", "denied").
+							Msg("this path does not match any regular expression for this HTTP method")
+						http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+						return
+					}
+					/*
 						if err = checkMethodPath(r, mr); err != nil {
 							handleError(w, err)
 							log.Err(err).Send()
 							return
 						}
+					*/
 					log.Info().
 						Str("remote_addr", r.RemoteAddr).
 						Str("method", r.Method).
 						Str("path", r.URL.Path).
+						Str("decision", "authorized").
 						Str("from", containerName).
 						Msg("incoming request matches a registered regular expression")
 					ph.rp.ServeHTTP(w, r)
@@ -185,9 +242,15 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				}
 			}
 		}
-		http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
-		return
 	}
+	log.Warn().
+		Str("remote_addr", r.RemoteAddr).
+		Str("method", r.Method).
+		Str("path", r.URL.Path).
+		Str("decision", "denied").
+		Msg("this error may be transient due to the unavailability of one of the services")
+	http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
+	return
 }
 
 // checkMethodPath executes the regular expression on the path of the HTTP request if and only if