Compare commits

...

2 Commits

Author SHA1 Message Date
wpetit 0ff9391a1b Merge pull request 'feat: global error handler with template rendering' (#42) from error-handler into develop
Cadoles/bouncer/pipeline/head This commit looks good Details
Reviewed-on: #42
2024-09-27 15:03:05 +02:00
wpetit d4c28b80d7 feat: global error handler with template rendering
Cadoles/bouncer/pipeline/pr-develop Build started... Details
2024-09-27 15:02:49 +02:00
11 changed files with 109 additions and 63 deletions

View File

@ -6,7 +6,6 @@ import (
"net/http" "net/http"
"forge.cadoles.com/cadoles/bouncer/internal/schema" "forge.cadoles.com/cadoles/bouncer/internal/schema"
"github.com/getsentry/sentry-go"
"gitlab.com/wpetit/goweb/api" "gitlab.com/wpetit/goweb/api"
"gitlab.com/wpetit/goweb/logger" "gitlab.com/wpetit/goweb/logger"
) )
@ -29,11 +28,8 @@ func invalidDataErrorResponse(w http.ResponseWriter, r *http.Request, err *schem
}{ }{
Message: message, Message: message,
}) })
return
} }
func logAndCaptureError(ctx context.Context, message string, err error) { func logAndCaptureError(ctx context.Context, message string, err error) {
sentry.CaptureException(err)
logger.Error(ctx, message, logger.CapturedE(err)) logger.Error(ctx, message, logger.CapturedE(err))
} }

View File

@ -2,10 +2,12 @@ package director
import ( import (
"context" "context"
"net/http"
"net/url" "net/url"
"forge.cadoles.com/cadoles/bouncer/internal/store" "forge.cadoles.com/cadoles/bouncer/internal/store"
"github.com/pkg/errors" "github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
) )
type contextKey string type contextKey string
@ -14,6 +16,7 @@ const (
contextKeyProxy contextKey = "proxy" contextKeyProxy contextKey = "proxy"
contextKeyLayers contextKey = "layers" contextKeyLayers contextKey = "layers"
contextKeyOriginalURL contextKey = "originalURL" contextKeyOriginalURL contextKey = "originalURL"
contextKeyHandleError contextKey = "handleError"
) )
var ( var (
@ -60,3 +63,22 @@ func ctxValue[T any](ctx context.Context, key contextKey) (T, error) {
return value, nil return value, nil
} }
type HandleErrorFunc func(w http.ResponseWriter, r *http.Request, status int, err error)
func withHandleError(ctx context.Context, fn HandleErrorFunc) context.Context {
return context.WithValue(ctx, contextKeyHandleError, fn)
}
func HandleError(ctx context.Context, w http.ResponseWriter, r *http.Request, status int, err error) {
err = errors.WithStack(err)
fn, ok := ctx.Value(contextKeyHandleError).(HandleErrorFunc)
if !ok {
logger.Error(ctx, err.Error(), logger.CapturedE(err))
http.Error(w, http.StatusText(status), status)
return
}
fn(w, r, status, err)
}

View File

@ -22,6 +22,8 @@ type Director struct {
proxyCache cache.Cache[string, []*store.Proxy] proxyCache cache.Cache[string, []*store.Proxy]
layerCache cache.Cache[string, []*store.Layer] layerCache cache.Cache[string, []*store.Layer]
handleError HandleErrorFunc
} }
func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) { func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
@ -33,7 +35,6 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
} }
url := getRequestURL(r) url := getRequestURL(r)
ctx = withOriginalURL(ctx, url) ctx = withOriginalURL(ctx, url)
ctx = logger.With(ctx, logger.F("url", url.String())) ctx = logger.With(ctx, logger.F("url", url.String()))
@ -169,6 +170,7 @@ func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]
func (d *Director) RequestTransformer() proxy.RequestTransformer { func (d *Director) RequestTransformer() proxy.RequestTransformer {
return func(r *http.Request) { return func(r *http.Request) {
ctx := r.Context() ctx := r.Context()
layers, err := ctxLayers(ctx) layers, err := ctxLayers(ctx)
if err != nil { if err != nil {
if errors.Is(err, errContextKeyNotFound) { if errors.Is(err, errContextKeyNotFound) {
@ -225,15 +227,16 @@ func (d *Director) ResponseTransformer() proxy.ResponseTransformer {
func (d *Director) Middleware() proxy.Middleware { func (d *Director) Middleware() proxy.Middleware {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) { fn := func(w http.ResponseWriter, r *http.Request) {
ctx := withHandleError(r.Context(), d.handleError)
r = r.WithContext(ctx)
r, err := d.rewriteRequest(r) r, err := d.rewriteRequest(r)
if err != nil { if err != nil {
logger.Error(r.Context(), "could not rewrite request", logger.CapturedE(errors.WithStack(err))) HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not rewrite request"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
ctx := r.Context() ctx = r.Context()
layers, err := ctxLayers(ctx) layers, err := ctxLayers(ctx)
if err != nil { if err != nil {
@ -241,9 +244,7 @@ func (d *Director) Middleware() proxy.Middleware {
return return
} }
logger.Error(ctx, "could not retrieve proxy and layers from context", logger.CapturedE(errors.WithStack(err))) HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve proxy and layers from context"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -278,5 +279,6 @@ func New(proxyRepository store.ProxyRepository, layerRepository store.LayerRepos
layerRegistry: registry, layerRegistry: registry,
proxyCache: opts.ProxyCache, proxyCache: opts.ProxyCache,
layerCache: opts.LayerCache, layerCache: opts.LayerCache,
handleError: opts.HandleError,
} }
} }

View File

@ -1,7 +1,9 @@
package authn package authn
import ( import (
"bytes"
"html/template" "html/template"
"io"
"net/http" "net/http"
"path/filepath" "path/filepath"
@ -29,9 +31,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
options, err := fromStoreOptions(layer.Options) options, err := fromStoreOptions(layer.Options)
if err != nil { if err != nil {
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -162,20 +162,22 @@ func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, page string,
tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern) tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
if err != nil { if err != nil {
logger.Error(ctx, "could not load authn templates", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not load authn templates"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
w.Header().Add("Cache-Control", "no-cache") w.Header().Add("Cache-Control", "no-cache")
if err := tmpl.ExecuteTemplate(w, block, templateData); err != nil { var buf bytes.Buffer
logger.Error(ctx, "could not render authn page", logger.CapturedE(errors.WithStack(err)))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
if err := tmpl.ExecuteTemplate(w, block, templateData); err != nil {
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not render authn page"))
return return
} }
if _, err := io.Copy(w, &buf); err != nil {
logger.Error(ctx, "could not write authn page", logger.CapturedE(errors.WithStack(err)))
}
} }
// LayerType implements director.MiddlewareLayer // LayerType implements director.MiddlewareLayer

View File

@ -86,7 +86,7 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
if postLogoutRedirectURL != "" { if postLogoutRedirectURL != "" {
isAuthorized := slices.Contains(options.OIDC.PostLogoutRedirectURLs, postLogoutRedirectURL) isAuthorized := slices.Contains(options.OIDC.PostLogoutRedirectURLs, postLogoutRedirectURL)
if !isAuthorized { if !isAuthorized {
http.Error(w, "unauthorized post-logout redirect", http.StatusBadRequest) director.HandleError(ctx, w, r, http.StatusBadRequest, errors.New("unauthorized post-logout redirect"))
return errors.WithStack(authn.ErrSkipRequest) return errors.WithStack(authn.ErrSkipRequest)
} }
} }

View File

@ -6,6 +6,7 @@ import (
"net/url" "net/url"
"strings" "strings"
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
"github.com/coreos/go-oidc/v3/oidc" "github.com/coreos/go-oidc/v3/oidc"
"github.com/dchest/uniuri" "github.com/dchest/uniuri"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
@ -68,8 +69,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
if err := sess.Save(r, w); err != nil { if err := sess.Save(r, w); err != nil {
logger.Error(ctx, "could not save session", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not save session"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }

View File

@ -1,9 +1,11 @@
package queue package queue
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
"html/template" "html/template"
"io"
"math/rand" "math/rand"
"net/http" "net/http"
"path/filepath" "path/filepath"
@ -52,9 +54,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive) options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
if err != nil { if err != nil {
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -89,9 +89,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
rank, err := q.adapter.Touch(ctx, queueName, sessionID) rank, err := q.adapter.Touch(ctx, queueName, sessionID)
if err != nil { if err != nil {
logger.Error(ctx, "could not retrieve session rank", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve session rank"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -144,9 +142,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
status, err := q.adapter.Status(ctx, queueName) status, err := q.adapter.Status(ctx, queueName)
if err != nil { if err != nil {
logger.Error(ctx, "could not retrieve queue status", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve queue status"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -166,9 +162,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
}) })
if q.tmpl == nil { if q.tmpl == nil {
logger.Error(ctx, "queue page templates not loaded", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("queue page templates not loaded"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -194,12 +188,16 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
w.Header().Add("Retry-After", strconv.FormatInt(int64(refreshRate.Seconds()), 10)) w.Header().Add("Retry-After", strconv.FormatInt(int64(refreshRate.Seconds()), 10))
w.WriteHeader(http.StatusServiceUnavailable) w.WriteHeader(http.StatusServiceUnavailable)
if err := q.tmpl.ExecuteTemplate(w, "queue", templateData); err != nil { var buf bytes.Buffer
logger.Error(ctx, "could not render queue page", logger.CapturedE(errors.WithStack(err)))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not render queue page"))
return return
} }
if _, err := io.Copy(w, &buf); err != nil {
logger.Error(ctx, "could not write queue page", logger.CapturedE(errors.WithStack(err)))
}
} }
func (q *Queue) refreshQueue(ctx context.Context, layerName store.LayerName, keepAlive time.Duration) { func (q *Queue) refreshQueue(ctx context.Context, layerName store.LayerName, keepAlive time.Duration) {

View File

@ -11,7 +11,6 @@ import (
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http" ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
"forge.cadoles.com/cadoles/bouncer/internal/store" "forge.cadoles.com/cadoles/bouncer/internal/store"
"github.com/pkg/errors" "github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
) )
const LayerType store.LayerType = "rewriter" const LayerType store.LayerType = "rewriter"
@ -32,9 +31,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
options, err := fromStoreOptions(layer.Options) options, err := fromStoreOptions(layer.Options)
if err != nil { if err != nil {
logger.Error(ctx, "could not parse layer options", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
@ -52,8 +49,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
return return
} }
logger.Error(ctx, "could not apply request rules", logger.CapturedE(errors.WithStack(err))) director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not apply request rules"))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }

View File

@ -1,18 +1,21 @@
package director package director
import ( import (
"net/http"
"time" "time"
"forge.cadoles.com/cadoles/bouncer/internal/cache" "forge.cadoles.com/cadoles/bouncer/internal/cache"
"forge.cadoles.com/cadoles/bouncer/internal/cache/memory" "forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl" "forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
"forge.cadoles.com/cadoles/bouncer/internal/store" "forge.cadoles.com/cadoles/bouncer/internal/store"
"gitlab.com/wpetit/goweb/logger"
) )
type Options struct { type Options struct {
Layers []Layer Layers []Layer
ProxyCache cache.Cache[string, []*store.Proxy] ProxyCache cache.Cache[string, []*store.Proxy]
LayerCache cache.Cache[string, []*store.Layer] LayerCache cache.Cache[string, []*store.Layer]
HandleError HandleErrorFunc
} }
type OptionFunc func(opts *Options) type OptionFunc func(opts *Options)
@ -30,6 +33,10 @@ func NewOptions(funcs ...OptionFunc) *Options {
memory.NewCache[string, time.Time](), memory.NewCache[string, time.Time](),
30*time.Second, 30*time.Second,
), ),
HandleError: func(w http.ResponseWriter, r *http.Request, status int, err error) {
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
http.Error(w, http.StatusText(status), status)
},
} }
for _, fn := range funcs { for _, fn := range funcs {
@ -56,3 +63,9 @@ func WithLayerCache(cache cache.Cache[string, []*store.Layer]) OptionFunc {
opts.LayerCache = cache opts.LayerCache = cache
} }
} }
func WithHandleErrorFunc(fn HandleErrorFunc) OptionFunc {
return func(opts *Options) {
opts.HandleError = fn
}
}

View File

@ -1,9 +1,11 @@
package proxy package proxy
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
"html/template" "html/template"
"io"
"log" "log"
"net" "net"
"net/http" "net/http"
@ -23,7 +25,6 @@ import (
"forge.cadoles.com/cadoles/bouncer/internal/store" "forge.cadoles.com/cadoles/bouncer/internal/store"
"github.com/Masterminds/sprig/v3" "github.com/Masterminds/sprig/v3"
"github.com/getsentry/sentry-go"
sentryhttp "github.com/getsentry/sentry-go/http" sentryhttp "github.com/getsentry/sentry-go/http"
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware" "github.com/go-chi/chi/v5/middleware"
@ -112,6 +113,7 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
s.directorCacheTTL, s.directorCacheTTL,
), ),
), ),
director.WithHandleErrorFunc(s.handleError),
) )
if s.serverConfig.HTTP.UseRealIP { if s.serverConfig.HTTP.UseRealIP {
@ -217,27 +219,24 @@ func (s *Server) createReverseProxy(ctx context.Context, target *url.URL) *httpu
httpTransport.DialContext = dialer.DialContext httpTransport.DialContext = dialer.DialContext
reverseProxy.Transport = httpTransport reverseProxy.Transport = httpTransport
reverseProxy.ErrorHandler = s.handleError reverseProxy.ErrorHandler = s.handleProxyError
return reverseProxy return reverseProxy
} }
func (s *Server) handleDefault(w http.ResponseWriter, r *http.Request) { func (s *Server) handleDefault(w http.ResponseWriter, r *http.Request) {
err := errors.Errorf("no proxy target found") s.handleError(w, r, http.StatusBadGateway, errors.Errorf("no proxy target found"))
logger.Error(r.Context(), "proxy error", logger.CapturedE(err))
sentry.CaptureException(err)
s.renderErrorPage(w, r, err, http.StatusBadGateway, http.StatusText(http.StatusBadGateway))
} }
func (s *Server) handleError(w http.ResponseWriter, r *http.Request, err error) { func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int, err error) {
err = errors.WithStack(err) err = errors.WithStack(err)
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
logger.Error(r.Context(), "proxy error", logger.CapturedE(err)) s.renderErrorPage(w, r, err, status, http.StatusText(status))
sentry.CaptureException(err) }
s.renderErrorPage(w, r, err, http.StatusBadGateway, http.StatusText(http.StatusBadGateway)) func (s *Server) handleProxyError(w http.ResponseWriter, r *http.Request, err error) {
s.handleError(w, r, http.StatusBadGateway, err)
} }
func (s *Server) renderErrorPage(w http.ResponseWriter, r *http.Request, err error, statusCode int, status string) { func (s *Server) renderErrorPage(w http.ResponseWriter, r *http.Request, err error, statusCode int, status string) {
@ -288,12 +287,18 @@ func (s *Server) renderPage(w http.ResponseWriter, r *http.Request, page string,
return return
} }
if err := blockTmpl.Execute(w, templateData); err != nil { var buf bytes.Buffer
if err := blockTmpl.Execute(&buf, templateData); err != nil {
logger.Error(ctx, "could not render proxy page", logger.CapturedE(errors.WithStack(err))) logger.Error(ctx, "could not render proxy page", logger.CapturedE(errors.WithStack(err)))
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
if _, err := io.Copy(w, &buf); err != nil {
logger.Error(ctx, "could not write page", logger.CapturedE(errors.WithStack(err)))
}
} }
func NewServer(funcs ...OptionFunc) *Server { func NewServer(funcs ...OptionFunc) *Server {

View File

@ -76,14 +76,26 @@
margin-top: 2em; margin-top: 2em;
text-align: right; text-align: right;
} }
.stacktrace {
max-height: 250px;
overflow-y: auto;
background-color: #dca0a0;
padding: 0 10px;
border-radius: 5px;
margin-top: 10px;
}
</style> </style>
</head> </head>
<body> <body>
<div id="container"> <div id="container">
<div id="card"> <div id="card">
<h2 class="title">{{ $title }}</h2> <h2 class="title">{{ $title }}</h2>
{{ if .Debug }} {{ if .Debug }}
<pre>{{ .Err }}</pre> <h3>Stack Trace</h3>
<div class="stacktrace">
<pre>{{ printf "%+v" .Err }}</pre>
</div>
{{ end }} {{ end }}
<p class="footer"> <p class="footer">
Propulsé par Propulsé par