Compare commits
No commits in common. "0ff9391a1b6ecfba005c4443f969ac96ef1c58ff" and "590505e17afe68b5730b7e796c4915f6dd70ae72" have entirely different histories.
0ff9391a1b
...
590505e17a
|
|
@ -6,6 +6,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/schema"
|
||||
"github.com/getsentry/sentry-go"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
)
|
||||
|
|
@ -28,8 +29,11 @@ func invalidDataErrorResponse(w http.ResponseWriter, r *http.Request, err *schem
|
|||
}{
|
||||
Message: message,
|
||||
})
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func logAndCaptureError(ctx context.Context, message string, err error) {
|
||||
sentry.CaptureException(err)
|
||||
logger.Error(ctx, message, logger.CapturedE(err))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,12 +2,10 @@ package director
|
|||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
)
|
||||
|
||||
type contextKey string
|
||||
|
|
@ -16,7 +14,6 @@ const (
|
|||
contextKeyProxy contextKey = "proxy"
|
||||
contextKeyLayers contextKey = "layers"
|
||||
contextKeyOriginalURL contextKey = "originalURL"
|
||||
contextKeyHandleError contextKey = "handleError"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -63,22 +60,3 @@ func ctxValue[T any](ctx context.Context, key contextKey) (T, error) {
|
|||
|
||||
return value, nil
|
||||
}
|
||||
|
||||
type HandleErrorFunc func(w http.ResponseWriter, r *http.Request, status int, err error)
|
||||
|
||||
func withHandleError(ctx context.Context, fn HandleErrorFunc) context.Context {
|
||||
return context.WithValue(ctx, contextKeyHandleError, fn)
|
||||
}
|
||||
|
||||
func HandleError(ctx context.Context, w http.ResponseWriter, r *http.Request, status int, err error) {
|
||||
err = errors.WithStack(err)
|
||||
|
||||
fn, ok := ctx.Value(contextKeyHandleError).(HandleErrorFunc)
|
||||
if !ok {
|
||||
logger.Error(ctx, err.Error(), logger.CapturedE(err))
|
||||
http.Error(w, http.StatusText(status), status)
|
||||
return
|
||||
}
|
||||
|
||||
fn(w, r, status, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,8 +22,6 @@ type Director struct {
|
|||
|
||||
proxyCache cache.Cache[string, []*store.Proxy]
|
||||
layerCache cache.Cache[string, []*store.Layer]
|
||||
|
||||
handleError HandleErrorFunc
|
||||
}
|
||||
|
||||
func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
|
||||
|
|
@ -35,6 +33,7 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
|
|||
}
|
||||
|
||||
url := getRequestURL(r)
|
||||
|
||||
ctx = withOriginalURL(ctx, url)
|
||||
ctx = logger.With(ctx, logger.F("url", url.String()))
|
||||
|
||||
|
|
@ -170,7 +169,6 @@ func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]
|
|||
func (d *Director) RequestTransformer() proxy.RequestTransformer {
|
||||
return func(r *http.Request) {
|
||||
ctx := r.Context()
|
||||
|
||||
layers, err := ctxLayers(ctx)
|
||||
if err != nil {
|
||||
if errors.Is(err, errContextKeyNotFound) {
|
||||
|
|
@ -227,16 +225,15 @@ func (d *Director) ResponseTransformer() proxy.ResponseTransformer {
|
|||
func (d *Director) Middleware() proxy.Middleware {
|
||||
return func(next http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := withHandleError(r.Context(), d.handleError)
|
||||
r = r.WithContext(ctx)
|
||||
|
||||
r, err := d.rewriteRequest(r)
|
||||
if err != nil {
|
||||
HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not rewrite request"))
|
||||
logger.Error(r.Context(), "could not rewrite request", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
ctx = r.Context()
|
||||
ctx := r.Context()
|
||||
|
||||
layers, err := ctxLayers(ctx)
|
||||
if err != nil {
|
||||
|
|
@ -244,7 +241,9 @@ func (d *Director) Middleware() proxy.Middleware {
|
|||
return
|
||||
}
|
||||
|
||||
HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve proxy and layers from context"))
|
||||
logger.Error(ctx, "could not retrieve proxy and layers from context", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -279,6 +278,5 @@ func New(proxyRepository store.ProxyRepository, layerRepository store.LayerRepos
|
|||
layerRegistry: registry,
|
||||
proxyCache: opts.ProxyCache,
|
||||
layerCache: opts.LayerCache,
|
||||
handleError: opts.HandleError,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
package authn
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"html/template"
|
||||
"io"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
|
||||
|
|
@ -31,7 +29,9 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||
|
||||
options, err := fromStoreOptions(layer.Options)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
|
||||
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -162,21 +162,19 @@ func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, page string,
|
|||
|
||||
tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not load authn templates"))
|
||||
logger.Error(ctx, "could not load authn templates", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Add("Cache-Control", "no-cache")
|
||||
|
||||
var buf bytes.Buffer
|
||||
|
||||
if err := tmpl.ExecuteTemplate(w, block, templateData); err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not render authn page"))
|
||||
return
|
||||
}
|
||||
logger.Error(ctx, "could not render authn page", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
if _, err := io.Copy(w, &buf); err != nil {
|
||||
logger.Error(ctx, "could not write authn page", logger.CapturedE(errors.WithStack(err)))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
|
|||
if postLogoutRedirectURL != "" {
|
||||
isAuthorized := slices.Contains(options.OIDC.PostLogoutRedirectURLs, postLogoutRedirectURL)
|
||||
if !isAuthorized {
|
||||
director.HandleError(ctx, w, r, http.StatusBadRequest, errors.New("unauthorized post-logout redirect"))
|
||||
http.Error(w, "unauthorized post-logout redirect", http.StatusBadRequest)
|
||||
return errors.WithStack(authn.ErrSkipRequest)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import (
|
|||
"net/url"
|
||||
"strings"
|
||||
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
|
||||
"github.com/coreos/go-oidc/v3/oidc"
|
||||
"github.com/dchest/uniuri"
|
||||
"github.com/gorilla/sessions"
|
||||
|
|
@ -69,7 +68,8 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
|
|||
sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
|
||||
|
||||
if err := sess.Save(r, w); err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not save session"))
|
||||
logger.Error(ctx, "could not save session", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
package queue
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
"math/rand"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
|
|
@ -54,7 +52,9 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
|
|||
|
||||
options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
|
||||
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -89,7 +89,9 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
|
|||
|
||||
rank, err := q.adapter.Touch(ctx, queueName, sessionID)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve session rank"))
|
||||
logger.Error(ctx, "could not retrieve session rank", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -142,7 +144,9 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
|
|||
|
||||
status, err := q.adapter.Status(ctx, queueName)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve queue status"))
|
||||
logger.Error(ctx, "could not retrieve queue status", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -162,7 +166,9 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
|
|||
})
|
||||
|
||||
if q.tmpl == nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("queue page templates not loaded"))
|
||||
logger.Error(ctx, "queue page templates not loaded", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -188,16 +194,12 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
|
|||
w.Header().Add("Retry-After", strconv.FormatInt(int64(refreshRate.Seconds()), 10))
|
||||
w.WriteHeader(http.StatusServiceUnavailable)
|
||||
|
||||
var buf bytes.Buffer
|
||||
if err := q.tmpl.ExecuteTemplate(w, "queue", templateData); err != nil {
|
||||
logger.Error(ctx, "could not render queue page", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not render queue page"))
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := io.Copy(w, &buf); err != nil {
|
||||
logger.Error(ctx, "could not write queue page", logger.CapturedE(errors.WithStack(err)))
|
||||
}
|
||||
}
|
||||
|
||||
func (q *Queue) refreshQueue(ctx context.Context, layerName store.LayerName, keepAlive time.Duration) {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import (
|
|||
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
)
|
||||
|
||||
const LayerType store.LayerType = "rewriter"
|
||||
|
|
@ -31,7 +32,9 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||
|
||||
options, err := fromStoreOptions(layer.Options)
|
||||
if err != nil {
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
|
||||
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -49,7 +52,8 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||
return
|
||||
}
|
||||
|
||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not apply request rules"))
|
||||
logger.Error(ctx, "could not apply request rules", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,21 +1,18 @@
|
|||
package director
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/cache"
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
|
||||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
Layers []Layer
|
||||
ProxyCache cache.Cache[string, []*store.Proxy]
|
||||
LayerCache cache.Cache[string, []*store.Layer]
|
||||
HandleError HandleErrorFunc
|
||||
Layers []Layer
|
||||
ProxyCache cache.Cache[string, []*store.Proxy]
|
||||
LayerCache cache.Cache[string, []*store.Layer]
|
||||
}
|
||||
|
||||
type OptionFunc func(opts *Options)
|
||||
|
|
@ -33,10 +30,6 @@ func NewOptions(funcs ...OptionFunc) *Options {
|
|||
memory.NewCache[string, time.Time](),
|
||||
30*time.Second,
|
||||
),
|
||||
HandleError: func(w http.ResponseWriter, r *http.Request, status int, err error) {
|
||||
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
|
||||
http.Error(w, http.StatusText(status), status)
|
||||
},
|
||||
}
|
||||
|
||||
for _, fn := range funcs {
|
||||
|
|
@ -63,9 +56,3 @@ func WithLayerCache(cache cache.Cache[string, []*store.Layer]) OptionFunc {
|
|||
opts.LayerCache = cache
|
||||
}
|
||||
}
|
||||
|
||||
func WithHandleErrorFunc(fn HandleErrorFunc) OptionFunc {
|
||||
return func(opts *Options) {
|
||||
opts.HandleError = fn
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
package proxy
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
|
|
@ -25,6 +23,7 @@ import (
|
|||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||
|
||||
"github.com/Masterminds/sprig/v3"
|
||||
"github.com/getsentry/sentry-go"
|
||||
sentryhttp "github.com/getsentry/sentry-go/http"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/chi/v5/middleware"
|
||||
|
|
@ -113,7 +112,6 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
|
|||
s.directorCacheTTL,
|
||||
),
|
||||
),
|
||||
director.WithHandleErrorFunc(s.handleError),
|
||||
)
|
||||
|
||||
if s.serverConfig.HTTP.UseRealIP {
|
||||
|
|
@ -219,24 +217,27 @@ func (s *Server) createReverseProxy(ctx context.Context, target *url.URL) *httpu
|
|||
httpTransport.DialContext = dialer.DialContext
|
||||
|
||||
reverseProxy.Transport = httpTransport
|
||||
reverseProxy.ErrorHandler = s.handleProxyError
|
||||
reverseProxy.ErrorHandler = s.handleError
|
||||
|
||||
return reverseProxy
|
||||
}
|
||||
|
||||
func (s *Server) handleDefault(w http.ResponseWriter, r *http.Request) {
|
||||
s.handleError(w, r, http.StatusBadGateway, errors.Errorf("no proxy target found"))
|
||||
err := errors.Errorf("no proxy target found")
|
||||
|
||||
logger.Error(r.Context(), "proxy error", logger.CapturedE(err))
|
||||
sentry.CaptureException(err)
|
||||
|
||||
s.renderErrorPage(w, r, err, http.StatusBadGateway, http.StatusText(http.StatusBadGateway))
|
||||
}
|
||||
|
||||
func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int, err error) {
|
||||
func (s *Server) handleError(w http.ResponseWriter, r *http.Request, err error) {
|
||||
err = errors.WithStack(err)
|
||||
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
|
||||
|
||||
s.renderErrorPage(w, r, err, status, http.StatusText(status))
|
||||
}
|
||||
logger.Error(r.Context(), "proxy error", logger.CapturedE(err))
|
||||
sentry.CaptureException(err)
|
||||
|
||||
func (s *Server) handleProxyError(w http.ResponseWriter, r *http.Request, err error) {
|
||||
s.handleError(w, r, http.StatusBadGateway, err)
|
||||
s.renderErrorPage(w, r, err, http.StatusBadGateway, http.StatusText(http.StatusBadGateway))
|
||||
}
|
||||
|
||||
func (s *Server) renderErrorPage(w http.ResponseWriter, r *http.Request, err error, statusCode int, status string) {
|
||||
|
|
@ -287,18 +288,12 @@ func (s *Server) renderPage(w http.ResponseWriter, r *http.Request, page string,
|
|||
return
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
|
||||
if err := blockTmpl.Execute(&buf, templateData); err != nil {
|
||||
if err := blockTmpl.Execute(w, templateData); err != nil {
|
||||
logger.Error(ctx, "could not render proxy page", logger.CapturedE(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := io.Copy(w, &buf); err != nil {
|
||||
logger.Error(ctx, "could not write page", logger.CapturedE(errors.WithStack(err)))
|
||||
}
|
||||
}
|
||||
|
||||
func NewServer(funcs ...OptionFunc) *Server {
|
||||
|
|
|
|||
|
|
@ -76,26 +76,14 @@
|
|||
margin-top: 2em;
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
.stacktrace {
|
||||
max-height: 250px;
|
||||
overflow-y: auto;
|
||||
background-color: #dca0a0;
|
||||
padding: 0 10px;
|
||||
border-radius: 5px;
|
||||
margin-top: 10px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div id="container">
|
||||
<div id="card">
|
||||
<h2 class="title">⚠ {{ $title }}</h2>
|
||||
<h2 class="title">{{ $title }}</h2>
|
||||
{{ if .Debug }}
|
||||
<h3>Stack Trace</h3>
|
||||
<div class="stacktrace">
|
||||
<pre>{{ printf "%+v" .Err }}</pre>
|
||||
</div>
|
||||
<pre>{{ .Err }}</pre>
|
||||
{{ end }}
|
||||
<p class="footer">
|
||||
Propulsé par
|
||||
|
|
|
|||
Loading…
Reference in New Issue