Compare commits
9 Commits
v2024.10.2
...
v2024.11.8
| Author | SHA1 | Date | |
|---|---|---|---|
| 74c2a2c055 | |||
| 239d4573c3 | |||
| cffe3eca1b | |||
| a686c52aed | |||
| c0470ca623 | |||
| c611705d45 | |||
| 16fa751dc7 | |||
| 8983a44d9e | |||
| 11375e546f |
@ -60,7 +60,7 @@ Retourne `nil` si le cookie n'existe pas.
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
##### `set_cookie(ctx, cookie Cookie)`
|
##### `add_cookie(ctx, cookie Cookie)`
|
||||||
|
|
||||||
Définit un cookie sur la requête/réponse (en fonction du contexte d'utilisation).
|
Définit un cookie sur la requête/réponse (en fonction du contexte d'utilisation).
|
||||||
Voir la méthode `get_cookie()` pour voir les attributs potentiels.
|
Voir la méthode `get_cookie()` pour voir les attributs potentiels.
|
||||||
|
|||||||
@ -9,25 +9,35 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type RedisConfig struct {
|
type RedisConfig struct {
|
||||||
Adresses InterpolatedStringSlice `yaml:"addresses"`
|
Adresses InterpolatedStringSlice `yaml:"addresses"`
|
||||||
Master InterpolatedString `yaml:"master"`
|
Master InterpolatedString `yaml:"master"`
|
||||||
ReadTimeout InterpolatedDuration `yaml:"readTimeout"`
|
ReadTimeout InterpolatedDuration `yaml:"readTimeout"`
|
||||||
WriteTimeout InterpolatedDuration `yaml:"writeTimeout"`
|
WriteTimeout InterpolatedDuration `yaml:"writeTimeout"`
|
||||||
DialTimeout InterpolatedDuration `yaml:"dialTimeout"`
|
DialTimeout InterpolatedDuration `yaml:"dialTimeout"`
|
||||||
LockMaxRetries InterpolatedInt `yaml:"lockMaxRetries"`
|
LockMaxRetries InterpolatedInt `yaml:"lockMaxRetries"`
|
||||||
MaxRetries InterpolatedInt `yaml:"maxRetries"`
|
RouteByLatency InterpolatedBool `yaml:"routeByLatency"`
|
||||||
PingInterval InterpolatedDuration `yaml:"pingInterval"`
|
ContextTimeoutEnabled InterpolatedBool `yaml:"contextTimeoutEnabled"`
|
||||||
|
MaxRetries InterpolatedInt `yaml:"maxRetries"`
|
||||||
|
PingInterval InterpolatedDuration `yaml:"pingInterval"`
|
||||||
|
PoolSize InterpolatedInt `yaml:"poolSize"`
|
||||||
|
PoolTimeout InterpolatedDuration `yaml:"poolTimeout"`
|
||||||
|
MinIdleConns InterpolatedInt `yaml:"minIdleConns"`
|
||||||
|
MaxIdleConns InterpolatedInt `yaml:"maxIdleConns"`
|
||||||
|
ConnMaxIdleTime InterpolatedDuration `yaml:"connMaxIdleTime"`
|
||||||
|
ConnMaxLifetime InterpolatedDuration `yaml:"connMaxLifeTime"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewDefaultRedisConfig() RedisConfig {
|
func NewDefaultRedisConfig() RedisConfig {
|
||||||
return RedisConfig{
|
return RedisConfig{
|
||||||
Adresses: InterpolatedStringSlice{"localhost:6379"},
|
Adresses: InterpolatedStringSlice{"localhost:6379"},
|
||||||
Master: "",
|
Master: "",
|
||||||
ReadTimeout: InterpolatedDuration(30 * time.Second),
|
ReadTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
WriteTimeout: InterpolatedDuration(30 * time.Second),
|
WriteTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
DialTimeout: InterpolatedDuration(30 * time.Second),
|
DialTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
LockMaxRetries: 10,
|
LockMaxRetries: 10,
|
||||||
MaxRetries: 3,
|
MaxRetries: 3,
|
||||||
PingInterval: InterpolatedDuration(30 * time.Second),
|
PingInterval: InterpolatedDuration(30 * time.Second),
|
||||||
|
ContextTimeoutEnabled: true,
|
||||||
|
RouteByLatency: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -32,7 +32,7 @@ func NewDefaultSentryConfig() SentryConfig {
|
|||||||
EnableTracing: false,
|
EnableTracing: false,
|
||||||
TracesSampleRate: 0.1,
|
TracesSampleRate: 0.1,
|
||||||
ProfilesSampleRate: 0.1,
|
ProfilesSampleRate: 0.1,
|
||||||
IgnoreErrors: []string{"context canceled"},
|
IgnoreErrors: []string{"context canceled", "net/http: abort"},
|
||||||
SendDefaultPII: false,
|
SendDefaultPII: false,
|
||||||
ServerName: "",
|
ServerName: "",
|
||||||
Environment: "",
|
Environment: "",
|
||||||
|
|||||||
@ -10,6 +10,9 @@ import (
|
|||||||
"forge.cadoles.com/Cadoles/go-proxy"
|
"forge.cadoles.com/Cadoles/go-proxy"
|
||||||
"forge.cadoles.com/Cadoles/go-proxy/wildcard"
|
"forge.cadoles.com/Cadoles/go-proxy/wildcard"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/util"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/rule"
|
||||||
|
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||||
"github.com/Masterminds/sprig/v3"
|
"github.com/Masterminds/sprig/v3"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
@ -21,6 +24,8 @@ type Layer struct {
|
|||||||
auth Authenticator
|
auth Authenticator
|
||||||
debug bool
|
debug bool
|
||||||
|
|
||||||
|
ruleEngineCache *util.RuleEngineCache[*Vars, *LayerOptions]
|
||||||
|
|
||||||
templateDir string
|
templateDir string
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,7 +79,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := l.applyRules(ctx, r, options, user); err != nil {
|
if err := l.applyRules(ctx, r, layer, options, user); err != nil {
|
||||||
if errors.Is(err, ErrForbidden) {
|
if errors.Is(err, ErrForbidden) {
|
||||||
l.renderForbiddenPage(w, r, layer, options, user)
|
l.renderForbiddenPage(w, r, layer, options, user)
|
||||||
return
|
return
|
||||||
@ -189,6 +194,18 @@ func NewLayer(layerType store.LayerType, auth Authenticator, funcs ...OptionFunc
|
|||||||
opts := NewOptions(funcs...)
|
opts := NewOptions(funcs...)
|
||||||
|
|
||||||
return &Layer{
|
return &Layer{
|
||||||
|
ruleEngineCache: util.NewInMemoryRuleEngineCache[*Vars, *LayerOptions](func(options *LayerOptions) (*rule.Engine[*Vars], error) {
|
||||||
|
engine, err := rule.NewEngine[*Vars](
|
||||||
|
rule.WithRules(options.Rules...),
|
||||||
|
rule.WithExpr(getAuthnAPI()...),
|
||||||
|
ruleHTTP.WithRequestFuncs(),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return engine, nil
|
||||||
|
}),
|
||||||
layerType: layerType,
|
layerType: layerType,
|
||||||
auth: auth,
|
auth: auth,
|
||||||
templateDir: opts.TemplateDir,
|
templateDir: opts.TemplateDir,
|
||||||
|
|||||||
@ -28,12 +28,13 @@ func DefaultLayerOptions() LayerOptions {
|
|||||||
return LayerOptions{
|
return LayerOptions{
|
||||||
MatchURLs: []string{"*"},
|
MatchURLs: []string{"*"},
|
||||||
Rules: []string{
|
Rules: []string{
|
||||||
"del_headers('Remote-*')",
|
"del_headers(ctx, 'Remote-*')",
|
||||||
"set_header('Remote-User', user.subject)",
|
"set_header(ctx,'Remote-User', vars.user.subject)",
|
||||||
`map(
|
`map(
|
||||||
toPairs(user.attrs), {
|
toPairs(vars.user.attrs), {
|
||||||
let name = replace(lower(string(get(#, 0))), '_', '-');
|
let name = replace(lower(string(get(#, 0))), '_', '-');
|
||||||
set_header(
|
set_header(
|
||||||
|
ctx,
|
||||||
'Remote-User-Attr-' + name,
|
'Remote-User-Attr-' + name,
|
||||||
get(#, 1)
|
get(#, 1)
|
||||||
)
|
)
|
||||||
|
|||||||
@ -48,7 +48,7 @@ func (c *Client) Provider() *oidc.Provider {
|
|||||||
func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) (*oidc.IDToken, error) {
|
func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) (*oidc.IDToken, error) {
|
||||||
idToken, err := c.getIDToken(r, sess)
|
idToken, err := c.getIDToken(r, sess)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Warn(r.Context(), "could not retrieve idtoken", logger.CapturedE(errors.WithStack(err)))
|
logger.Warn(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
|
||||||
|
|
||||||
c.login(w, r, sess, postLoginRedirectURL)
|
c.login(w, r, sess, postLoginRedirectURL)
|
||||||
|
|
||||||
@ -69,7 +69,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
|
|||||||
sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
|
sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
|
||||||
|
|
||||||
if err := sess.Save(r, w); err != nil {
|
if err := sess.Save(r, w); err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not save session"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not save session"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,8 +4,8 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/rule"
|
|
||||||
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||||
"github.com/expr-lang/expr"
|
"github.com/expr-lang/expr"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
@ -14,17 +14,11 @@ type Vars struct {
|
|||||||
User *User `expr:"user"`
|
User *User `expr:"user"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) applyRules(ctx context.Context, r *http.Request, options *LayerOptions, user *User) error {
|
func (l *Layer) applyRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) error {
|
||||||
rules := options.Rules
|
key := string(layer.Proxy) + "-" + string(layer.Name)
|
||||||
if len(rules) == 0 {
|
revisionedEngine := l.ruleEngineCache.Get(key)
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
engine, err := rule.NewEngine[*Vars](
|
engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
|
||||||
rule.WithRules(options.Rules...),
|
|
||||||
rule.WithExpr(getAuthnAPI()...),
|
|
||||||
ruleHTTP.WithRequestFuncs(),
|
|
||||||
)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -54,7 +54,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
|
|||||||
|
|
||||||
options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
|
options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
|
|||||||
|
|
||||||
rank, err := q.adapter.Touch(ctx, queueName, sessionID)
|
rank, err := q.adapter.Touch(ctx, queueName, sessionID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve session rank"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not update queue session rank"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -142,7 +142,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
|
|||||||
|
|
||||||
status, err := q.adapter.Status(ctx, queueName)
|
status, err := q.adapter.Status(ctx, queueName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve queue status"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve queue status"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -191,7 +191,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
|
|||||||
var buf bytes.Buffer
|
var buf bytes.Buffer
|
||||||
|
|
||||||
if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
|
if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not render queue page"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not render queue page"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -16,8 +16,8 @@ import (
|
|||||||
const LayerType store.LayerType = "rewriter"
|
const LayerType store.LayerType = "rewriter"
|
||||||
|
|
||||||
type Layer struct {
|
type Layer struct {
|
||||||
requestRuleEngine *util.RevisionedRuleEngine[*RequestVars, *LayerOptions]
|
requestRuleEngineCache *util.RuleEngineCache[*RequestVars, *LayerOptions]
|
||||||
responseRuleEngine *util.RevisionedRuleEngine[*ResponseVars, *LayerOptions]
|
responseRuleEngineCache *util.RuleEngineCache[*ResponseVars, *LayerOptions]
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) LayerType() store.LayerType {
|
func (l *Layer) LayerType() store.LayerType {
|
||||||
@ -31,7 +31,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||||||
|
|
||||||
options, err := fromStoreOptions(layer.Options)
|
options, err := fromStoreOptions(layer.Options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
|
director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := l.applyRequestRules(ctx, r, layer.Revision, options); err != nil {
|
if err := l.applyRequestRules(ctx, r, layer, options); err != nil {
|
||||||
var redirect *errRedirect
|
var redirect *errRedirect
|
||||||
if errors.As(err, &redirect) {
|
if errors.As(err, &redirect) {
|
||||||
http.Redirect(w, r, redirect.URL(), redirect.StatusCode())
|
http.Redirect(w, r, redirect.URL(), redirect.StatusCode())
|
||||||
@ -76,7 +76,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
|
|||||||
|
|
||||||
ctx := r.Request.Context()
|
ctx := r.Request.Context()
|
||||||
|
|
||||||
if err := l.applyResponseRules(ctx, r, layer.Revision, options); err != nil {
|
if err := l.applyResponseRules(ctx, r, layer, options); err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -86,7 +86,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
|
|||||||
|
|
||||||
func New(funcs ...OptionFunc) *Layer {
|
func New(funcs ...OptionFunc) *Layer {
|
||||||
return &Layer{
|
return &Layer{
|
||||||
requestRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
|
requestRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
|
||||||
engine, err := rule.NewEngine[*RequestVars](
|
engine, err := rule.NewEngine[*RequestVars](
|
||||||
rule.WithRules(options.Rules.Request...),
|
rule.WithRules(options.Rules.Request...),
|
||||||
ruleHTTP.WithRequestFuncs(),
|
ruleHTTP.WithRequestFuncs(),
|
||||||
@ -98,7 +98,7 @@ func New(funcs ...OptionFunc) *Layer {
|
|||||||
|
|
||||||
return engine, nil
|
return engine, nil
|
||||||
}),
|
}),
|
||||||
responseRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
|
responseRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
|
||||||
engine, err := rule.NewEngine[*ResponseVars](
|
engine, err := rule.NewEngine[*ResponseVars](
|
||||||
rule.WithRules(options.Rules.Response...),
|
rule.WithRules(options.Rules.Response...),
|
||||||
ruleHTTP.WithResponseFuncs(),
|
ruleHTTP.WithResponseFuncs(),
|
||||||
|
|||||||
@ -8,6 +8,7 @@ import (
|
|||||||
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/rule"
|
"forge.cadoles.com/cadoles/bouncer/internal/rule"
|
||||||
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -87,13 +88,13 @@ func fromRequest(r *http.Request) RequestVar {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRevision int, options *LayerOptions) error {
|
func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions) error {
|
||||||
rules := options.Rules.Request
|
rules := options.Rules.Request
|
||||||
if len(rules) == 0 {
|
if len(rules) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
engine, err := l.getRequestRuleEngine(ctx, layerRevision, options)
|
engine, err := l.getRequestRuleEngine(ctx, layer, options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
}
|
}
|
||||||
@ -117,8 +118,11 @@ func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRev
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) getRequestRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
|
func (l *Layer) getRequestRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
|
||||||
engine, err := l.requestRuleEngine.Get(ctx, layerRevision, options)
|
key := string(layer.Proxy) + "-" + string(layer.Name)
|
||||||
|
revisionedEngine := l.requestRuleEngineCache.Get(key)
|
||||||
|
|
||||||
|
engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
@ -145,13 +149,13 @@ type ResponseVar struct {
|
|||||||
Trailer map[string][]string `expr:"trailer"`
|
Trailer map[string][]string `expr:"trailer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerRevision int, options *LayerOptions) error {
|
func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layer *store.Layer, options *LayerOptions) error {
|
||||||
rules := options.Rules.Response
|
rules := options.Rules.Response
|
||||||
if len(rules) == 0 {
|
if len(rules) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
engine, err := l.getResponseRuleEngine(ctx, layerRevision, options)
|
engine, err := l.getResponseRuleEngine(ctx, layer, options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
}
|
}
|
||||||
@ -187,8 +191,11 @@ func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerR
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Layer) getResponseRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
|
func (l *Layer) getResponseRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
|
||||||
engine, err := l.responseRuleEngine.Get(ctx, layerRevision, options)
|
key := string(layer.Proxy) + "-" + string(layer.Name)
|
||||||
|
revisionedEngine := l.responseRuleEngineCache.Get(key)
|
||||||
|
|
||||||
|
engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|||||||
28
internal/proxy/director/layer/util/rule_engine_cache.go
Normal file
28
internal/proxy/director/layer/util/rule_engine_cache.go
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
package util
|
||||||
|
|
||||||
|
import (
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/cache"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
|
||||||
|
)
|
||||||
|
|
||||||
|
type RuleEngineCache[V any, O any] struct {
|
||||||
|
cache cache.Cache[string, *RevisionedRuleEngine[V, O]]
|
||||||
|
factory RuleEngineFactoryFunc[V, O]
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *RuleEngineCache[V, O]) Get(key string) *RevisionedRuleEngine[V, O] {
|
||||||
|
revisionedRuleEngine, exists := c.cache.Get(key)
|
||||||
|
if !exists {
|
||||||
|
revisionedRuleEngine = NewRevisionedRuleEngine(c.factory)
|
||||||
|
c.cache.Set(key, revisionedRuleEngine)
|
||||||
|
}
|
||||||
|
|
||||||
|
return revisionedRuleEngine
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewInMemoryRuleEngineCache[V any, O any](factory RuleEngineFactoryFunc[V, O]) *RuleEngineCache[V, O] {
|
||||||
|
return &RuleEngineCache[V, O]{
|
||||||
|
factory: factory,
|
||||||
|
cache: memory.NewCache[string, *RevisionedRuleEngine[V, O]](),
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -234,7 +234,7 @@ func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int,
|
|||||||
err = errors.WithStack(err)
|
err = errors.WithStack(err)
|
||||||
|
|
||||||
if errors.Is(err, context.Canceled) {
|
if errors.Is(err, context.Canceled) {
|
||||||
logger.Warn(r.Context(), err.Error(), logger.CapturedE(err))
|
logger.Warn(r.Context(), err.Error(), logger.E(err))
|
||||||
} else {
|
} else {
|
||||||
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
|
logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
|
||||||
}
|
}
|
||||||
|
|||||||
@ -75,7 +75,7 @@ func (s *Store) New(r *http.Request, name string) (*sessions.Session, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
|
func (s *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
|
||||||
if session.Options.MaxAge <= 0 {
|
if session.Options.MaxAge < 0 {
|
||||||
if err := s.delete(r.Context(), session); err != nil {
|
if err := s.delete(r.Context(), session); err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -38,9 +38,15 @@ func newRedisClient(conf config.RedisConfig) redis.UniversalClient {
|
|||||||
ReadTimeout: time.Duration(conf.ReadTimeout),
|
ReadTimeout: time.Duration(conf.ReadTimeout),
|
||||||
WriteTimeout: time.Duration(conf.WriteTimeout),
|
WriteTimeout: time.Duration(conf.WriteTimeout),
|
||||||
DialTimeout: time.Duration(conf.DialTimeout),
|
DialTimeout: time.Duration(conf.DialTimeout),
|
||||||
RouteByLatency: true,
|
RouteByLatency: bool(conf.RouteByLatency),
|
||||||
ContextTimeoutEnabled: true,
|
ContextTimeoutEnabled: bool(conf.ContextTimeoutEnabled),
|
||||||
MaxRetries: int(conf.MaxRetries),
|
MaxRetries: int(conf.MaxRetries),
|
||||||
|
PoolSize: int(conf.PoolSize),
|
||||||
|
PoolTimeout: time.Duration(conf.PoolTimeout),
|
||||||
|
MinIdleConns: int(conf.MinIdleConns),
|
||||||
|
MaxIdleConns: int(conf.MaxIdleConns),
|
||||||
|
ConnMaxIdleTime: time.Duration(conf.ConnMaxIdleTime),
|
||||||
|
ConnMaxLifetime: time.Duration(conf.ConnMaxLifetime),
|
||||||
})
|
})
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
|
|||||||
@ -55,6 +55,8 @@
|
|||||||
border-radius: 5px;
|
border-radius: 5px;
|
||||||
box-shadow: 2px 2px #cccccc1c;
|
box-shadow: 2px 2px #cccccc1c;
|
||||||
color: #810000 !important;
|
color: #810000 !important;
|
||||||
|
max-width: 80%;
|
||||||
|
overflow-x: hidden;
|
||||||
}
|
}
|
||||||
|
|
||||||
.title {
|
.title {
|
||||||
@ -81,7 +83,7 @@
|
|||||||
<div id="card">
|
<div id="card">
|
||||||
<h2 class="title">Une erreur est survenue !</h2>
|
<h2 class="title">Une erreur est survenue !</h2>
|
||||||
{{ if .Debug }}
|
{{ if .Debug }}
|
||||||
<pre>{{ .Err }}</pre>
|
<pre style="overflow-x: auto">{{ .Err }}</pre>
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{/* if a public base url is provided, show navigation link */}}
|
{{/* if a public base url is provided, show navigation link */}}
|
||||||
{{ $oidc := ( index .Layer.Options "oidc" ) }}
|
{{ $oidc := ( index .Layer.Options "oidc" ) }}
|
||||||
|
|||||||
Reference in New Issue
Block a user