feat: update packaged configuration

Merge pull request 'Métriques de base Prometheus' (#4 ) from metrics into develop
Reviewed-on: #4
2023-06-30 17:51:01 -06:00 · 2023-07-01 01:32:10 +02:00 · 2023-06-30 10:26:52 -06:00 · 2023-06-30 10:26:27 -06:00 · 2023-06-29 20:36:11 -06:00 · 2023-06-29 20:16:25 -06:00
63 changed files with 2041 additions and 447 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,9 @@
 /admin-key.json
 /config.yml
 /tools
 /out
 /dist
 /data
 /bin
 /.bouncer-token
 /.env
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@
 /admin-key.json
 /.bouncer-token
 /data
 /out
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -60,6 +60,9 @@ nfpms:
      - src: misc/packaging/common/config.yml
        dst: /etc/bouncer/config.yml
        type: config
      - src: layers
        dst: /etc/bouncer/layers
        type: config
  - id: bouncer-admin
    meta: true
    package_name: bouncer-admin
--- a/16
+++ b/16
@ -1,4 +1,4 @@
-FROM golang:1.19 AS BUILD
+FROM golang:1.20 AS BUILD
 RUN apt-get update \
    && apt-get install -y make
@ -19,12 +19,18 @@ RUN mkdir -p /usr/local/bin \
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
-COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1 /app
+RUN mkdir -p /usr/local/bin /usr/share/bouncer/bin /etc/bouncer
-COPY --from=BUILD /src/config.yml /etc/bouncer/config.yml
+
 COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/bouncer /usr/share/bouncer/bin/bouncer
 COPY --from=BUILD /src/layers /usr/share/bouncer/
 RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer \
    && /usr/share/bouncer/bin/bouncer -c '' config dump > /etc/bouncer/config.yml
 EXPOSE 8080
 EXPOSE 8081
-ENTRYPOINT ["/app/bouncer"]
+ENV BOUNCER_WORKDIR=/usr/share/bouncer
 ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
-CMD ["bouncer", "run", "-c", "/etc/bouncer/config.yml"]
+CMD ["bouncer"]
--- a/21
+++ b/21
@ -5,11 +5,11 @@ GITCHLOG_ARGS ?=
 SHELL := /bin/bash
 BOUNCER_VERSION ?= 
-GIT_VERSION := $(shell git describe --always)
+GIT_COMMIT := $(shell git rev-parse --short HEAD)
 DATE_VERSION := $(shell date +%Y.%-m.%-d)
-FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
+FULL_VERSION := v$(DATE_VERSION)-$(GIT_COMMIT)$(if $(shell git diff --stat),-dirty,)
-DOCKER_IMAGE_NAME ?= cadoles/bouncer
+DOCKER_IMAGE_NAME ?= reg.cadoles.com/cadoles/bouncer
 DOCKER_IMAGE_TAG ?= $(FULL_VERSION)
 GOTEST_ARGS ?= -short
@ -25,16 +25,6 @@ test: test-go ## Executing tests
 test-go: deps
 	( set -o allexport && source .env && set +o allexport && go test -v -count=1 $(GOTEST_ARGS) ./... )
 test-install-script: tools/bin/bash_unit
 	tools/bin/bash_unit ./misc/script/test_install.sh
 tools/bin/bash_unit:
 	mkdir -p tools/bin
 	cd tools/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)	
 lint: ## Lint sources code
 	golangci-lint run --enable-all $(LINT_ARGS)
 build: build-bouncer ## Build artefacts
 build-bouncer: deps ## Build executable
@ -83,9 +73,6 @@ finish-release:
 	git push --all
 	git push --tags
 install-git-hooks:
 	git config core.hooksPath .githooks
 docker-build:
 	docker build -t $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) .
@ -106,7 +93,7 @@ gitea-release: tools/gitea-release/bin/gitea-release.sh goreleaser
 		GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
 		GITEA_RELEASE_VERSION="$(FULL_VERSION)" \
 		GITEA_RELEASE_NAME="$(FULL_VERSION)" \
-		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
+		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_COMMIT)" \
 		GITEA_RELEASE_IS_DRAFT="false" \
 		GITEA_RELEASE_BODY="" \
 		GITEA_RELEASE_ATTACHMENTS="$$(find .gitea-release/* -type f)" \
--- a/doc/README.md
+++ b/doc/README.md
@ -1,13 +1,20 @@
 # Documentation
-## Guide d'utilisation
+- [(FR) - Premiers pas](./fr/getting-started.md)
-
+- [(FR) - Architecture générale](./fr/general-architecture.md)
 > TODO
 ## Référence
-> TODO
+- [(FR) - Layers](./fr/references/layers/README.md)
 - [Fichier de configuration](../misc/packaging/common/config.yml)
 ## Tutoriels
-> TODO
+### Utilisation
 - [(FR) - Ajouter un calque de type "file d'attente"](./fr/tutorials/add-queue-layer.md)
 ### Développement
 - [(FR) - Démarrer avec les sources](./fr/tutorials/getting-start-with-sources.md)
 - [(FR) - Créer son propre layer](./fr/tutorials/create-custom-layer.md)
--- a/doc/fr/general-architecture.md
+++ b/doc/fr/general-architecture.md
@ -0,0 +1,30 @@
 # Architecture générale
 ## Modèles de déploiement
 ### Déploiement mono-noeud
 ![](../resources/deployment_fr.png)
 ## Terminologie
 Voici une liste des termes utilisés dans le lexique Bouncer.
 ### Proxy
 Un "proxy" est une entité logique définissant le relation suivante:
 - Un ou plusieurs patrons de filtrage sous la forme `<host>:<port>`. Ceux ci identifient le ou les domaines associés à l'entité;
 - Une URL cible qui servira de base pour la réécriture des requêtes.
 Un "proxy" peut avoir zéro ou plusieurs "layers" associés.
 Un "proxy" peut être activé ou désactivé.
 Un "proxy" a un poids qui définit son niveau de priorité dans la pile de traitement (plus son poids est élevé plus il est prioritaire).
 ### Layer
 Un "layer" (calque) est une entité logique définissant un traitement à appliquer aux requêtes et/ou aux réponses transitant par un proxy.
 Un "layer" peut être activé ou désactivé.
 Un "layer" a un poids qui définit son niveau de priorité dans la pile de traitement (plus son poids est élevé plus il est prioritaire).
--- a/doc/fr/getting-started.md
+++ b/doc/fr/getting-started.md
@ -0,0 +1,95 @@
 # Premiers pas
 ## Prérequis
 - Une machine Ubuntu 22.04
 ## Étapes
 ### Installation
 1. Installer le serveur Redis
    ```bash
    apt update
    apt install redis
    ```
 2. Sur votre machine Ubuntu, télécharger les dernières versions disponibles des paquets Debian correspondant à votre architecture sur la page ["Versions"](https://forge.cadoles.com/Cadoles/bouncer/releases) du projet:
    - `bouncer-bin_<version>_linux_<arch>.deb`
    - `bouncer-proxy_<version>_linux_<arch>.deb`
    - `bouncer-admin_<version>_linux_<arch>.deb`
 3. Installer les paquets Debian
    ```bash
    # Commencer par le paquet bouncer-bin
    dpkg -i "bouncer-bin_<version>_linux_<arch>.deb"
    # Puis installer les paquets de services
    dpkg -i "bouncer-proxy_<version>_linux_<arch>.deb"
    dpkg -i "bouncer-admin_<version>_linux_<arch>.deb"
    ```
 4. Générer un jeton d'authentification pour le CLI d'administration
    ```bash
    bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
    ```
 5. Tester que le CLI est en capacité d'interroger l'API d'administration
    ```bash
    bouncer admin query proxy
    ```
    Un message équivalent à celui ci devrait s'afficher:
    ```
    +------+---------+--------+
    | NAME | ENABLED | WEIGHT |
    +------+---------+--------+
    +------+---------+--------+
    ```
 ### Créer un premier proxy
 1. Créer un proxy vers https://www.cadoles.com via le CLI
    ```bash
    # Création du proxy nommé 'cadoles' vers https://www.cadoles.com
    bouncer admin proxy create --proxy-to https://www.cadoles.com --proxy-name cadoles
    ```
    Un message équivalent à celui ci devrait s'afficher:
    ```
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    | NAME    | FROM  | TO                      | ENABLED | WEIGHT | CREATEDAT               | UPDATEDAT               |
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    | cadoles | ["*"] | https://www.cadoles.com | false   | 0      | "2023-05-28T14:28:46... | "2023-05-28T14:28:46... |
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    ```
 2. À ce stade, le proxy est créé mais encore inactif. Activer le proxy
    ```bash
    # Activation du proxy
    bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
    ```
    Un message équivalent à celui ci devrait s'afficher:
    ```
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    | NAME    | FROM  | TO                      | ENABLED | WEIGHT | CREATEDAT               | UPDATEDAT               |
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    | cadoles | ["*"] | https://www.cadoles.com | true    | 0      | "2023-05-28T14:28:46... | "2023-05-28T14:28:55... |
    +---------+-------+-------------------------+---------+--------+-------------------------+-------------------------+
    ```
 3. Ouvrir la page `https://<ip_serveur>:8080/` dans un navigateur. Le site Cadoles s'affiche !
 **Bravo, vous avez créé votre premier proxy avec Bouncer !**
--- a/doc/fr/references/layers/README.md
+++ b/doc/fr/references/layers/README.md
@ -0,0 +1,5 @@
 # Layers
 Vous trouverez ci-dessous la liste des entités "Layer" activables sur vos entité "Proxy":
 - [Queue](./queue.md) - File d'attente dynamique
--- a/doc/fr/references/layers/queue.md
+++ b/doc/fr/references/layers/queue.md
@ -0,0 +1,27 @@
 # Layer "Queue"
 ## Description
 Ce layer permet d'ajouter un mécanisme de file d'attente dynamique au proxy associé.
 ## Type
 `queue`
 ## Options
 ### `capacity`
 - **Type:** `number`
 - **Valeur par défaut:** `1000`
 - **Description:** Capacité maximum de la file d'attente.
 ### `keepAlive`
 - **Type:** `string` (Voir [`time.ParseDuration()`](https://pkg.go.dev/time#ParseDuration) pour plus d'informations sur le format)
 - **Valeur par défaut:** `1m`
 - **Description:** Durée de vie d'une session dans la file d'attente sans activité avant expiration.
 ### Schéma
 Voir le [schéma JSON](../../../../internal/proxy/director/layer/queue/schema/layer-options.json).
--- a/doc/fr/tutorials/add-queue-layer.md
+++ b/doc/fr/tutorials/add-queue-layer.md
@ -0,0 +1,48 @@
 # Ajouter un layer de type "file d'attente"
 ## Étapes
 1. Sur le serveur hébergeant les services Bouncer, utiliser le CLI pour créer un nouveau layer pour votre proxy. Dans l'exemple, nous utiliserons le proxy `cadoles` créé dans le cadre du tutoriels ["Premiers pas"](../getting-started.md).
    ```bash
    # Création d'un calque nommé 'my-queue' pour le proxy 'cadoles' de type 'queue'
    bouncer admin layer create --proxy-name cadoles --layer-name my-queue --layer-type queue
    ```
    Un message équivalent à celui ci devrait s'afficher:
    ```
    +----------+-------+---------+--------+---------+-------------------------+-------------------------+
    | NAME     | TYPE  | ENABLED | WEIGHT | OPTIONS | CREATEDAT               | UPDATEDAT               |
    +----------+-------+---------+--------+---------+-------------------------+-------------------------+
    | my-queue | queue | false   | 0      | {}      | "2023-05-28T14:40:25... | "2023-05-28T14:40:25... |
    +----------+-------+---------+--------+---------+-------------------------+-------------------------+
    ```
 2. À ce stade, le layer est encore inactif. Définir la capacité de la file d'attente à 1 et activer le layer en utilisant le CLI:
    ```bash
    bouncer admin layer update --proxy-name cadoles --layer-name my-queue --layer-enabled=true --layer-options '{"capacity": 1}'
    ```
    Un message équivalent à celui ci devrait s'afficher:
    ```
    +----------+-------+---------+--------+----------------+-------------------------+-------------------------+
    | NAME     | TYPE  | ENABLED | WEIGHT | OPTIONS        | CREATEDAT               | UPDATEDAT               |
    +----------+-------+---------+--------+----------------+-------------------------+-------------------------+
    | my-queue | queue | true    | 0      | {"capacity":1} | "2023-05-28T14:51:45... | "2023-05-28T14:52:21... |
    +----------+-------+---------+--------+----------------+-------------------------+-------------------------+
    ```
    > **Astuce**
    > 
    > Les options de chaque type de calque répondent à un schéma spécifique, défini au format [JSON Schema](https://json-schema.org/).
    > 
    > Par exemple, le schéma du calque type 'queue' est consultable [ici](../../../internal/queue/schema/layer-options.json).
 3. Le proxy `cadoles` a désormais une file d'attente avec une capacité d'un seul utilisateur. Vous pouvez effectuer le test en ouvrant votre navigateur sur l'adresse `http://<ip_serveur>:8080/` puis en ouvrant une fenêtre de navigation privée sur la même adresse:
    - La première fenêtre devrait afficher le site Cadoles;
    - La seconde fenêtre devrait afficher une page indiquant qu'on est en file d'attente.
    Si vous laissez expirer la "session" de la première fenêtre (environ 1 minute par défaut) et que vous rafraîchissez la seconde, vous devriez avoir une inversion des états.
--- a/doc/fr/tutorials/create-custom-layer.md
+++ b/doc/fr/tutorials/create-custom-layer.md
@ -0,0 +1,446 @@
 # Créer son propre layer
 Dans ce tutoriel, nous verrons comment implémenter un layer personnalisé qui permettra d'ajouter une authentification de type [`Basic Auth](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) à un proxy.
 ## Prérequis
 Avoir un environnement de développement local fonctionnel. Voir tutoriel ["Démarrer avec les sources"](./getting-started-with-sources.md).
 ## Étapes
 ### Préparer la structure de base du nouveau layer
 Une implémetation d'un layer se compose majoritairement de 3 éléments:
 - Une structure qui implémente une ou plusieurs interfaces (`director.MiddlewareLayer`, `director.RequestTransformerLayer` et/ou `director.ResponseTransformerLayer`);
 - Un schéma au format [JSON Schema](http://json-schema.org/) qui permettra de valider les "options" de notre layer;
 - Un fichier d'amorçage qui permettra à Bouncer de référencer notre nouveau layer.
 1. Créer le répertoire du `package` Go qui contiendra le code de votre layer. Celui ci s'appelera `basicauth`:
    ```
    mkdir -p internal/proxy/director/layer/basicauth
    ```
 2. Créer la structure de base du layer:
    ```go
    // Fichier internal/proxy/director/layer/basicauth/basicauth.go
    package basicauth
    import (
        proxy "forge.cadoles.com/Cadoles/go-proxy"
        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
        "forge.cadoles.com/cadoles/bouncer/internal/store"
    )
    // On définit le "type" (la chaîne de caractères) qui
    // sera associé à notre layer
    const LayerType store.LayerType = "basicauth"
    // On déclare la structure qui
    // servira de socle pour notre layer
    type BasicAuth struct{}
    // Les deux méthodes suivantes, attachées à 
    // notre structure BasicAuth, permettent de remplir
    // le contrat définit par l'interface 
    // director.MiddlewareLayer
    // LayerType implements director.MiddlewareLayer.
    func (*BasicAuth) LayerType() store.LayerType {
        return LayerType
    }
    // C'est dans la méthode "Middleware" qu'on pourra implémenter la
    // logique appliquée par notre layer.
    // En l'état actuel l'exécution de la méthode provoquera un panic().
    // Middleware implements director.MiddlewareLayer.
    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
        panic("unimplemented")
    }
    func New() *BasicAuth {
        return &BasicAuth{}
    }
    // Cette déclaration permet de profiter
    // des capacités du compilateur pour s'assurer
    // que la structure BasicAuth remplie toujours le
    // contrat imposé par l'interface director.MiddlewareLayer
    var _ director.MiddlewareLayer = &BasicAuth{}
    ```
 3. Créer le schéma JSON qui sera associé aux options possibles pour notre layer:
    ```json
    // Fichier internal/proxy/director/layer/basicauth/layer-options.json
    {
        "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/basicauth-layer-options",
        "title": "BasicAuth layer options",
        "type": "object",
        "properties": {},
        "additionalProperties": false
    }
    ```
 4. Puis créer le fichier Go qui embarquera ces données dans notre binaire via le package [`embed`](https://pkg.go.dev/embed):
    ```go
    // Fichier internal/proxy/director/layer/basicauth/layer_options.go
    package basicauth
    import (
        _ "embed"
    )
    //go:embed layer-options.json
    var RawLayerOptionsSchema []byte
    ```
 5. Enfin, créer le fichier d'amorçage pour référencer notre nouveau layer avec Bouncer:
    ```go
    // Fichier internal/setup/basicauth_layer.go
    package setup
    import (
        "forge.cadoles.com/cadoles/bouncer/internal/config"
        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/basicauth"
    )
    // On créait une function d'initialisation qui enregistra les éléments suivants auprès de Bouncer:
    // - Notre nouveau type de layer
    // - Une fonction capable de créer une instance de notre layer
    // - Le schéma associé aux options de notre layer
    func init() {
        RegisterLayer(basicauth.LayerType, setupBasicAuthLayer, basicauth.RawLayerOptionsSchema)
    }
    // La fonction de création de notre layer
    // reçoit automatiquement la configuration actuelle de Bouncer.
    // Une layer plus avancé pourrait être configurable de cette manière
    // en créant une nouvelle section de configuration dédiée.
    func setupBasicAuthLayer(conf *config.Config) (director.Layer, error) {
        return &basicauth.BasicAuth{}, nil
    }
    ```
 ## Tester l'intégration de notre nouveau layer
 À ce stade, notre nouveau layer est normalement référencé et donc "utilisable" dans Bouncer (si on omet le fait qu'il déclenchera une `panic()`).
 1. Vérifier que notre layer est bien référencé en exécutant la commande:
    ```
    ./bin/bouncer admin layer create --help
    ```
    La sortie devrait ressembler à:
    ```
    NAME:
    bouncer admin layer create - Create layer
    USAGE:
    bouncer admin layer create [command options] [arguments...]
    OPTIONS:
    --layer-type LAYER_TYPE        Set LAYER_TYPE as layer's type (available: [basicauth queue])
    [...]
    ```
    Comme vous devriez le voir nous pouvons désormais créer des layers de type `basicauth`.
 2. Créer un proxy puis une instance de notre nouveau layer associée à celui ci:
    ```bash
    # Créer un proxy
    ./bin/bouncer admin proxy create --proxy-name cadoles --proxy-to https://www.cadoles.com
    # Activer celui-ci
    ./bin/bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
    # Ajouter un layer de notre nouveau type à notre proxy
    ./bin/bouncer admin layer create --proxy-name cadoles --layer-name mybasicauth --layer-type basicauth
    # Activer notre nouveau layer
    ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-enabled=true
    ```
 **Notre layer est actif** ! Cependant il est loin d'être fonctionnel. En effet, si vous faites un:
 ```
 curl -v http://localhost:8080
 ```
 Vous n'aurez guère en retour qu'un:
 ```
 *   Trying 127.0.0.1:8080...
 * Connected to localhost (127.0.0.1) port 8080 (#0)
 > GET / HTTP/1.1
 > Host: localhost:8080
 > User-Agent: curl/8.1.2
 > Accept: */*
 > 
 * Empty reply from server
 * Closing connection 0
 curl: (52) Empty reply from server
 ```
 Et également dans la console où s'exécute le service `bouncer-proxy`, vous aurez le message:
 ```
 2023/06/23 18:39:59 http: panic serving 127.0.0.1:59868: unimplemented
 ```
 **Il est temps d'implémenter réellement la logique associée à notre layer !**
 > **Note** Vous pouvez désactiver votre layer via le drapeau `--layer-enabled=false` et voir le site Cadoles s'afficher à nouveau !
 ## Implémenter l'authentification sur notre nouveau layer
 Nous allons modifier la méthode `Middleware(layer *store.Layer) proxy.Middleware` attachée à notre structure `BasicAuth`.
 1. Modifier le fichier contenant la structure de notre layer de la manière suivante:
    ```go
    // Fichier internal/proxy/director/layer/basicauth/basicauth.go
    // [...]
    // Middleware implements director.MiddlewareLayer.
    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
        // La méthode doit retourner un "Middleware" qui est un alias
        // pour les fonctions généralement utilisées
        // dans les librairies http en Go pour créer
        // une fonction d'interception/transformation de requête.
        return func(next http.Handler) http.Handler {
            fn := func(w http.ResponseWriter, r *http.Request) {
                // On récupère les identifiants "basic auth" transmis (ou non)
                // avec la requête
                username, password, ok := r.BasicAuth()
                // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
                unauthorized := func() {
                    // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
                    // de la popup d'authentification dans le navigateur web de l'utilisateur.
                    w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
                    // On retoure un code d'erreur HTTP 401 (Unauthorized)
                    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
                }
                if !ok {
                    // L'entête Authorization est absente ou ne correspondant
                    // pas à du Basic Auth, on retourne une erreur HTTP 401 et
                    // on interrompt le traitement de la requête ici
                    unauthorized()
                    return
                }
                // On vérifie les identifiants associés à la requête
                isAuthenticated := authenticate(username, password)
                // Si les identifiants sont non reconnus alors
                // on interrompt le traitement de la requête
                if !isAuthenticated {
                    unauthorized()
                    return
                }
                // L'authentification a réussie ! On passe la main au handler HTTP suivant
                next.ServeHTTP(w, r)
            }
            return http.HandlerFunc(fn)
        }
    }
    // La méthode authenticate() prend un couple d'identifiants
    // est vérifie en temps constant si ceux ci correspondent à un couple
    // d'identifiants attendus.
    func authenticate(username, password string) bool {
        // On génère une empreinte au format sha256 pour nos identifiants
        usernameHash := sha256.Sum256([]byte(username))
        passwordHash := sha256.Sum256([]byte(password))
        // On effectue de même avec les identifiants attendus.
        // Pour l'instant, on utilise un couple d'identifiants en "dur".
        expectedUsernameHash := sha256.Sum256([]byte("foo"))
        expectedPasswordHash := sha256.Sum256([]byte("baz"))
        // On utilise la méthode subtle.ConstantTimeCompare()
        // pour faire la comparaison des identifiants en temps constant
        // et ainsi éviter les attaques par timing.
        usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
        passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
        // L'utilisateur est authentifié si son nom et son mot de passe
        // correspondent avec ceux attendus.
        return usernameMatch && passwordMatch
    }
    ```
 2. Dans votre navigateur, essayez d'ouvrir l'URL http://127.0.0.1:8080. La popup d'authentification devrait s'afficher et vous devriez pouvoir utiliser les identifiants définis dans la fonction `authenticate()` pour vous authentifier et accéder au site de Cadoles !
    > **Note** Essayez de désactiver le layer. L'authentification est automatiquement désactivée également !
 ## Déclarer des options pour pouvoir utiliser des identifiants dynamiques
 En l'état actuel notre layer est fonctionnel. Cependant il souffre d'un problème notable: les identifiants attendus sont statiques et embarqués en dur dans le code. Nous allons utiliser le schéma associé à nos options, jusqu'alors vide, pour pouvoir créer une paire d'identifiants attendus dynamique.
 1. Modifier le schéma JSON des options de notre layer:
    ```json
    // Fichier internal/proxy/director/layer/basicauth/layer-options.json
    {
        "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/basicauth-layer-options",
        "title": "BasicAuth layer options",
        "type": "object",
        "properties": {
            "username": {
                "type": "string"
            },
            "password": {
                "type": "string"
            }
        },
        "additionalProperties": false
    }
    ```
 2. On modifie notre méthode `Middleware()` et la fonction `authenticate()` pour utiliser ces nouvelles options:
    ```go
    package basicauth
    import (
        "crypto/sha256"
        "crypto/subtle"
        "net/http"
        proxy "forge.cadoles.com/Cadoles/go-proxy"
        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
        "forge.cadoles.com/cadoles/bouncer/internal/store"
        "gitlab.com/wpetit/goweb/logger"
    )
    const LayerType store.LayerType = "basicauth"
    type BasicAuth struct{}
    // LayerType implements director.MiddlewareLayer.
    func (*BasicAuth) LayerType() store.LayerType {
        return LayerType
    }
    // Middleware implements director.MiddlewareLayer.
    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
        // La méthode doit retourner un "Middleware" qui est un alias
        // pour les fonctions généralement utilisées
        // dans les librairies http en Go pour créer
        // une fonction d'interception/transformation de requête.
        return func(next http.Handler) http.Handler {
            fn := func(w http.ResponseWriter, r *http.Request) {
                // On récupère les identifiants "basic auth" transmis (ou non)
                // avec la requête
                username, password, ok := r.BasicAuth()
                // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
                unauthorized := func() {
                    // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
                    // de la popup d'authentification dans le navigateur web de l'utilisateur.
                    w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
                    // On retoure un code d'erreur HTTP 401 (Unauthorized)
                    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
                }
                if !ok {
                    // L'entête Authorization est absente ou ne correspondant
                    // pas à du Basic Auth, on retourne une erreur HTTP 401 et
                    // on interrompt le traitement de la requête ici
                    unauthorized()
                    return
                }
                // On extrait les identifiants des options associées à notre layer
                expectedUsername, usernameExists := layer.Options["username"].(string)
                expectedPassword, passwordExists := layer.Options["password"].(string)
                // Si le nom d'utilisateur ou le mot de passe attendu n'existe pas
                // alors on retourne une erreur HTTP 500 à l'utilisateur.
                if !usernameExists || !passwordExists {
                    logger.Error(r.Context(), "basicauth layer missing password or username option")
                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
                    return
                }
                // On vérifie les identifiants associés à la requête
                isAuthenticated := authenticate(username, password, expectedUsername, expectedPassword)
                // Si les identifiants sont non reconnus alors
                // on interrompt le traitement de la requête
                if !isAuthenticated {
                    unauthorized()
                    return
                }
                // L'authentification a réussie ! On passe la main au handler HTTP suivant
                next.ServeHTTP(w, r)
            }
            return http.HandlerFunc(fn)
        }
    }
    func authenticate(username, password string, expectedUsername, expectedPassword string) bool {
        // On génère une empreinte au format sha256 pour nos identifiants
        usernameHash := sha256.Sum256([]byte(username))
        passwordHash := sha256.Sum256([]byte(password))
        // On effectue de même avec les identifiants attendus.
        expectedUsernameHash := sha256.Sum256([]byte(expectedUsername))
        expectedPasswordHash := sha256.Sum256([]byte(expectedPassword))
        // On utilise la méthode subtle.ConstantTimeCompare()
        // pour faire la comparaison des identifiants en temps constant
        // et ainsi éviter les attaques par timing.
        usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
        passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
        // L'utilisateur est authentifié si son nom et son mot de passe
        // correspondent avec ceux attendus.
        return usernameMatch && passwordMatch
    }
    func New() *BasicAuth {
        return &BasicAuth{}
    }
    var _ director.MiddlewareLayer = &BasicAuth{}
    ```
 3. Modifiez votre layer via la commande d'administration pour déclarer une paire d'identifiants:
    ```bash
    ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-options='{"username":"jdoe","password":"notsosecret"}'
    ```
 4. Essayer d'accéder à l'adresse http://127.0.0.1:8080 avec votre navigateur. La popup d'authentification devrait s'afficher et vous devriez pouvoir vous authentifier avec le nouveau couple d'identifiants définis dans les options de votre layer !
 > **Note** Vous pouvez modifier les identifiants plusieurs fois via la commande et vérifier que la fenêtre s'affiche toujours à nouveau, demandant les nouveaux identifiants.
--- a/doc/fr/tutorials/getting-started-with-sources.md
+++ b/doc/fr/tutorials/getting-started-with-sources.md
@ -0,0 +1,125 @@
 # Démarrer avec les sources
 Dans ce tutoriel, nous verrons comment lancer un environnement de développement en local sur notre machine afin de travailler sur les sources de Bouncer.
 ## Prérequis
 Les éléments suivants doivent être installés sur votre machine:
 - [Golang > 1.20](https://go.dev/)
 - [Docker](https://www.docker.com/)
 - [Git](https://git-scm.com/)
 - [GNU Make](https://www.gnu.org/software/make/)
 Les ports suivants doivent être disponibles sur votre machine:
 - `8080`
 - `8081`
 ## Étapes
 1. Cloner le dépôt des sources du projet Bouncer
    ```
    git clone https://forge.cadoles.com/Cadoles/bouncer
    ```
 2. Se positionner dans le répertoire du projet
    ```
    cd bouncer
    ```
 3. Lancer le projet en mode "développement"
    ```
    make watch
    ```
 Si toutes les dépendances sont correctement installées et configurées sur votre machine, la console devrait afficher une série de messages pour ensuite s'arrêter sur quelque chose ressemblant à:
 ```
 14:47:06: daemon: make run BOUNCER_CMD="--config config.yml server admin run"
 2023-06-23 20:47:06.095 [INFO]	<./internal/command/server/admin/run.go:42>	RunCommand.func1	listening	{"url": "http://127.0.0.1:8081"}
 2023-06-23 20:47:06.095 [INFO]	<./internal/admin/server.go:126>	(*Server).run	http server listening
 14:47:06: daemon: make run-redis
 bouncer-redis
 docker run --rm -t \
 	--name bouncer-redis \
 	-v /home/wpetit/workspace/bouncer/data/redis:/data \
 	-p 6379:6379 \
 	redis:alpine3.17 \
 	redis-server --save 60 1 --loglevel warning
 1:C 23 Jun 2023 20:47:06.754 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
 1:C 23 Jun 2023 20:47:06.754 # Redis version=7.0.11, bits=64, commit=00000000, modified=0, pid=1, just started
 1:C 23 Jun 2023 20:47:06.754 # Configuration loaded
 1:M 23 Jun 2023 20:47:06.759 # Warning: Could not create server TCP listening socket ::*:6379: unable to bind socket, errno: 97
 1:M 23 Jun 2023 20:47:06.760 # Server initialized
 1:M 23 Jun 2023 20:47:06.760 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect
 ```
 À ce stade, le serveur `bouncer-admin` écoute sur http://127.0.0.1:8081 et le serveur `bouncer-proxy` sur http://127.0.0.1:8080.
 > **Note**
 > 
 > L'outil [`modd`](https://github.com/cortesi/modd) est utilisé pour surveiller les modifications sur les sources et relancer automatiquement la compilation et les services en cas de changement.
 ## Commandes `make` utiles
 ### `make watch`
 Surveiller les sources, compiler celles ci en cas de modifications et lancer les services `bouncer-proxy` et `bouncer-admin`.
 #### `make test`
 Exécuter les tests unitaires/d'intégration du projet.
 #### `make build`
 Compiler une version de développement du binaire `bouncer`.
 #### `make docker-build`
 Construire une image Docker pour Bouncer.
 Vous pouvez ensuite lancer l'image localement avec la commande:
 ```
 docker run \
    -it --rm \
    reg.cadoles.com/cadoles/bouncer:<tag> \
    -p 8080:8080 \
    bouncer server proxy run
 ```
 ## Arborescence du projet
 ```bash
 .
 ├── bin             # Répertoire de destination des binaires Go de développement
 ├── cmd             # Package principal (main) du binaire Bouncer
 ├── data            # Répertoire des données de développement (Redis)
 ├── dist            # Répertoire de destination des archives/paquets pour la publication
 ├── doc             # Répertoire de documentation du projet
 ├── internal        # Source Go du projet
 │   ├── admin
 │   ├── auth
 │   ├── chi
 │   ├── client
 │   ├── command
 │   ├── config
 │   ├── format
 │   ├── imports
 │   ├── jwk
 │   ├── proxy
 │   ├── schema
 │   ├── setup
 │   └── store
 ├── layers          # Fichiers annexes liés aux layers (templates HTML)
 │   └── queue
 ├── misc            # Fichiers annexes
 │   ├── jenkins     # Fichiers liés au pipeline d'intégration continue Jenkins
 │   ├── logo        # Logo du projet
 │   └── packaging   # Fichiers liés à l'empaquetage des binaires
 └── tools           # Outils utilisés en développement
 ```
--- a/doc/resources/deployment_fr.plantuml
+++ b/doc/resources/deployment_fr.plantuml
@ -0,0 +1,37 @@
@startuml
 skinparam linetype ortho
 skinparam ranksep 150
 skinparam nodesep 50
 top to bottom direction
 frame "Exemple de déploiement mono-noeud" as ExampleSimpleNode {
    actor "Navigateur Web" as WebNavigator
    node "Serveur Bouncer" as BouncerServer {
        actor "CLI d'administration" as AdminCLI
        database "Redis" as RedisDatabase
        component "bouncer-proxy" as  BouncerProxyService
        component "bouncer-admin" as BouncerAdminService
        folder "/etc/bouncer" as BouncerConfigFolder      
    }
    node "Serveur distant" as RemoteServer {
        component "Site Web" as RemoteWebsite
    }
    WebNavigator --down0)- BouncerProxyService: "TCP/80 (HTTP)"
    AdminCLI -0)- BouncerAdminService: "TCP/8081 (HTTP)"
    BouncerProxyService -down0)-- RemoteWebsite: "TCP/80 (HTTP)\nTCP/443 (HTTPS)"
    BouncerAdminService .down.> RedisDatabase: reads/writes
    BouncerProxyService .down.> RedisDatabase: reads
    BouncerAdminService ..> BouncerConfigFolder: uses
    BouncerProxyService ..> BouncerConfigFolder: uses
@enduml
--- a/doc/resources/deployment_fr.png
+++ b/doc/resources/deployment_fr.png
--- a/go.mod
+++ b/go.mod
@ -4,19 +4,24 @@ go 1.20
 require (
 	forge.cadoles.com/Cadoles/go-proxy v0.0.0-20230512083245-e2dc3e1a0333
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/btcsuite/btcd/btcutil v1.1.3
 	github.com/davecgh/go-spew v1.1.1
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/jedib0t/go-pretty/v6 v6.4.6
 	github.com/mitchellh/mapstructure v1.4.1
 	github.com/ory/dockertest/v3 v3.10.0
 	github.com/qri-io/jsonschema v0.2.1
 	github.com/redis/go-redis/v9 v9.0.4
 )
 require (
 	cloud.google.com/go v0.99.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
@ -26,25 +31,35 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/opencontainers/runc v1.1.5 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/qri-io/jsonpointer v0.1.1 // indirect
 	github.com/qri-io/jsonschema v0.2.1 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	google.golang.org/genproto v0.0.0-20220314164441-57ef72a4c106 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
@ -81,7 +96,7 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.8.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/term v0.7.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
--- a/go.sum
+++ b/go.sum
@ -57,6 +57,12 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
@ -74,6 +80,8 @@ github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUS
 github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA=
 github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao=
 github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
 github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
@ -224,6 +232,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@ -282,8 +292,11 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1Rjl9Jw=
@ -300,6 +313,7 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@ -338,9 +352,15 @@ github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp9
 github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
@ -366,6 +386,7 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -373,7 +394,15 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
 github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
 github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
 github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
 github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/qri-io/jsonpointer v0.1.1 h1:prVZBZLL6TW5vsSB9fFHFAMBLI4b0ri5vribQlTJiBA=
 github.com/qri-io/jsonpointer v0.1.1/go.mod h1:DnJPaYgiKu56EuDp8TU5wFLdZIcAnb/uH9v37ZaMV64=
 github.com/qri-io/jsonschema v0.2.1 h1:NNFoKms+kut6ABPf6xiKNM5214jzxAhDBrPHCJ97Wg0=
@ -385,17 +414,23 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@ -456,6 +491,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
@ -539,6 +575,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
@ -640,12 +677,16 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
@ -659,6 +700,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
@ -868,6 +910,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
--- a/internal/admin/layer_route.go
+++ b/internal/admin/layer_route.go
@ -5,6 +5,7 @@ import (
 	"sort"
 	"forge.cadoles.com/cadoles/bouncer/internal/schema"
 	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/go-chi/chi/v5"
 	"github.com/pkg/errors"
@ -155,13 +156,22 @@ func (s *Server) createLayer(w http.ResponseWriter, r *http.Request) {
 	layerName, err := store.ValidateName(createLayerReq.Name)
 	if err != nil {
-		logger.Error(r.Context(), "could not parse 'name' parameter", logger.E(errors.WithStack(err)))
+		logger.Error(r.Context(), "invalid 'name' parameter", logger.E(errors.WithStack(err)))
-		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeMalformedRequest, nil)
+		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
 		return
 	}
-	layer, err := s.layerRepository.CreateLayer(ctx, proxyName, store.LayerName(layerName), store.LayerType(createLayerReq.Type), createLayerReq.Options)
+	layerType := store.LayerType(createLayerReq.Type)
 	if !setup.LayerTypeExists(layerType) {
 		logger.Error(r.Context(), "unknown layer type", logger.E(errors.WithStack(err)), logger.F("layerType", layerType))
 		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
 		return
 	}
 	layer, err := s.layerRepository.CreateLayer(ctx, proxyName, store.LayerName(layerName), layerType, createLayerReq.Options)
 	if err != nil {
 		if errors.Is(err, store.ErrAlreadyExist) {
 			api.ErrorResponse(w, http.StatusConflict, ErrCodeAlreadyExist, nil)
@ -235,7 +245,19 @@ func (s *Server) updateLayer(w http.ResponseWriter, r *http.Request) {
 	}
 	if updateLayerReq.Options != nil {
-		if err := schema.ValidateLayerOptions(ctx, layer.Type, updateLayerReq.Options); err != nil {
+		layerOptionsSchema, err := setup.GetLayerOptionsSchema(layer.Type)
 		if err != nil {
 			logger.Error(r.Context(), "could not retrieve layer options schema", logger.E(errors.WithStack(err)))
 			api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
 			return
 		}
 		rawOptions := func(opts *store.LayerOptions) map[string]any {
 			return *opts
 		}(updateLayerReq.Options)
 		if err := schema.Validate(ctx, layerOptionsSchema, rawOptions); err != nil {
 			logger.Error(r.Context(), "could not validate layer options", logger.E(errors.WithStack(err)))
 			var invalidDataErr *schema.InvalidDataError
--- a/internal/admin/server.go
+++ b/internal/admin/server.go
@ -16,6 +16,7 @@ import (
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"gitlab.com/wpetit/goweb/logger"
 )
@ -101,6 +102,25 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 	router.Use(corsMiddleware.Handler)
 	if s.serverConfig.Metrics.Enabled {
 		metrics := s.serverConfig.Metrics
 		logger.Info(ctx, "enabling metrics", logger.F("endpoint", metrics.Endpoint))
 		router.Group(func(r chi.Router) {
 			if metrics.BasicAuth != nil {
 				logger.Info(ctx, "enabling authentication on metrics endpoint")
 				r.Use(middleware.BasicAuth(
 					"metrics",
 					metrics.BasicAuth.CredentialsMap(),
 				))
 			}
 			r.Handle(string(metrics.Endpoint), promhttp.Handler())
 		})
 	}
 	router.Route("/api/v1", func(r chi.Router) {
 		r.Group(func(r chi.Router) {
 			r.Use(auth.Middleware(
--- a/internal/command/admin/layer/flag/flag.go
+++ b/internal/command/admin/layer/flag/flag.go
@ -2,27 +2,22 @@ package flag
 import (
 	"encoding/json"
 	"fmt"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 )
 const (
-	FlagLayerName    = "layer-name"
+	FlagKeyLayerType = "layer-type"
 	FlagLayerType    = "layer-type"
 	FlagLayerOptions = "layer-options"
 )
 func WithLayerFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := proxyFlag.WithProxyFlags(
-		&cli.StringFlag{
+		LayerName(),
 			Name:     FlagLayerName,
 			Usage:    "use `LAYER_NAME` as targeted layer",
 			Value:    "",
 			Required: true,
 		},
 	)
 	flags = append(flags, baseFlags...)
@ -32,22 +27,63 @@ func WithLayerFlags(flags ...cli.Flag) []cli.Flag {
 func WithLayerCreateFlags(flags ...cli.Flag) []cli.Flag {
 	return WithLayerFlags(
-		&cli.StringFlag{
+		LayerType(),
-			Name:     FlagLayerType,
+		LayerOptions(),
 			Usage:    "Set `LAYER_TYPE` as layer's type",
 			Value:    "",
 			Required: true,
 		},
 		&cli.StringFlag{
 			Name:  FlagLayerOptions,
 			Usage: "Set `LAYER_OPTIONS` as layer's options",
 			Value: "{}",
 		},
 	)
 }
 const KeyLayerName = "layer-name"
 func LayerName() cli.Flag {
 	return &cli.StringFlag{
 		Name:     KeyLayerName,
 		Usage:    "use `LAYER_NAME` as targeted layer",
 		Value:    "",
 		Required: true,
 	}
 }
 const KeyLayerType = "layer-type"
 func LayerType() cli.Flag {
 	return &cli.StringFlag{
 		Name:     KeyLayerType,
 		Usage:    fmt.Sprintf("Set `LAYER_TYPE` as layer's type (available: %v)", setup.GetLayerTypes()),
 		Value:    "",
 		Required: true,
 	}
 }
 const KeyLayerOptions = "layer-options"
 func LayerOptions() cli.Flag {
 	return &cli.StringFlag{
 		Name:  KeyLayerOptions,
 		Usage: "Set `LAYER_OPTIONS` as layer's options",
 		Value: "{}",
 	}
 }
 const KeyLayerWeight = "layer-weight"
 func LayerWeight() cli.Flag {
 	return &cli.IntFlag{
 		Name:  KeyLayerWeight,
 		Usage: "Set `LAYER_WEIGHT` as layer's weight",
 	}
 }
 const KeyLayerEnabled = "layer-enabled"
 func LayerEnabled() cli.Flag {
 	return &cli.BoolFlag{
 		Name:  KeyLayerEnabled,
 		Usage: "Enable or disable layer",
 	}
 }
 func AssertLayerName(ctx *cli.Context) (store.LayerName, error) {
-	rawLayerName := ctx.String(FlagLayerName)
+	rawLayerName := ctx.String(KeyLayerName)
 	name, err := store.ValidateName(rawLayerName)
 	if err != nil {
@ -58,13 +94,18 @@ func AssertLayerName(ctx *cli.Context) (store.LayerName, error) {
 }
 func AssertLayerType(ctx *cli.Context) (store.LayerType, error) {
-	rawLayerType := ctx.String(FlagLayerType)
+	rawLayerType := ctx.String(FlagKeyLayerType)
-	return store.LayerType(rawLayerType), nil
+	layerType := store.LayerType(rawLayerType)
 	if !setup.LayerTypeExists(layerType) {
 		return "", errors.Errorf("unknown layer type '%s'", layerType)
 	}
 	return layerType, nil
 }
 func AssertLayerOptions(ctx *cli.Context) (store.LayerOptions, error) {
-	rawLayerOptions := ctx.String(FlagLayerOptions)
+	rawLayerOptions := ctx.String(KeyLayerOptions)
 	layerOptions := store.LayerOptions{}
--- a/internal/command/admin/layer/update.go
+++ b/internal/command/admin/layer/update.go
@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
@ -20,18 +21,9 @@ func UpdateCommand() *cli.Command {
 		Name:  "update",
 		Usage: "Update layer",
 		Flags: layerFlag.WithLayerFlags(
-			&cli.BoolFlag{
+			flag.LayerEnabled(),
-				Name:  "enabled",
+			flag.LayerWeight(),
-				Usage: "Enable or disable proxy",
+			flag.LayerOptions(),
 			},
 			&cli.IntFlag{
 				Name:  "weight",
 				Usage: "Set `WEIGHT` as proxy's weight",
 			},
 			&cli.StringFlag{
 				Name:  "options",
 				Usage: "Set `OPTIONS` as proxy's options",
 			},
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@ -53,22 +45,22 @@ func UpdateCommand() *cli.Command {
 			opts := &client.UpdateLayerOptions{}
-			if ctx.IsSet("options") {
+			if ctx.IsSet(flag.KeyLayerOptions) {
 				var options store.LayerOptions
-				if err := json.Unmarshal([]byte(ctx.String("options")), &options); err != nil {
+				if err := json.Unmarshal([]byte(ctx.String(flag.KeyLayerOptions)), &options); err != nil {
-					return errors.Wrap(err, "could not parse options")
+					return errors.Wrap(err, "could not parse layer's options")
 				}
 				opts.Options = &options
 			}
-			if ctx.IsSet("weight") {
+			if ctx.IsSet(flag.KeyLayerWeight) {
-				weight := ctx.Int("weight")
+				weight := ctx.Int(flag.KeyLayerWeight)
 				opts.Weight = &weight
 			}
-			if ctx.IsSet("enabled") {
+			if ctx.IsSet(flag.KeyLayerEnabled) {
-				enabled := ctx.Bool("enabled")
+				enabled := ctx.Bool(flag.KeyLayerEnabled)
 				opts.Enabled = &enabled
 			}
--- a/internal/command/admin/proxy/create.go
+++ b/internal/command/admin/proxy/create.go
@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
@ -18,17 +19,8 @@ func CreateCommand() *cli.Command {
 		Name:  "create",
 		Usage: "Create proxy",
 		Flags: proxyFlag.WithProxyFlags(
-			&cli.StringFlag{
+			flag.ProxyTo(true),
-				Name:     "to",
+			flag.ProxyFrom(),
 				Usage:    "Set `TO` as proxy's destination url",
 				Value:    "",
 				Required: true,
 			},
 			&cli.StringSliceFlag{
 				Name:  "from",
 				Usage: "Set `FROM` as proxy's patterns to match incoming requests",
 				Value: cli.NewStringSlice("*"),
 			},
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@ -43,12 +35,12 @@ func CreateCommand() *cli.Command {
 				return errors.Wrap(err, "'to' parameter should be a valid url")
 			}
-			to, err := url.Parse(ctx.String("to"))
+			to, err := url.Parse(ctx.String(flag.KeyProxyTo))
 			if err != nil {
 				return errors.Wrap(err, "'to' parameter should be a valid url")
 			}
-			from := ctx.StringSlice("from")
+			from := ctx.StringSlice(flag.KeyProxyFrom)
 			client := client.New(baseFlags.ServerURL, client.WithToken(token))
--- a/internal/command/admin/proxy/flag/flag.go
+++ b/internal/command/admin/proxy/flag/flag.go
@ -7,16 +7,9 @@ import (
 	"github.com/urfave/cli/v2"
 )
 const FlagProxyName = "proxy-name"
 func WithProxyFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := clientFlag.ComposeFlags(
-		&cli.StringFlag{
+		ProxyName(),
 			Name:     FlagProxyName,
 			Usage:    "use `PROXY_NAME` as targeted proxy",
 			Value:    "",
 			Required: true,
 		},
 	)
 	flags = append(flags, baseFlags...)
@ -24,8 +17,58 @@ func WithProxyFlags(flags ...cli.Flag) []cli.Flag {
 	return flags
 }
 const KeyProxyName = "proxy-name"
 func ProxyName() cli.Flag {
 	return &cli.StringFlag{
 		Name:     KeyProxyName,
 		Usage:    "use `PROXY_NAME` as targeted proxy",
 		Value:    "",
 		Required: true,
 	}
 }
 const KeyProxyTo = "proxy-to"
 func ProxyTo(required bool) cli.Flag {
 	return &cli.StringFlag{
 		Name:     KeyProxyTo,
 		Usage:    "Set `PROXY_TO` as proxy's destination url",
 		Value:    "",
 		Required: required,
 	}
 }
 const KeyProxyFrom = "proxy-from"
 func ProxyFrom() cli.Flag {
 	return &cli.StringSliceFlag{
 		Name:  KeyProxyFrom,
 		Usage: "Set `PROXY_FROM` as proxy's patterns to match incoming requests",
 		Value: cli.NewStringSlice("*"),
 	}
 }
 const KeyProxyWeight = "proxy-weight"
 func ProxyWeight() cli.Flag {
 	return &cli.IntFlag{
 		Name:  KeyProxyWeight,
 		Usage: "Set `PROXY_WEIGHT` as proxy's weight",
 	}
 }
 const KeyProxyEnabled = "proxy-enabled"
 func ProxyEnabled() cli.Flag {
 	return &cli.BoolFlag{
 		Name:  KeyProxyEnabled,
 		Usage: "Enable or disable proxy",
 	}
 }
 func AssertProxyName(ctx *cli.Context) (store.ProxyName, error) {
-	rawProxyName := ctx.String(FlagProxyName)
+	rawProxyName := ctx.String(KeyProxyName)
 	name, err := store.ValidateName(rawProxyName)
 	if err != nil {
--- a/internal/command/admin/proxy/update.go
+++ b/internal/command/admin/proxy/update.go
@ -7,6 +7,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
@ -18,22 +19,10 @@ func UpdateCommand() *cli.Command {
 		Name:  "update",
 		Usage: "Update proxy",
 		Flags: proxyFlag.WithProxyFlags(
-			&cli.StringFlag{
+			flag.ProxyTo(false),
-				Name:  "to",
+			flag.ProxyFrom(),
-				Usage: "Set `TO` as proxy's destination url",
+			flag.ProxyEnabled(),
-			},
+			flag.ProxyWeight(),
 			&cli.StringSliceFlag{
 				Name:  "from",
 				Usage: "Set `FROM` as proxy's patterns to match incoming requests",
 			},
 			&cli.BoolFlag{
 				Name:  "enabled",
 				Usage: "Enable or disable proxy",
 			},
 			&cli.IntFlag{
 				Name:  "weight",
 				Usage: "Set `WEIGHT` as proxy's weight",
 			},
 		),
 		Action: func(ctx *cli.Context) error {
 			baseFlags := clientFlag.GetBaseFlags(ctx)
@ -50,27 +39,29 @@ func UpdateCommand() *cli.Command {
 			opts := &client.UpdateProxyOptions{}
-			if ctx.IsSet("to") {
+			if ctx.IsSet(flag.KeyProxyTo) {
-				to := ctx.String("to")
+				to := ctx.String(flag.KeyProxyTo)
 				if _, err := url.Parse(to); err != nil {
-					return errors.Wrap(err, "'to' parameter should be a valid url")
+					return errors.Wrapf(err, "'%s' parameter should be a valid url", flag.KeyProxyTo)
 				}
 				opts.To = &to
 			}
-			from := ctx.StringSlice("from")
+			if ctx.IsSet(flag.KeyProxyFrom) {
 				from := ctx.StringSlice(flag.KeyProxyFrom)
 				if from != nil {
 					opts.From = from
 				}
 			}
-			if ctx.IsSet("weight") {
+			if ctx.IsSet(flag.KeyProxyWeight) {
-				weight := ctx.Int("weight")
+				weight := ctx.Int(flag.KeyProxyWeight)
 				opts.Weight = &weight
 			}
-			if ctx.IsSet("enabled") {
+			if ctx.IsSet(flag.KeyProxyEnabled) {
-				enabled := ctx.Bool("enabled")
+				enabled := ctx.Bool(flag.KeyProxyEnabled)
 				opts.Enabled = &enabled
 			}
--- a/internal/command/config/dump.go
+++ b/internal/command/config/dump.go
@ -18,6 +18,8 @@ func Dump() *cli.Command {
 		Usage: "Dump the current configuration",
 		Flags: flags,
 		Action: func(ctx *cli.Context) error {
 			logger.SetLevel(logger.LevelError)
 			conf, err := common.LoadConfig(ctx)
 			if err != nil {
 				return errors.Wrap(err, "Could not load configuration")
--- a/internal/command/main.go
+++ b/internal/command/main.go
@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func Main(buildDate, projectVersion, gitRef, defaultConfigPath string, commands ...*cli.Command) {
@ -29,6 +30,8 @@ func Main(buildDate, projectVersion, gitRef, defaultConfigPath string, commands
 			workdir := ctx.String("workdir")
 			// Switch to new working directory if defined
 			if workdir != "" {
 				logger.Info(ctx.Context, "changing working directory", logger.F("workdir", workdir))
 				if err := os.Chdir(workdir); err != nil {
 					return errors.Wrap(err, "could not change working directory")
 				}
@ -52,6 +55,7 @@ func Main(buildDate, projectVersion, gitRef, defaultConfigPath string, commands
 			&cli.StringFlag{
 				Name:    "workdir",
 				Value:   "",
 				EnvVars: []string{"BOUNCER_WORKDIR"},
 				Usage:   "The working directory",
 			},
 			&cli.StringFlag{
--- a/internal/command/server/proxy/run.go
+++ b/internal/command/server/proxy/run.go
@ -1,15 +1,11 @@
 package proxy
 import (
 	"context"
 	"fmt"
 	"strings"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/queue"
 	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
@ -32,7 +28,7 @@ func RunCommand() *cli.Command {
 			logger.SetFormat(logger.Format(conf.Logger.Format))
 			logger.SetLevel(logger.Level(conf.Logger.Level))
-			layers, err := initDirectorLayers(ctx.Context, conf)
+			layers, err := setup.GetLayers(ctx.Context, conf)
 			if err != nil {
 				return errors.Wrap(err, "could not initialize director layers")
 			}
@ -63,25 +59,3 @@ func RunCommand() *cli.Command {
 		},
 	}
 }
 func initDirectorLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
 	layers := make([]director.Layer, 0)
 	queue, err := initQueueLayer(ctx, conf)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not initialize queue layer")
 	}
 	layers = append(layers, queue)
 	return layers, nil
 }
 func initQueueLayer(ctx context.Context, conf *config.Config) (*queue.Queue, error) {
 	adapter, err := setup.NewQueueAdapter(ctx, conf.Redis)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	return queue.New(adapter), nil
 }
--- a/internal/config/admin_server.go
+++ b/internal/config/admin_server.go
@ -4,6 +4,7 @@ type AdminServerConfig struct {
 	HTTP    HTTPConfig    `yaml:"http"`
 	CORS    CORSConfig    `yaml:"cors"`
 	Auth    AuthConfig    `yaml:"auth"`
 	Metrics MetricsConfig `yaml:"metrics"`
 }
 func NewDefaultAdminServerConfig() AdminServerConfig {
@ -11,6 +12,7 @@ func NewDefaultAdminServerConfig() AdminServerConfig {
 		HTTP:    NewHTTPConfig("127.0.0.1", 8081),
 		CORS:    NewDefaultCORSConfig(),
 		Auth:    NewDefaultAuthConfig(),
 		Metrics: NewDefaultMetricsConfig(),
 	}
 }
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -14,6 +14,7 @@ type Config struct {
 	Proxy  ProxyServerConfig `yaml:"proxy"`
 	Redis  RedisConfig       `yaml:"redis"`
 	Logger LoggerConfig      `yaml:"logger"`
 	Layers LayersConfig      `yaml:"layers"`
 }
 // NewFromFile retrieves the configuration from the given file
@ -46,6 +47,7 @@ func NewDefault() *Config {
 		Proxy:  NewDefaultProxyServerConfig(),
 		Logger: NewDefaultLoggerConfig(),
 		Redis:  NewDefaultRedisConfig(),
 		Layers: NewDefaultLayersConfig(),
 	}
 }
--- a/internal/config/environment.go
+++ b/internal/config/environment.go
@ -4,6 +4,7 @@ import (
 	"os"
 	"regexp"
 	"strconv"
 	"time"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v3"
@ -123,3 +124,37 @@ func (iss *InterpolatedStringSlice) UnmarshalYAML(value *yaml.Node) error {
 	return nil
 }
 type InterpolatedDuration time.Duration
 func (id *InterpolatedDuration) UnmarshalYAML(value *yaml.Node) error {
 	var str string
 	if err := value.Decode(&str); err != nil {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
 	}
 	if match := reVar.FindStringSubmatch(str); len(match) > 0 {
 		str = os.Getenv(match[1])
 	}
 	duration, err := time.ParseDuration(str)
 	if err != nil {
 		return errors.Wrapf(err, "could not parse duration '%v',  line '%d'", str, value.Line)
 	}
 	*id = InterpolatedDuration(duration)
 	return nil
 }
 func (id *InterpolatedDuration) MarshalYAML() (interface{}, error) {
 	duration := time.Duration(*id)
 	return duration.String(), nil
 }
 func NewInterpolatedDuration(d time.Duration) *InterpolatedDuration {
 	id := InterpolatedDuration(d)
 	return &id
 }
--- a/internal/config/layers.go
+++ b/internal/config/layers.go
@ -0,0 +1,21 @@
 package config
 import "time"
 type LayersConfig struct {
 	Queue QueueLayerConfig `yaml:"queue"`
 }
 func NewDefaultLayersConfig() LayersConfig {
 	return LayersConfig{
 		Queue: QueueLayerConfig{
 			TemplateDir:      "./layers/queue/templates",
 			DefaultKeepAlive: NewInterpolatedDuration(time.Minute),
 		},
 	}
 }
 type QueueLayerConfig struct {
 	TemplateDir      InterpolatedString    `yaml:"templateDir"`
 	DefaultKeepAlive *InterpolatedDuration `yaml:"defaultKeepAlive"`
 }
--- a/internal/config/logger.go
+++ b/internal/config/logger.go
@ -9,7 +9,7 @@ type LoggerConfig struct {
 func NewDefaultLoggerConfig() LoggerConfig {
 	return LoggerConfig{
-		Level:  InterpolatedInt(logger.LevelInfo),
+		Level:  InterpolatedInt(logger.LevelError),
 		Format: InterpolatedString(logger.FormatHuman),
 	}
 }
--- a/internal/config/metrics.go
+++ b/internal/config/metrics.go
@ -0,0 +1,35 @@
 package config
 import "fmt"
 type MetricsConfig struct {
 	Enabled   InterpolatedBool   `yaml:"enabled"`
 	Endpoint  InterpolatedString `yaml:"endpoint"`
 	BasicAuth *BasicAuthConfig   `yaml:"basicAuth"`
 }
 type BasicAuthConfig struct {
 	Credentials *InterpolatedMap `yaml:"credentials"`
 }
 func (c *BasicAuthConfig) CredentialsMap() map[string]string {
 	if c.Credentials == nil {
 		return map[string]string{}
 	}
 	credentials := make(map[string]string, len(*c.Credentials))
 	for k, v := range *c.Credentials {
 		credentials[k] = fmt.Sprintf("%v", v)
 	}
 	return credentials
 }
 func NewDefaultMetricsConfig() MetricsConfig {
 	return MetricsConfig{
 		Enabled:   true,
 		Endpoint:  "/.bouncer/metrics",
 		BasicAuth: nil,
 	}
 }
--- a/internal/config/proxy_server.go
+++ b/internal/config/proxy_server.go
@ -2,10 +2,12 @@ package config
 type ProxyServerConfig struct {
 	HTTP    HTTPConfig    `yaml:"http"`
 	Metrics MetricsConfig `yaml:"metrics"`
 }
 func NewDefaultProxyServerConfig() ProxyServerConfig {
 	return ProxyServerConfig{
 		HTTP:    NewHTTPConfig("0.0.0.0", 8080),
 		Metrics: NewDefaultMetricsConfig(),
 	}
 }
--- a/internal/proxy/director/director.go
+++ b/internal/proxy/director/director.go
@ -10,6 +10,7 @@ import (
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	"gitlab.com/wpetit/goweb/logger"
 )
@ -59,6 +60,8 @@ MAIN:
 		logger.F("remoteAddr", r.RemoteAddr),
 	)
 	metricProxyRequestsTotal.With(prometheus.Labels{metricLabelProxy: string(match.Name)}).Add(1)
 	ctx = withProxy(ctx, match)
 	layers, err := d.getLayers(ctx, match.Name)
--- a/internal/proxy/director/layer/queue/adapter.go
+++ b/internal/proxy/director/layer/queue/adapter.go
--- a/internal/proxy/director/layer/queue/debouncer.go
+++ b/internal/proxy/director/layer/queue/debouncer.go
@ -0,0 +1,73 @@
 package queue
 import (
 	"sync"
 	"time"
 	"github.com/pkg/errors"
 )
 type DebouncerMap struct {
 	debouncers sync.Map
 }
 func NewDebouncerMap() *DebouncerMap {
 	return &DebouncerMap{
 		debouncers: sync.Map{},
 	}
 }
 func (m *DebouncerMap) Do(key string, after time.Duration, fn func()) {
 	newDebouncer := NewDebouncer(after)
 	rawDebouncer, loaded := m.debouncers.LoadOrStore(key, newDebouncer)
 	debouncer, ok := rawDebouncer.(*Debouncer)
 	if !ok {
 		panic(errors.Errorf("unexpected debouncer value, expected '%T', got '%T'", newDebouncer, rawDebouncer))
 	}
 	if loaded {
 		debouncer.Update(after)
 	}
 	debouncer.Do(fn)
 }
 func NewDebouncer(after time.Duration) *Debouncer {
 	return &Debouncer{after: after}
 }
 type Debouncer struct {
 	mu    sync.Mutex
 	after time.Duration
 	timer *time.Timer
 	fn    func()
 }
 func (d *Debouncer) Do(fn func()) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
 	if d.timer != nil {
 		d.timer.Stop()
 	}
 	d.fn = fn
 	d.timer = time.AfterFunc(d.after, d.fn)
 }
 func (d *Debouncer) Update(after time.Duration) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
 	if after == d.after {
 		return
 	}
 	if d.timer != nil {
 		d.timer.Stop()
 	}
 	d.after = after
 	d.timer = time.AfterFunc(d.after, d.fn)
 }
--- a/internal/proxy/director/layer/queue/layer_options.go
+++ b/internal/proxy/director/layer/queue/layer_options.go
@ -15,11 +15,11 @@ type LayerOptions struct {
 	KeepAlive time.Duration `mapstructure:"keepAlive"`
 }
-func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
+func fromStoreOptions(storeOptions store.LayerOptions, defaultKeepAlive time.Duration) (*LayerOptions, error) {
 	layerOptions := LayerOptions{
 		Capacity:  1000,
 		Matchers:  []string{"*"},
-		KeepAlive: 30 * time.Second,
+		KeepAlive: defaultKeepAlive,
 	}
 	config := mapstructure.DecoderConfig{
--- a/internal/proxy/director/layer/queue/metrics.go
+++ b/internal/proxy/director/layer/queue/metrics.go
@ -0,0 +1,31 @@
 package queue
 import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 )
 const (
 	metricNamespace  = "bouncer_layer_queue"
 	metricLabelProxy = "proxy"
 	metricLabelLayer = "layer"
 )
 var (
 	metricQueueSessions = promauto.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Name:      "sessions",
 			Help:      "Bouncer's queue layer current sessions",
 			Namespace: metricNamespace,
 		},
 		[]string{metricLabelProxy, metricLabelLayer},
 	)
 	metricQueueCapacity = promauto.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Name:      "capacity",
 			Help:      "Bouncer's queue layer capacity",
 			Namespace: metricNamespace,
 		},
 		[]string{metricLabelProxy, metricLabelLayer},
 	)
 )
--- a/internal/proxy/director/layer/queue/options.go
+++ b/internal/proxy/director/layer/queue/options.go
@ -0,0 +1,29 @@
 package queue
 import "time"
 type Options struct {
 	TemplateDir      string
 	DefaultKeepAlive time.Duration
 }
 type OptionFunc func(*Options)
 func defaultOptions() *Options {
 	return &Options{
 		TemplateDir:      "./templates",
 		DefaultKeepAlive: time.Minute,
 	}
 }
 func WithTemplateDir(templateDir string) OptionFunc {
 	return func(o *Options) {
 		o.TemplateDir = templateDir
 	}
 }
 func WithDefaultKeepAlive(keepAlive time.Duration) OptionFunc {
 	return func(o *Options) {
 		o.DefaultKeepAlive = keepAlive
 	}
 }
--- a/internal/proxy/director/layer/queue/queue.go
+++ b/internal/proxy/director/layer/queue/queue.go
@ -0,0 +1,263 @@
 package queue
 import (
 	"context"
 	"fmt"
 	"html/template"
 	"math/rand"
 	"net/http"
 	"path/filepath"
 	"sync"
 	"sync/atomic"
 	"time"
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/Masterminds/sprig/v3"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	"gitlab.com/wpetit/goweb/logger"
 )
 const LayerType store.LayerType = "queue"
 type Queue struct {
 	adapter Adapter
 	defaultKeepAlive time.Duration
 	templateDir string
 	loadOnce    sync.Once
 	tmpl        *template.Template
 	refreshJobRunning       uint32
 	updateMetricsJobRunning uint32
 	postKeepAliveDebouncer  *DebouncerMap
 }
 // LayerType implements director.MiddlewareLayer
 func (q *Queue) LayerType() store.LayerType {
 	return LayerType
 }
 // Middleware implements director.MiddlewareLayer
 func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 	return func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
 			if err != nil {
 				logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err)))
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return
 			}
 			defer q.updateMetrics(ctx, layer.Proxy, layer.Name, options)
 			cookieName := q.getCookieName(layer.Name)
 			cookie, err := r.Cookie(cookieName)
 			if err != nil && !errors.Is(err, http.ErrNoCookie) {
 				logger.Error(ctx, "could not retrieve cookie", logger.E(errors.WithStack(err)))
 			}
 			if cookie == nil {
 				cookie = &http.Cookie{
 					Name:  cookieName,
 					Value: uuid.NewString(),
 					Path:  "/",
 				}
 				w.Header().Add("Set-Cookie", cookie.String())
 			}
 			sessionID := cookie.Value
 			queueName := string(layer.Name)
 			rank, err := q.adapter.Touch(ctx, queueName, sessionID)
 			if err != nil {
 				logger.Error(ctx, "could not retrieve session rank", logger.E(errors.WithStack(err)))
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return
 			}
 			if rank >= options.Capacity {
 				q.renderQueuePage(w, r, queueName, options, rank)
 				return
 			}
 			ctx = logger.With(ctx,
 				logger.F("queueSessionId", sessionID),
 				logger.F("queueName", queueName),
 				logger.F("queueSessionRank", rank),
 			)
 			r = r.WithContext(ctx)
 			h.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 func (q *Queue) updateSessionsMetric(ctx context.Context, proxyName store.ProxyName, layerName store.LayerName) {
 	if !atomic.CompareAndSwapUint32(&q.updateMetricsJobRunning, 0, 1) {
 		return
 	}
 	defer atomic.StoreUint32(&q.updateMetricsJobRunning, 0)
 	queueName := string(layerName)
 	status, err := q.adapter.Status(ctx, queueName)
 	if err != nil {
 		logger.Error(ctx, "could not retrieve queue status", logger.E(errors.WithStack(err)))
 		return
 	}
 	metricQueueSessions.With(
 		prometheus.Labels{
 			metricLabelLayer: string(layerName),
 			metricLabelProxy: string(proxyName),
 		},
 	).Set(float64(status.Sessions))
 }
 func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueName string, options *LayerOptions, rank int64) {
 	ctx := r.Context()
 	status, err := q.adapter.Status(ctx, queueName)
 	if err != nil {
 		logger.Error(ctx, "could not retrieve queue status", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 	q.loadOnce.Do(func() {
 		pattern := filepath.Join(q.templateDir, "*.gohtml")
 		logger.Info(ctx, "loading queue page templates", logger.F("pattern", pattern))
 		tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
 		if err != nil {
 			logger.Error(ctx, "could not load queue templates", logger.E(errors.WithStack(err)))
 			return
 		}
 		q.tmpl = tmpl
 	})
 	if q.tmpl == nil {
 		logger.Error(ctx, "queue page templates not loaded", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 	refreshRate := time.Duration(int64(options.KeepAlive.Seconds()/2)) * time.Second
 	templateData := struct {
 		QueueName       string
 		LayerOptions    *LayerOptions
 		Rank            int64
 		CurrentSessions int64
 		MaxSessions     int64
 		RefreshRate     time.Duration
 	}{
 		QueueName:       queueName,
 		LayerOptions:    options,
 		Rank:            rank + 1,
 		CurrentSessions: status.Sessions,
 		MaxSessions:     options.Capacity,
 		RefreshRate:     refreshRate,
 	}
 	w.WriteHeader(http.StatusServiceUnavailable)
 	if err := q.tmpl.ExecuteTemplate(w, "queue", templateData); err != nil {
 		logger.Error(ctx, "could not render queue page", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 }
 func (q *Queue) refreshQueue(ctx context.Context, layerName store.LayerName, keepAlive time.Duration) {
 	if !atomic.CompareAndSwapUint32(&q.refreshJobRunning, 0, 1) {
 		return
 	}
 	defer atomic.StoreUint32(&q.refreshJobRunning, 0)
 	if err := q.adapter.Refresh(ctx, string(layerName), keepAlive); err != nil {
 		logger.Error(ctx, "could not refresh queue",
 			logger.E(errors.WithStack(err)),
 			logger.F("queue", layerName),
 		)
 	}
 }
 func (q *Queue) updateMetrics(ctx context.Context, proxyName store.ProxyName, layerName store.LayerName, options *LayerOptions) {
 	// Update queue capacity metric
 	metricQueueCapacity.With(
 		prometheus.Labels{
 			metricLabelLayer: string(layerName),
 			metricLabelProxy: string(proxyName),
 		},
 	).Set(float64(options.Capacity))
 	// Refresh queue data and metrics
 	q.refreshQueue(ctx, layerName, options.KeepAlive)
 	q.updateSessionsMetric(ctx, proxyName, layerName)
 	// (Re)schedule an update job after session ttl + semi-random time padding
 	// to update metrics after last session expiration
 	randDuration := rand.Int63n(int64(options.KeepAlive))
 	timePadding := options.KeepAlive/2 + time.Duration(randDuration)
 	after := options.KeepAlive + timePadding
 	debouncingKey := fmt.Sprintf("%s/%s", proxyName, layerName)
 	q.postKeepAliveDebouncer.Do(debouncingKey, after, func() {
 		ctx := logger.With(
 			context.Background(),
 			logger.F("proxy", proxyName),
 			logger.F("layer", layerName),
 			logger.F("after", after),
 		)
 		logger.Info(ctx, "running post keep alive refresh job")
 		q.refreshQueue(ctx, layerName, options.KeepAlive)
 		q.updateSessionsMetric(ctx, proxyName, layerName)
 	})
 }
 func (q *Queue) getCookieName(layerName store.LayerName) string {
 	return fmt.Sprintf("_%s_%s", LayerType, layerName)
 }
 func New(adapter Adapter, funcs ...OptionFunc) *Queue {
 	opts := defaultOptions()
 	for _, fn := range funcs {
 		fn(opts)
 	}
 	return &Queue{
 		adapter:                adapter,
 		templateDir:            opts.TemplateDir,
 		defaultKeepAlive:       opts.DefaultKeepAlive,
 		postKeepAliveDebouncer: NewDebouncerMap(),
 	}
 }
 var _ director.MiddlewareLayer = &Queue{}
--- a/internal/proxy/director/layer/queue/redis/adapter.go
+++ b/internal/proxy/director/layer/queue/redis/adapter.go
@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
-	"forge.cadoles.com/cadoles/bouncer/internal/queue"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
 	"github.com/pkg/errors"
 	"github.com/redis/go-redis/v9"
 )
--- a/internal/proxy/director/layer/queue/schema.go
+++ b/internal/proxy/director/layer/queue/schema.go
@ -0,0 +1,8 @@
 package queue
 import (
 	_ "embed"
 )
 //go:embed schema/layer-options.json
 var RawLayerOptionsSchema []byte
--- a/internal/proxy/director/layer/queue/schema/layer-options.json
+++ b/internal/proxy/director/layer/queue/schema/layer-options.json
@ -7,12 +7,6 @@
            "type": "number",
            "minimum": 0
        },
        "matchers": {
            "type": "array",
            "items": {
                "type": "string"
            }
        },
        "keepAlive": {
            "type": "string"
        }
--- a/internal/proxy/director/metrics.go
+++ b/internal/proxy/director/metrics.go
@ -0,0 +1,20 @@
 package director
 import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 )
 const (
 	metricNamespace  = "bouncer_proxy_director"
 	metricLabelProxy = "proxy"
 )
 var metricProxyRequestsTotal = promauto.NewCounterVec(
 	prometheus.CounterOpts{
 		Name:      "proxy_requests_total",
 		Help:      "Bouncer proxy total requests",
 		Namespace: metricNamespace,
 	},
 	[]string{metricLabelProxy},
 )
--- a/internal/proxy/server.go
+++ b/internal/proxy/server.go
@ -15,6 +15,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"gitlab.com/wpetit/goweb/logger"
 )
@ -84,7 +85,28 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 	)
 	router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter()))
-	router.Use(director.Middleware())
+
 	if s.serverConfig.Metrics.Enabled {
 		metrics := s.serverConfig.Metrics
 		logger.Info(ctx, "enabling metrics", logger.F("endpoint", metrics.Endpoint))
 		router.Group(func(r chi.Router) {
 			if metrics.BasicAuth != nil {
 				logger.Info(ctx, "enabling authentication on metrics endpoint")
 				r.Use(middleware.BasicAuth(
 					"metrics",
 					metrics.BasicAuth.CredentialsMap(),
 				))
 			}
 			r.Handle(string(metrics.Endpoint), promhttp.Handler())
 		})
 	}
 	router.Group(func(r chi.Router) {
 		r.Use(director.Middleware())
 		handler := proxy.New(
 			proxy.WithRequestTransformers(
@ -95,7 +117,8 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 			),
 		)
-	router.Handle("/*", handler)
+		r.Handle("/*", handler)
 	})
 	if err := http.Serve(listener, router); err != nil && !errors.Is(err, net.ErrClosed) {
 		errs <- errors.WithStack(err)
--- a/internal/queue/options.go
+++ b/internal/queue/options.go
@ -1,9 +0,0 @@
 package queue
 type Options struct{}
 type OptionFunc func(*Options)
 func defaultOptions() *Options {
 	return &Options{}
 }
--- a/internal/queue/queue.go
+++ b/internal/queue/queue.go
@ -1,143 +0,0 @@
 package queue
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"sync/atomic"
 	"time"
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 )
 const LayerType store.LayerType = "queue"
 type Queue struct {
 	adapter           Adapter
 	refreshJobRunning uint32
 }
 // LayerType implements director.MiddlewareLayer
 func (q *Queue) LayerType() store.LayerType {
 	return LayerType
 }
 // Middleware implements director.MiddlewareLayer
 func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 	return func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			options, err := fromStoreOptions(layer.Options)
 			if err != nil {
 				logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err)))
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return
 			}
 			cookieName := q.getCookieName(layer.Name)
 			cookie, err := r.Cookie(cookieName)
 			if err != nil && !errors.Is(err, http.ErrNoCookie) {
 				logger.Error(ctx, "could not retrieve cookie", logger.E(errors.WithStack(err)))
 			}
 			if cookie == nil {
 				cookie = &http.Cookie{
 					Name:  cookieName,
 					Value: uuid.NewString(),
 					Path:  "/",
 				}
 				w.Header().Add("Set-Cookie", cookie.String())
 			}
 			sessionID := cookie.Value
 			queueName := string(layer.Name)
 			q.refreshQueue(queueName, options.KeepAlive)
 			rank, err := q.adapter.Touch(ctx, queueName, sessionID)
 			if err != nil {
 				logger.Error(ctx, "could not retrieve session rank", logger.E(errors.WithStack(err)))
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return
 			}
 			if rank >= options.Capacity {
 				q.renderQueuePage(w, r, queueName, options, rank)
 				return
 			}
 			ctx = logger.With(ctx,
 				logger.F("queueSessionId", sessionID),
 				logger.F("queueName", queueName),
 				logger.F("queueSessionRank", rank),
 			)
 			r = r.WithContext(ctx)
 			h.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueName string, options *LayerOptions, rank int64) {
 	ctx := r.Context()
 	status, err := q.adapter.Status(ctx, queueName)
 	if err != nil {
 		logger.Error(ctx, "could not retrieve queue status", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 	http.Error(w, fmt.Sprintf("queued (rank: %d, status: %d/%d)", rank+1, status.Sessions, options.Capacity), http.StatusServiceUnavailable)
 }
 func (q *Queue) refreshQueue(queueName string, keepAlive time.Duration) {
 	if !atomic.CompareAndSwapUint32(&q.refreshJobRunning, 0, 1) {
 		return
 	}
 	go func() {
 		defer atomic.StoreUint32(&q.refreshJobRunning, 0)
 		ctx, cancel := context.WithTimeout(context.Background(), keepAlive*2)
 		defer cancel()
 		if err := q.adapter.Refresh(ctx, queueName, keepAlive); err != nil {
 			logger.Error(ctx, "could not refresh queue",
 				logger.E(errors.WithStack(err)),
 				logger.F("queue", queueName),
 			)
 		}
 	}()
 }
 func (q *Queue) getCookieName(layerName store.LayerName) string {
 	return fmt.Sprintf("_%s_%s", LayerType, layerName)
 }
 func New(adapter Adapter, funcs ...OptionFunc) *Queue {
 	opts := defaultOptions()
 	for _, fn := range funcs {
 		fn(opts)
 	}
 	return &Queue{
 		adapter: adapter,
 	}
 }
 var _ director.MiddlewareLayer = &Queue{}
--- a/internal/queue/schema.go
+++ b/internal/queue/schema.go
@ -1,20 +0,0 @@
 package queue
 import (
 	_ "embed"
 	"forge.cadoles.com/cadoles/bouncer/internal/schema"
 	"github.com/pkg/errors"
 )
 //go:embed schema/layer-options.json
 var rawLayerOptionsSchema []byte
 func init() {
 	layerOptionsSchema, err := schema.Parse(rawLayerOptionsSchema)
 	if err != nil {
 		panic(errors.Wrap(err, "could not parse queue layer options schema"))
 	}
 	schema.RegisterLayerOptionsSchema(LayerType, layerOptionsSchema)
 }
--- a/internal/schema/load.go
+++ b/internal/schema/load.go
@ -7,8 +7,10 @@ import (
 	"github.com/qri-io/jsonschema"
 )
-func Parse(data []byte) (*jsonschema.Schema, error) {
+type Schema = jsonschema.Schema
-	var schema jsonschema.Schema
+
 func Parse(data []byte) (*Schema, error) {
 	var schema Schema
 	if err := json.Unmarshal(data, &schema); err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/internal/schema/registry.go
+++ b/internal/schema/registry.go
@ -1,56 +0,0 @@
 package schema
 import (
 	"context"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/qri-io/jsonschema"
 )
 var defaultRegistry = NewRegistry()
 func RegisterLayerOptionsSchema(layerType store.LayerType, schema *jsonschema.Schema) {
 	defaultRegistry.RegisterLayerOptionsSchema(layerType, schema)
 }
 func ValidateLayerOptions(ctx context.Context, layerType store.LayerType, options *store.LayerOptions) error {
 	if err := defaultRegistry.ValidateLayerOptions(ctx, layerType, options); err != nil {
 		return errors.WithStack(err)
 	}
 	return nil
 }
 type Registry struct {
 	layerOptionSchemas map[store.LayerType]*jsonschema.Schema
 }
 func (r *Registry) RegisterLayerOptionsSchema(layerType store.LayerType, schema *jsonschema.Schema) {
 	r.layerOptionSchemas[layerType] = schema
 }
 func (r *Registry) ValidateLayerOptions(ctx context.Context, layerType store.LayerType, options *store.LayerOptions) error {
 	schema, exists := r.layerOptionSchemas[layerType]
 	if !exists {
 		return errors.WithStack(ErrSchemaNotFound)
 	}
 	rawOptions := func(opts *store.LayerOptions) map[string]any {
 		return *opts
 	}(options)
 	state := schema.Validate(ctx, rawOptions)
 	if len(*state.Errs) > 0 {
 		return errors.WithStack(NewInvalidDataError(*state.Errs...))
 	}
 	return nil
 }
 func NewRegistry() *Registry {
 	return &Registry{
 		layerOptionSchemas: make(map[store.LayerType]*jsonschema.Schema),
 	}
 }
--- a/internal/schema/validate.go
+++ b/internal/schema/validate.go
@ -0,0 +1,17 @@
 package schema
 import (
 	"context"
 	"github.com/pkg/errors"
 )
 func Validate(ctx context.Context, schema *Schema, data map[string]any) error {
 	state := schema.Validate(ctx, data)
 	if len(*state.Errs) > 0 {
 		return errors.WithStack(NewInvalidDataError(*state.Errs...))
 	}
 	return nil
 }
--- a/internal/setup/default_registry.go
+++ b/internal/setup/default_registry.go
@ -0,0 +1,43 @@
 package setup
 import (
 	"context"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/qri-io/jsonschema"
 )
 var defaultRegistry = NewRegistry()
 func RegisterLayer(layerType store.LayerType, setupFunc LayerSetupFunc, rawOptionsSchema []byte) {
 	defaultRegistry.RegisterLayer(layerType, setupFunc, rawOptionsSchema)
 }
 func GetLayerOptionsSchema(layerType store.LayerType) (*jsonschema.Schema, error) {
 	schema, err := defaultRegistry.GetLayerOptionsSchema(layerType)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	return schema, nil
 }
 func GetLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
 	layers, err := defaultRegistry.GetLayers(ctx, conf)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	return layers, nil
 }
 func GetLayerTypes() []store.LayerType {
 	return defaultRegistry.GetLayerTypes()
 }
 func LayerTypeExists(layerType store.LayerType) bool {
 	return defaultRegistry.LayerTypeExists(layerType)
 }
--- a/internal/setup/error.go
+++ b/internal/setup/error.go
@ -0,0 +1,5 @@
 package setup
 import "errors"
 var ErrNotFound = errors.New("not found")
--- a/internal/setup/queue_layer.go
+++ b/internal/setup/queue_layer.go
@ -0,0 +1,45 @@
 package setup
 import (
 	"time"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
 	queueRedis "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue/redis"
 	"github.com/pkg/errors"
 	"github.com/redis/go-redis/v9"
 )
 func init() {
 	RegisterLayer(queue.LayerType, setupQueueLayer, queue.RawLayerOptionsSchema)
 }
 func setupQueueLayer(conf *config.Config) (director.Layer, error) {
 	adapter, err := newQueueAdapter(conf.Redis)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	options := []queue.OptionFunc{
 		queue.WithTemplateDir(string(conf.Layers.Queue.TemplateDir)),
 	}
 	if conf.Layers.Queue.DefaultKeepAlive != nil {
 		options = append(options, queue.WithDefaultKeepAlive(time.Duration(*conf.Layers.Queue.DefaultKeepAlive)))
 	}
 	return queue.New(
 		adapter,
 		options...,
 	), nil
 }
 func newQueueAdapter(redisConf config.RedisConfig) (queue.Adapter, error) {
 	rdb := redis.NewUniversalClient(&redis.UniversalOptions{
 		Addrs:      redisConf.Adresses,
 		MasterName: string(redisConf.Master),
 	})
 	return queueRedis.NewAdapter(rdb, 2), nil
 }
--- a/internal/setup/queue_repository.go
+++ b/internal/setup/queue_repository.go
@ -1,20 +0,0 @@
 package setup
 import (
 	"context"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/queue"
 	"github.com/redis/go-redis/v9"
 	queueRedis "forge.cadoles.com/cadoles/bouncer/internal/queue/redis"
 )
 func NewQueueAdapter(ctx context.Context, conf config.RedisConfig) (queue.Adapter, error) {
 	rdb := redis.NewUniversalClient(&redis.UniversalOptions{
 		Addrs:      conf.Adresses,
 		MasterName: string(conf.Master),
 	})
 	return queueRedis.NewAdapter(rdb, 2), nil
 }
--- a/internal/setup/registry.go
+++ b/internal/setup/registry.go
@ -0,0 +1,80 @@
 package setup
 import (
 	"context"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/schema"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 )
 type layerEntry struct {
 	setup            LayerSetupFunc
 	rawOptionsSchema []byte
 }
 type Registry struct {
 	layers map[store.LayerType]layerEntry
 }
 type LayerSetupFunc func(*config.Config) (director.Layer, error)
 func (r *Registry) RegisterLayer(layerType store.LayerType, layerSetup LayerSetupFunc, rawOptionsSchema []byte) {
 	r.layers[layerType] = layerEntry{
 		setup:            layerSetup,
 		rawOptionsSchema: rawOptionsSchema,
 	}
 }
 func (r *Registry) GetLayerOptionsSchema(layerType store.LayerType) (*schema.Schema, error) {
 	layerEntry, exists := r.layers[layerType]
 	if !exists {
 		return nil, errors.WithStack(ErrNotFound)
 	}
 	schema, err := schema.Parse(layerEntry.rawOptionsSchema)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	return schema, nil
 }
 func (r *Registry) GetLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
 	layers := make([]director.Layer, 0, len(r.layers))
 	for layerType, layerEntry := range r.layers {
 		layer, err := layerEntry.setup(conf)
 		if err != nil {
 			return nil, errors.Wrapf(err, "could not create layer '%s'", layerType)
 		}
 		layers = append(layers, layer)
 	}
 	return layers, nil
 }
 func (r *Registry) LayerTypeExists(layerType store.LayerType) bool {
 	_, exists := r.layers[layerType]
 	return exists
 }
 func (r *Registry) GetLayerTypes() []store.LayerType {
 	layerTypes := make([]store.LayerType, 0, len(r.layers))
 	for layerType := range r.layers {
 		layerTypes = append(layerTypes, layerType)
 	}
 	return layerTypes
 }
 func NewRegistry() *Registry {
 	return &Registry{
 		layers: make(map[store.LayerType]layerEntry),
 	}
 }
--- a/layers/queue/templates/queue.gohtml
+++ b/layers/queue/templates/queue.gohtml
@ -0,0 +1,84 @@
 {{ define "queue" }}
 <!DOCTYPE html>
 <html>
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width,initial-scale=1">
        <title>Veuillez patienter - {{ .QueueName }}</title>
        <meta http-equiv="refresh" content="{{ .RefreshRate.Seconds }}">
        <style>
            html {
              box-sizing: border-box;
              font-size: 16px;
            }
            *, *:before, *:after {
              box-sizing: inherit;
            }
            body, h1, h2, h3, h4, h5, h6, p, ol, ul {
              margin: 0;
              padding: 0;
              font-weight: normal;
            }
            html, body {
              width: 100%;
              height: 100%;
              font-family: Arial, Helvetica, sans-serif;
              background-color: #f7f7f7;
            }
            #container {
              display: flex;
              align-items: center;
              justify-content: center;
              height: 100%;
              flex-direction: column;
            }
            #queue {
              padding: 1.5em 1em;
              border: 1px solid #e0e0e0;
              background-color: white;
              border-radius: 5px;
              box-shadow: 2px 2px #cccccc1c;
              color: #333333 !important;
            }
            .title {
              margin-bottom: 1.2em;
            }
            p {
              margin-bottom: 0.5em;
            }
            .text-centered {
              text-align: center;
            }
            .footer {
              font-size: 0.7em;
              margin-top: 2em;
              text-align: right;
            }
        </style>
    </head>
    <body>
        <div id="container">
            <div id="queue">
                <h2 class="title">Un instant s'il vous plaît...</h2>
                <p>Le site auquel vous souhaitez accéder est actuellement surchargé.</p>
                {{ $rank := sub .Rank .MaxSessions }}
                {{ $waiting := sub .CurrentSessions .MaxSessions }}
                <p class="text-centered">
                  <b>Position: {{ $rank }}</b> <em>(sur {{ $waiting }} en attente)</em>
                </p>
                <p class="text-centered"><em>Cette page se rafraîchira automatiquement lorsqu'une place sera disponible.</em></p>
                <p class="footer">Propulsé par <a href="https://forge.cadoles.com/Cadoles/bouncer">Bouncer</a>.</p>
            </div>
        </div>
    </body>
 </html>
 {{ end }}
--- a/misc/logo/bouncer.png
+++ b/misc/logo/bouncer.png
--- a/misc/packaging/common/config.yml
+++ b/misc/packaging/common/config.yml
@ -1,10 +1,18 @@
 # Configuration du service "admin"
 admin:
    http:
        # Hôte d'écoute du service, 
        # 0.0.0.0 pour écouter sur toutes les interfaces
        host: 127.0.0.1
        # Port d'écoute du service
        port: 8081
    # Configuration CORS du service
    # Uniquement nécessaire si un frontend web
    # est branché sur l'API d'administration.
    cors:
        allowedOrigins:
-            - http://localhost:3001
+            - http://localhost:8081
        allowCredentials: true
        allowMethods:
            - POST
@ -18,17 +26,75 @@ admin:
            - Authorization
            - Sentry-Trace
        debug: false
    # Authentification JWT
    auth:
        # Origine du jeton JWT
        issuer: http://127.0.0.1:8081
        # Clé privée permettant de signer les jetons
        # JWT générés pour l'usage de l'API d'administration.
        privateKey: /etc/bouncer/admin-key.json
    # Métriques Prometheus
    metrics:
        # Activer ou désactiver la publication des métriques
        enabled: true
        # Route de publication des métriques
        endpoint: /.bouncer/metrics
        # Authentification "basic auth" sur la page
        # de publication
        # Mettre à null pour désactiver l'authentification
        basicAuth: null
 # Configuration du service "proxy"
 proxy:
    http:
        # Hôte d'écoute du service, 
        # 0.0.0.0 pour écouter sur toutes les interfaces
        host: 0.0.0.0
        # Port d'écoute du service
        port: 8080
    # Métriques Prometheus
    metrics:
        # Activer ou désactiver la publication des métriques
        enabled: true
        # Route de publication des métriques
        endpoint: /.bouncer/metrics
        # Authentification "basic auth" sur la page
        # de publication
        # Mettre à null pour désactiver l'authentification
        basicAuth:
            prom: etheus
 # Configuration du client Redis
 #
 # Les modes "standalone", "sentinel" et "cluster" de Redis sont supportés:
 # - Mode "standalone": renseigner une seule entrée dans redis.addresses;
 # - Mode "sentinel": renseigner une adresse dans redis.master et une ou plusieurs adresses dans redis.addresses;
 # - Mode "cluster": renseigner plusieurs adresses dans redis.addresses et laisser redis.master vide.
 redis:
    addresses:
        - localhost:6379
    master: ""
 # Configuration des logs
 logger:
    # Niveau de verbosité
    # 0 - DEBUG
    # 1 - INFO
    # 2 - WARNING
    # 3 - ERROR
    # 4 - FATAL
    level: 1
    # Format des logs, "human" ou "json"
    format: human
 # Configuration des différents layers
 layers:
    # Configuration du layer "queue"
    queue:
        # Répertoire contenant les templates
        templateDir: "/etc/bouncer/layers/queue/templates"
        # Temps de vie par défaut d'une session
        defaultKeepAlive: 1m
--- a/misc/packaging/openrc/bouncer-admin.openrc.sh
+++ b/misc/packaging/openrc/bouncer-admin.openrc.sh
@ -6,10 +6,6 @@ supervisor=supervise-daemon
 output_log="/var/log/bouncer/admin.log"
 error_log="$output_log"
 start_pre() {
    /usr/bin/bouncer --workdir /usr/share/bouncer --config /etc/bouncer/config.yml database migrate
 }
 depend() {
    need net
 }
--- a/misc/packaging/openrc/bouncer-proxy.openrc.sh
+++ b/misc/packaging/openrc/bouncer-proxy.openrc.sh
@ -6,10 +6,6 @@ supervisor=supervise-daemon
 output_log="/var/log/bouncer/proxy.log"
 error_log="$output_log"
 start_pre() {
    /usr/bin/bouncer --workdir /usr/share/bouncer --config /etc/bouncer/config.yml database migrate
 }
 depend() {
    need net
 }
--- a/modd.conf
+++ b/modd.conf
@ -2,13 +2,14 @@
 internal/**/*.json
 modd.conf
 config.yml
 layers/**
 .env {
    prep: make RUN_INSTALL_TESTS=no GOTEST_ARGS="-short" test
    prep: make build-bouncer
    prep: make config.yml
    prep: make .bouncer-token
-    daemon: make run BOUNCER_CMD="--config config.yml server admin run"
+    daemon: make run BOUNCER_CMD="--debug --config config.yml server admin run"
-    daemon: make run BOUNCER_CMD="--config config.yml server proxy run"
+    daemon: make run BOUNCER_CMD="--debug --config config.yml server proxy run"
 }
 {
Author	SHA1	Message	Date
William Petit	74409f18e8	feat: update packaged configuration All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-30 17:51:01 -06:00
wpetit	ab7f64a684	Merge pull request 'Métriques de base Prometheus' (#4 ) from metrics into develop All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details Reviewed-on: #4	2023-07-01 01:32:10 +02:00
William Petit	d5cc15de3b	chore: run service in debug mode by default All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details Cadoles/bouncer/pipeline/pr-develop This commit looks good Details	2023-06-30 10:26:52 -06:00
William Petit	56609ec316	feat: add basic prometheus metrics integration Some checks reported errors Cadoles/bouncer/pipeline/head Something is wrong with the build of this commit Details	2023-06-30 10:26:27 -06:00
William Petit	5bf391b6bf	fix(docker): add layers templates in image All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-29 20:36:11 -06:00
William Petit	74928fe413	chore: add log message for workdir and configuration loading All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-29 20:16:25 -06:00
William Petit	ff1d01828d	fix: docker image build All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-29 20:14:20 -06:00
William Petit	851f5d64cc	doc: add getting started with sources tutorial	2023-06-29 20:13:21 -06:00
William Petit	e0d81c061b	chore: add png logo All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-29 14:45:47 -06:00
wpetit	440d467938	fix(doc): bad link All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-26 16:37:55 +02:00
wpetit	f8d33299b9	fix(doc): typo All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-26 14:25:42 +02:00
wpetit	6fed6358b2	fix(doc): typo Some checks reported errors Cadoles/bouncer/pipeline/head Something is wrong with the build of this commit Details	2023-06-26 14:24:34 +02:00
William Petit	ef869a02ea	doc: add 'how to create a custom layer' tutorial All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-24 12:28:16 -06:00
William Petit	6559d1f594	fix(command,proxy): allow from flag to be optional Some checks reported errors Cadoles/bouncer/pipeline/head Something is wrong with the build of this commit Details	2023-06-24 12:27:29 -06:00
William Petit	8d91f646c2	feat: refactor layers registration All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-23 17:54:34 -06:00
William Petit	e32c72e030	feat: command flags cleanup All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-23 11:08:35 -06:00
William Petit	8d21e9083c	doc: add general architecture base document + layers base reference All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-22 20:53:58 -06:00
William Petit	2a8849493d	feat(layer,queue): display templatized page for queued users All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-06-12 19:57:13 -06:00
William Petit	830d4d3904	fix(doc): typo All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-05-28 17:12:42 +02:00
William Petit	7a45a5ba3b	fix(packaging): alpine startup script All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2023-05-28 17:08:51 +02:00
William Petit	1cfe07a343	doc: add queue layer tutorial	2023-05-28 17:08:30 +02:00