improve default regex

command/serve.go

@@ -6,18 +6,17 @@ import (
 	"fmt"
 	"gitea.illuad.fr/adrien/middleman"
 	"gitea.illuad.fr/adrien/middleman/flag"
+	"gitea.illuad.fr/adrien/middleman/pkg/fastrp"
 	"github.com/rs/zerolog/log"
 	"github.com/urfave/cli/v3"
 	"golang.org/x/sync/errgroup"
 	"net"
 	"net/http"
-	"net/http/httputil"
 	"net/netip"
 	"net/url"
 	"regexp"
 	"slices"
 	"strings"
-	"sync"
 	"time"
 )
 
@@ -36,8 +35,7 @@ type methodRegex = map[string]*regexp.Regexp
 
 // ProxyHandler takes an incoming request and sends it to another server, proxying the response back to the client.
 type ProxyHandler struct {
-	rp       *httputil.ReverseProxy
+	frp *fastrp.FastRP
-	connPool *sync.Pool
 }
 
 // ServeCmd is the command name.
@@ -77,8 +75,8 @@ const (
 	defaultHealthEndpoint = "/healthz"
 	// defaultHealthListenAddr is the proxy health endpoint default listen address and port.
 	defaultHealthListenAddr = "127.0.0.1:5732"
-	// defaultAllowedRequest is the proxy default allowed request.
+	// defaultAllowedRequests is the default allowed requests. Note that they should be sufficient to make Traefik work properly.
-	defaultAllowedRequest = "^/(version|containers/.*|events.*)$"
+	defaultAllowedRequests = "/v1.\\d{1,2}/(version|containers/(?:json|[a-zA-Z0-9]{64}/json)|events)$"
 )
 
 var s serve
@@ -86,7 +84,7 @@ var s serve
 var (
 	containerMethodRegex = map[string]methodRegex{
 		"*": {
-			http.MethodGet: regexp.MustCompile(defaultAllowedRequest),
+			http.MethodGet: regexp.MustCompile(defaultAllowedRequests),
 		},
 	}
 	applicatorURLRegex = regexp.MustCompile(`^([a-zA-Z0-9][a-zA-Z0-9_.-]+)\(((?:(?:GET|HEAD|POST|PUT|PATCH|DELETE|CONNECT|TRACE|OPTIONS)(?:,(?:GET|HEAD|POST|PUT|PATCH|DELETE|CONNECT|TRACE|OPTIONS))*)?)\):(.*)$`)
@@ -139,7 +137,7 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, http.StatusText(code), code)
 			return
 		}
-		ph.proxyRequest(w, r)
+		ph.frp.ServeHTTP(w, r)
 		return
 	}
 	host, _, _ := net.SplitHostPort(r.RemoteAddr)
@@ -149,7 +147,7 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				http.Error(w, http.StatusText(code), code)
 				return
 			}
-			ph.proxyRequest(w, r)
+			ph.frp.ServeHTTP(w, r)
 			return
 		}
 	}
@@ -157,13 +155,6 @@ func (ph *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 }
 
-func (ph *ProxyHandler) proxyRequest(w http.ResponseWriter, r *http.Request) {
-	transport := ph.connPool.Get().(*http.Transport)
-	defer ph.connPool.Put(transport)
-	ph.rp.Transport = transport
-	ph.rp.ServeHTTP(w, r)
-}
-
 func (ph *ProxyHandler) isContainerAuthorized(containerName, host string) bool {
 	resolvedIPs, err := net.LookupIP(containerName)
 	if err != nil {
@@ -226,33 +217,11 @@ func (s serve) action(ctx context.Context, command *cli.Command) error {
 		return err
 	}
 	dummyURL, _ := url.Parse("http://dummy")
-	/*
-		rp := httputil.NewSingleHostReverseProxy(dummyURL)
-		rp.Transport = &http.Transport{
-			DialContext: func(_ context.Context, _ string, _ string) (net.Conn, error) {
-				return net.Dial("unix", command.String(dockerSocketPathFlagName))
-			},
-			MaxIdleConns: 10,
-		}
-	*/
-	transport := &http.Transport{
-		DialContext: func(_ context.Context, _ string, _ string) (net.Conn, error) {
-			return net.Dial("unix", command.String(dockerSocketPathFlagName))
-		},
-		MaxIdleConns: 10,
-	}
-	ph := &ProxyHandler{
-		rp: httputil.NewSingleHostReverseProxy(dummyURL),
-		connPool: &sync.Pool{
-			New: func() any {
-				return transport.Clone()
-			},
-		},
-	}
 	srv := &http.Server{ // #nosec: G112
-		Handler: ph,
+		Handler: &ProxyHandler{
+			frp: fastrp.NewRP("unix", command.String(dockerSocketPathFlagName), dummyURL),
+		},
 	}
-	ph.rp.Transport = ph.connPool.Get().(*http.Transport)
 	s.group.Go(func() error {
 		if err = srv.Serve(l); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			return err
@@ -450,7 +419,7 @@ func addRequests() cli.Flag {
 		Usage:    "add requests",
 		Sources:  middleman.PluckEnvVar(EnvVarPrefix, addRequestsFlagName),
 		// Local:    true, // Required to trigger the Action when this flag is set via the environment variable, see https://github.com/urfave/cli/issues/2041.
-		Value:   []string{"*:" + defaultAllowedRequest},
+		Value:   []string{"*:" + defaultAllowedRequests},
 		Aliases: middleman.PluckAlias(ServeCmd, addRequestsFlagName),
 		Action: func(ctx context.Context, command *cli.Command, requests []string) error {
 			clear(containerMethodRegex)

pkg/fastrp/fastrp.go

@@ -0,0 +1,41 @@
+package fastrp
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"sync"
+)
+
+type FastRP struct {
+	rp       *httputil.ReverseProxy
+	connPool *sync.Pool
+}
+
+func NewRP(network, address string, url *url.URL) *FastRP {
+	roundTripper := &http.Transport{
+		DialContext: func(_ context.Context, _ string, _ string) (net.Conn, error) {
+			return net.Dial(network, address)
+		},
+		MaxIdleConns: 10,
+	}
+	frp := &FastRP{
+		rp: httputil.NewSingleHostReverseProxy(url),
+		connPool: &sync.Pool{
+			New: func() any {
+				return roundTripper.Clone()
+			},
+		},
+	}
+	frp.rp.Transport = frp.connPool.Get().(http.RoundTripper)
+	return frp
+}
+
+func (frp *FastRP) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	roundTripper := frp.connPool.Get().(http.RoundTripper)
+	defer frp.connPool.Put(roundTripper)
+	frp.rp.Transport = roundTripper
+	frp.rp.ServeHTTP(w, r)
+}