fix(authn-network): handles r.RemoteAddr without port

.env.dist

@@ -1 +0,0 @@
-GODEBUG="http1debug=2 http2debug=2"

.gitignore

@@ -9,5 +9,3 @@
 /data
 /out
 .dockerconfigjson
-*.prof
-proxy.test

.goreleaser.yaml

@@ -63,9 +63,6 @@ nfpms:
       - src: layers
         dst: /etc/bouncer/layers
         type: config
-      - src: templates
-        dst: /etc/bouncer/templates
-        type: config
       - dst: /etc/bouncer/bootstrap.d
         type: dir
         file_info:

Dockerfile

@@ -22,16 +22,13 @@ RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
 
 # Patch config
 RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
-&& yq -i '.proxy.templates.dir = "/usr/share/bouncer/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.layers.authn.templateDir = "/usr/share/bouncer/layers/authn/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.redis.writeTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.redis.readTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
-    && yq -i '.redis.dialTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.redis.dialTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml
-    && yq -i '.bootstrap.lockTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
-    && yq -i '.integrations.kubernetes.lockTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml
 
 FROM reg.cadoles.com/proxy_cache/library/alpine:3.19.1 AS RUNTIME
 
@@ -43,21 +40,17 @@ RUN mkdir -p /usr/local/bin /usr/share/bouncer/bin /etc/bouncer
 
 COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/bouncer /usr/share/bouncer/bin/bouncer
 COPY --from=BUILD /src/layers /usr/share/bouncer/layers
-COPY --from=BUILD /src/templates /usr/share/bouncer/templates
 COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/config.yml /etc/bouncer/config.yml
 
 RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer
 
 EXPOSE 8080
 EXPOSE 8081
-EXPOSE 8082
 
-RUN adduser -D -s /bin/sh bouncer
+RUN adduser -D -H bouncer
 
 ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
 
 USER bouncer
 
-WORKDIR /home/bouncer
-
 CMD ["bouncer"]

Makefile

@@ -59,7 +59,7 @@ deps: .env
 
 .PHONY: goreleaser
 goreleaser: deps
-	( set -o allexport && source .env && set +o allexport &&  curl -sfL https://goreleaser.com/static/run | VERSION=$(GORELEASER_VERSION) GORELEASER_CURRENT_TAG="$(FULL_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
+	( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(FULL_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
 
 .PHONY: start-release
 start-release:
@@ -130,13 +130,6 @@ tools/grafterm/bin/grafterm:
 	mkdir -p tools/grafterm/bin
 	GOBIN=$(PWD)/tools/grafterm/bin go install github.com/slok/grafterm/cmd/grafterm@v0.2.0
 
-bench:
-	go test -bench=. -run '^$$' -count=10 ./...
-
-tools/benchstat/bin/benchstat:
-	mkdir -p tools/benchstat/bin
-	GOBIN=$(PWD)/tools/benchstat/bin go install golang.org/x/perf/cmd/benchstat@latest
-
 full-version:
 	@echo $(FULL_VERSION)
 

doc/fr/references/layers/README.md

@@ -4,4 +4,3 @@ Vous trouverez ci-dessous la liste des entités "Layer" activables sur vos entit
 
 - [Authn (`authn-*`)](./authn/README.md) - Authentification des accès (SSO)
 - [Queue](./queue.md) - File d'attente dynamique
-- [Rewriter](./rewriter.md) - Réécriture dynamiques des attributs des requêtes/réponses

doc/fr/references/layers/authn/README.md

@@ -36,28 +36,16 @@ Le comportement des règles par défaut est le suivant:
 
 Interdire l'accès à l'utilisateur.
 
-##### `add_header(name string, value string)`
+#### `set_header(name string, value string)`
 
-Ajouter une valeur à un entête HTTP via son nom `name` et sa valeur `value`.
+Définir la valeur d'une entête HTTP via son nom `name` et sa valeur `value`.
 
-##### `set_header(name string, value string)`
+#### `del_headers(pattern string)`
-
-Définir la valeur d'un entête HTTP via son nom `name` et sa valeur `value`. La valeur précédente est écrasée.
-
-##### `del_headers(pattern string)`
 
 Supprimer un ou plusieurs entêtes HTTP dont le nom correspond au patron `pattern`.
 
 Le patron est défini par une chaîne comprenant un ou plusieurs caractères `*`, signifiant un ou plusieurs caractères arbitraires.
 
-##### `set_host(host string)`
-
-Modifier la valeur de l'entête `Host` de la requête.
-
-##### `set_url(url string)`
-
-Modifier l'URL du serveur cible.
-
 ### Environnement
 
 Les règles ont accès aux variables suivantes pendant leur exécution.

doc/fr/references/layers/rewriter.md

@@ -1,116 +0,0 @@
-# Layer "Rewriter"
-
-## Description
-
-Ce layer permet de modifier dynamiquement certains attributs de requêtes/réponses transitant par le proxy.
-
-## Type
-
-`rewriter`
-
-## Schéma des options
-
-Les options disponibles pour le layer sont décrites via un [schéma JSON](https://json-schema.org/specification). Elles sont documentées dans le [schéma visible ici](../../../../internal/proxy/director/layer/rewriter/layer-options.json).
-
-## Moteur de règles
-
-Les options `rules.request` et `rules.response` permettent de définir des listes de règles utilisant un DSL modifiant de manière dynamique les attributs des requêtes/réponses transitant par le proxy.
-
-Les listes d'instructions sont exécutées séquentiellement.
-
-Bouncer utilise le projet [`expr`](https://expr-lang.org/) comme DSL. En plus des fonctionnalités natives du langage, Bouncer ajoute un certain nombre de fonctions spécifiques au contexte d'utilisation.
-
-### Fonctions
-
-#### Communes
-
-##### `add_header(name string, value string)`
-
-Ajouter une valeur à un entête HTTP via son nom `name` et sa valeur `value`.
-
-##### `set_header(name string, value string)`
-
-Définir la valeur d'un entête HTTP via son nom `name` et sa valeur `value`. La valeur précédente est écrasée.
-
-##### `del_headers(pattern string)`
-
-Supprimer un ou plusieurs entêtes HTTP dont le nom correspond au patron `pattern`.
-
-Le patron est défini par une chaîne comprenant un ou plusieurs caractères `*`, signifiant un ou plusieurs caractères arbitraires.
-
-#### Requête
-
-##### `set_host(host string)`
-
-Modifier la valeur de l'entête `Host` de la requête.
-
-##### `set_url(url string)`
-
-Modifier l'URL du serveur cible.
-
-#### Réponse
-
-_Pas de fonctions spécifiques._
-
-### Environnement
-
-Les règles ont accès aux variables suivantes pendant leur exécution. **Ces données sont en lecture seule.**
-
-#### Requête
-
-##### `request`
-
-La requête en cours de traitement.
-
-```js
-{
-    method: "string", // Méthode HTTP
-    host: "string", // Nom d'hôte (`Host`) associé à la requête
-    url: "string", // URL associée à la requête
-    proto: "string", // Numéro de version du protocole utilisé
-    protoMajor: "int", // Numéro de version majeure du protocole utilisé
-    protoMinor: "int",  // Numéro de version mineur du protocole utilisé
-    header: { // Table associative des entêtes HTTP associés à la requête
-        "string": ["string"]
-    },
-    contentLength: "int", // Taille du corps de la requête
-    transferEncoding: ["string"], // MIME-Type(s) d'encodage du corps de la requête
-    trailer: { // Table associative des entêtes HTTP associés à la requête, transmises après le corps de la requête
-        "string": ["string"]
-    },
-    remoteAddr: "string", // Adresse du client HTTP à l'origine de la requête
-    requestUri: "string" // URL "brute" associée à la requêtes (avant opérations d'assainissement, utiliser "url" plutôt)
-}
-```
-
-#### Réponse
-
-##### `response`
-
-La réponse en cours de traitement.
-
-```js
-{
-    statusCode: "int", // Code de statut de la réponse
-    status: "string", // Message associé au code de statut
-    proto: "string", // Numéro de version du protocole utilisé
-    protoMajor: "int", // Numéro de version majeure du protocole utilisé
-    protoMinor: "int",  // Numéro de version mineur du protocole utilisé
-    header: { // Table associative des entêtes HTTP associés à la requête
-        "string": ["string"]
-    },
-    contentLength: "int", // Taille du corps de la réponse
-    transferEncoding: ["string"], // MIME-Type(s) d'encodage du corps de la requête
-    trailer: { // Table associative des entêtes HTTP associés à la requête, transmises après le corps de la requête
-        "string": ["string"]
-    },
-}
-```
-
-##### `request`
-
-_Voir section précédente._
-
-## Métriques
-
-_Pas de métriques spécifiques._

doc/fr/tutorials/add-oidc-authn-layer.md

@@ -55,7 +55,7 @@ Par défaut ce serveur écoute sur le port 8082. Il est possible de modifier l'a
    bouncer admin proxy update --proxy-name my-proxy --proxy-enabled
    ```
 
-3. À ce stade, vous devriez pouvoir afficher la page du serveur `dummy` en ouvrant l'URL de votre instance Bouncer, par exemple `http://localhost:8080` si vous travaillez avec une instance Bouncer locale avec la configuration par défaut
+3. À ce stade, vous devriez pouvoir afficher la page du serveur `dummy` en ouvrant l'URL de votre instance Bouncer, par exemple `http://localhost:8080` si vous avez travaillez avec une instance Bouncer locale avec la configuration par défaut
 
 4. Créer un layer de type `authn-oidc` pour notre nouveau proxy
 

doc/fr/tutorials/create-custom-layer.md

@@ -10,13 +10,13 @@ Avoir un environnement de développement local fonctionnel. Voir tutoriel ["Dém
 
 ### Préparer la structure de base du nouveau layer
 
-Une implémentation d'un layer se compose majoritairement de 3 éléments:
+Une implémetation d'un layer se compose majoritairement de 3 éléments:
 
 - Une structure qui implémente une ou plusieurs interfaces (`director.MiddlewareLayer`, `director.RequestTransformerLayer` et/ou `director.ResponseTransformerLayer`);
 - Un schéma au format [JSON Schema](http://json-schema.org/) qui permettra de valider les "options" de notre layer;
 - Un fichier d'amorçage qui permettra à Bouncer de référencer notre nouveau layer.
 
-1. Créer le répertoire du `package` Go qui contiendra le code de votre layer. Celui ci s’appellera `basicauth`:
+1. Créer le répertoire du `package` Go qui contiendra le code de votre layer. Celui ci s'appelera `basicauth`:
 
    ```
    mkdir -p internal/proxy/director/layer/basicauth
@@ -133,22 +133,26 @@ Une implémentation d'un layer se compose majoritairement de 3 éléments:
 
 ## Tester l'intégration de notre nouveau layer
 
-À ce stade, notre nouveau layer est normalement référencé et donc "utilisable" dans Bouncer (si on omet le fait qu'il déclenchera un `panic()`).
+À ce stade, notre nouveau layer est normalement référencé et donc "utilisable" dans Bouncer (si on omet le fait qu'il déclenchera une `panic()`).
 
 1. Vérifier que notre layer est bien référencé en exécutant la commande:
 
    ```
-   ./bin/bouncer admin definition layer query --with-type basicauth
+   ./bin/bouncer admin layer create --help
    ```
 
    La sortie devrait ressembler à:
 
    ```
-    +-----------+-----------------------------------+
+   NAME:
-    | TYPE      | OPTIONS                           |
+   bouncer admin layer create - Create layer
-    +-----------+-----------------------------------+
+
-    | basicauth | {"type":"object","properties":... |
+   USAGE:
-    +-----------+-----------------------------------+
+   bouncer admin layer create [command options] [arguments...]
+
+   OPTIONS:
+   --layer-type LAYER_TYPE        Set LAYER_TYPE as layer's type (available: [basicauth queue])
+   [...]
    ```
 
    Comme vous devriez le voir nous pouvons désormais créer des layers de type `basicauth`.

doc/fr/tutorials/profiling.md

@@ -1,31 +0,0 @@
-# Analyser les performances de Bouncer
-
-1. Lancer un benchmark du proxy
-
-   ```shell
-   go test -bench=. -run '^$' -count=5 -cpuprofile bench_proxy.prof ./internal/proxy
-   ```
-
-2. Visualiser les temps d'exécution
-
-   ```shell
-   go tool pprof -web bench_proxy.prof
-   ```
-
-3. Comparer les performances d'une exécution à l'autre
-
-   ```shell
-   # Lancer un premier benchmark
-   go test -bench=. -run '^$' -count=10 ./internal/proxy > bench_before.txt
-
-   # Faire des modifications sur les sources
-
-   # Lancer un second benchmark
-   go test -bench=. -run '^$' -count=10 ./internal/proxy > bench_after.txt
-
-   # Installer l'outil benchstat
-   make tools/benchstat/bin/benchstat
-
-   # Comparer les rapports
-   tools/benchstat/bin/benchstat bench_before.txt bench_after.txt
-   ```

go.mod

@@ -93,7 +93,6 @@ require (
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect

go.sum

@@ -405,8 +405,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

internal/admin/bootstrap.go

@@ -65,7 +65,7 @@ func (s *Server) bootstrapProxies(ctx context.Context) error {
 
 			for layerName, layerConfig := range proxyConfig.Layers {
 				layerType := store.LayerType(layerConfig.Type)
-				layerOptions := store.LayerOptions(layerConfig.Options.Data)
+				layerOptions := store.LayerOptions(layerConfig.Options)
 
 				if _, err := layerRepo.CreateLayer(ctx, proxyName, layerName, layerType, layerOptions); err != nil {
 					return errors.WithStack(err)
@@ -109,7 +109,7 @@ func (s *Server) validateBootstrap(ctx context.Context) error {
 			}
 
 			rawOptions := func(opts config.InterpolatedMap) map[string]any {
-				return opts.Data
+				return opts
 			}(layerConf.Options)
 
 			if err := schema.Validate(ctx, layerOptionsSchema, rawOptions); err != nil {

internal/cache/cache.go

@@ -1,6 +0,0 @@
-package cache
-
-type Cache[K comparable, V any] interface {
-	Get(key K) (V, bool)
-	Set(key K, value V)
-}

internal/cache/memory/cache.go

@@ -1,34 +0,0 @@
-package memory
-
-import (
-	"sync"
-
-	cache "forge.cadoles.com/cadoles/bouncer/internal/cache"
-)
-
-type Cache[K comparable, V any] struct {
-	store *sync.Map
-}
-
-// Get implements cache.Cache.
-func (c *Cache[K, V]) Get(key K) (V, bool) {
-	raw, exists := c.store.Load(key)
-	if !exists {
-		return *new(V), false
-	}
-
-	return raw.(V), exists
-}
-
-// Set implements cache.Cache.
-func (c *Cache[K, V]) Set(key K, value V) {
-	c.store.Store(key, value)
-}
-
-func NewCache[K comparable, V any]() *Cache[K, V] {
-	return &Cache[K, V]{
-		store: new(sync.Map),
-	}
-}
-
-var _ cache.Cache[string, bool] = &Cache[string, bool]{}

internal/cache/ttl/cache.go

@@ -1,39 +0,0 @@
-package ttl
-
-import (
-	"time"
-
-	cache "forge.cadoles.com/cadoles/bouncer/internal/cache"
-)
-
-type Cache[K comparable, V any] struct {
-	timestamps cache.Cache[K, time.Time]
-	values     cache.Cache[K, V]
-	ttl        time.Duration
-}
-
-// Get implements cache.Cache.
-func (c *Cache[K, V]) Get(key K) (V, bool) {
-	timestamp, exists := c.timestamps.Get(key)
-	if !exists || timestamp.Add(c.ttl).Before(time.Now()) {
-		return *new(V), false
-	}
-
-	return c.values.Get(key)
-}
-
-// Set implements cache.Cache.
-func (c *Cache[K, V]) Set(key K, value V) {
-	c.timestamps.Set(key, time.Now())
-	c.values.Set(key, value)
-}
-
-func NewCache[K comparable, V any](values cache.Cache[K, V], timestamps cache.Cache[K, time.Time], ttl time.Duration) *Cache[K, V] {
-	return &Cache[K, V]{
-		values:     values,
-		timestamps: timestamps,
-		ttl:        ttl,
-	}
-}
-
-var _ cache.Cache[string, bool] = &Cache[string, bool]{}

internal/cache/ttl/cache_test.go

@@ -1,39 +0,0 @@
-package ttl
-
-import (
-	"testing"
-	"time"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-)
-
-func TestCache(t *testing.T) {
-	cache := NewCache(
-		memory.NewCache[string, int](),
-		memory.NewCache[string, time.Time](),
-		time.Second,
-	)
-
-	key := "foo"
-
-	if _, exists := cache.Get(key); exists {
-		t.Errorf("cache.Get(\"%s\"): should not exists", key)
-	}
-
-	cache.Set(key, 1)
-
-	value, exists := cache.Get(key)
-	if !exists {
-		t.Errorf("cache.Get(\"%s\"): should exists", key)
-	}
-
-	if e, g := 1, value; e != g {
-		t.Errorf("cache.Get(\"%s\"): expected '%v', got '%v'", key, e, g)
-	}
-
-	time.Sleep(time.Second)
-
-	if _, exists := cache.Get("foo"); exists {
-		t.Errorf("cache.Get(\"%s\"): should not exists", key)
-	}
-}

internal/command/server/proxy/run.go

@@ -3,7 +3,6 @@ package proxy
 import (
 	"fmt"
 	"strings"
-	"time"
 
 	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy"
@@ -46,7 +45,6 @@ func RunCommand() *cli.Command {
 				proxy.WithServerConfig(conf.Proxy),
 				proxy.WithRedisConfig(conf.Redis),
 				proxy.WithDirectorLayers(layers...),
-				proxy.WithDirectorCacheTTL(time.Duration(conf.Proxy.Cache.TTL)),
 			)
 
 			addrs, srvErrs := srv.Start(ctx.Context)

internal/config/environment.go

@@ -101,66 +101,33 @@ func (ib *InterpolatedBool) UnmarshalYAML(value *yaml.Node) error {
 	return nil
 }
 
-type InterpolatedMap struct {
+type InterpolatedMap map[string]interface{}
-	Data   map[string]any
-	getEnv func(string) string
-}
 
 func (im *InterpolatedMap) UnmarshalYAML(value *yaml.Node) error {
-	var data map[string]any
+	var data map[string]interface{}
 
 	if err := value.Decode(&data); err != nil {
 		return errors.Wrapf(err, "could not decode value '%v' (line '%d') into map", value.Value, value.Line)
 	}
 
-	if im.getEnv == nil {
+	for key, value := range data {
-		im.getEnv = os.Getenv
+		strVal, ok := value.(string)
+		if !ok {
+			continue
 		}
 
-	interpolated, err := im.interpolateRecursive(data)
+		if match := reVar.FindStringSubmatch(strVal); len(match) > 0 {
-	if err != nil {
+			strVal = os.Getenv(match[1])
-		return errors.WithStack(err)
 		}
 
-	im.Data = interpolated.(map[string]any)
+		data[key] = strVal
+	}
+
+	*im = data
 
 	return nil
 }
 
-func (im *InterpolatedMap) interpolateRecursive(data any) (any, error) {
-	switch typ := data.(type) {
-	case map[string]any:
-		for key, value := range typ {
-			value, err := im.interpolateRecursive(value)
-			if err != nil {
-				return nil, errors.WithStack(err)
-			}
-
-			typ[key] = value
-		}
-
-	case string:
-		value, err := envsubst.Eval(typ, im.getEnv)
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		data = value
-
-	case []any:
-		for idx := range typ {
-			value, err := im.interpolateRecursive(typ[idx])
-			if err != nil {
-				return nil, errors.WithStack(err)
-			}
-
-			typ[idx] = value
-		}
-	}
-
-	return data, nil
-}
-
 type InterpolatedStringSlice []string
 
 func (iss *InterpolatedStringSlice) UnmarshalYAML(value *yaml.Node) error {
@@ -205,15 +172,10 @@ func (id *InterpolatedDuration) UnmarshalYAML(value *yaml.Node) error {
 	}
 
 	duration, err := time.ParseDuration(str)
-	if err != nil {
-		nanoseconds, err := strconv.ParseInt(str, 10, 64)
 	if err != nil {
 		return errors.Wrapf(err, "could not parse duration '%v',  line '%d'", str, value.Line)
 	}
 
-		duration = time.Duration(nanoseconds)
-	}
-
 	*id = InterpolatedDuration(duration)
 
 	return nil

internal/config/environment_test.go

@@ -1,82 +0,0 @@
-package config
-
-import (
-	"fmt"
-	"os"
-	"testing"
-
-	"github.com/pkg/errors"
-	"gopkg.in/yaml.v3"
-)
-
-func TestInterpolatedMap(t *testing.T) {
-	type testCase struct {
-		Path   string
-		Env    map[string]string
-		Assert func(t *testing.T, parsed InterpolatedMap)
-	}
-
-	testCases := []testCase{
-		{
-			Path: "testdata/environment/interpolated-map-1.yml",
-			Env: map[string]string{
-				"TEST_PROP1":      "foo",
-				"TEST_SUB_PROP1":  "bar",
-				"TEST_SUB2_PROP1": "baz",
-			},
-			Assert: func(t *testing.T, parsed InterpolatedMap) {
-				if e, g := "foo", parsed.Data["prop1"]; e != g {
-					t.Errorf("parsed.Data[\"prop1\"]: expected '%v', got '%v'", e, g)
-				}
-
-				if e, g := "bar", parsed.Data["sub"].(map[string]any)["subProp1"]; e != g {
-					t.Errorf("parsed.Data[\"sub\"][\"subProp1\"]: expected '%v', got '%v'", e, g)
-				}
-
-				if e, g := "baz", parsed.Data["sub2"].(map[string]any)["sub2Prop1"].([]any)[0]; e != g {
-					t.Errorf("parsed.Data[\"sub2\"][\"sub2Prop1\"][0]: expected '%v', got '%v'", e, g)
-				}
-
-				if e, g := "test", parsed.Data["sub2"].(map[string]any)["sub2Prop1"].([]any)[1]; e != g {
-					t.Errorf("parsed.Data[\"sub2\"][\"sub2Prop1\"][1]: expected '%v', got '%v'", e, g)
-				}
-			},
-		},
-		{
-			Path: "testdata/environment/interpolated-map-2.yml",
-			Env: map[string]string{
-				"BAR": "bar",
-			},
-			Assert: func(t *testing.T, parsed InterpolatedMap) {
-				if e, g := "http://bar", parsed.Data["foo"]; e != g {
-					t.Errorf("parsed.Data[\"foo\"]: expected '%v', got '%v'", e, g)
-				}
-			},
-		},
-	}
-
-	for idx, tc := range testCases {
-		t.Run(fmt.Sprintf("Case #%d", idx), func(t *testing.T) {
-			data, err := os.ReadFile(tc.Path)
-			if err != nil {
-				t.Fatalf("%+v", errors.WithStack(err))
-			}
-
-			var interpolatedMap InterpolatedMap
-
-			if tc.Env != nil {
-				interpolatedMap.getEnv = func(key string) string {
-					return tc.Env[key]
-				}
-			}
-
-			if err := yaml.Unmarshal(data, &interpolatedMap); err != nil {
-				t.Fatalf("%+v", errors.WithStack(err))
-			}
-
-			if tc.Assert != nil {
-				tc.Assert(t, interpolatedMap)
-			}
-		})
-	}
-}

internal/config/layers.go

@@ -15,12 +15,6 @@ func NewDefaultLayersConfig() LayersConfig {
 		},
 		Authn: AuthnLayerConfig{
 			TemplateDir: "./layers/authn/templates",
-			OIDC: AuthnOIDCLayerConfig{
-				HTTPClient: AuthnOIDCHTTPClientConfig{
-					TransportConfig: NewDefaultTransportConfig(),
-					Timeout:         NewInterpolatedDuration(10 * time.Second),
-				},
-			},
 		},
 	}
 }
@@ -31,16 +25,5 @@ type QueueLayerConfig struct {
 }
 
 type AuthnLayerConfig struct {
-	Debug       InterpolatedBool     `yaml:"debug"`
 	TemplateDir InterpolatedString `yaml:"templateDir"`
-	OIDC        AuthnOIDCLayerConfig `yaml:"oidc"`
-}
-
-type AuthnOIDCLayerConfig struct {
-	HTTPClient AuthnOIDCHTTPClientConfig `yaml:"httpClient"`
-}
-
-type AuthnOIDCHTTPClientConfig struct {
-	TransportConfig
-	Timeout *InterpolatedDuration `yaml:"timeout"`
 }

internal/config/metrics.go

@@ -17,9 +17,9 @@ func (c *BasicAuthConfig) CredentialsMap() map[string]string {
 		return map[string]string{}
 	}
 
-	credentials := make(map[string]string, len(c.Credentials.Data))
+	credentials := make(map[string]string, len(*c.Credentials))
 
-	for k, v := range c.Credentials.Data {
+	for k, v := range *c.Credentials {
 		credentials[k] = fmt.Sprintf("%v", v)
 	}
 

internal/config/proxy_server.go

@@ -1,33 +1,13 @@
 package config
 
-import (
+import "time"
-	"crypto/tls"
-	"net/http"
-	"time"
-)
 
 type ProxyServerConfig struct {
-	Debug     InterpolatedBool `yaml:"debug"`
 	HTTP      HTTPConfig      `yaml:"http"`
 	Metrics   MetricsConfig   `yaml:"metrics"`
 	Transport TransportConfig `yaml:"transport"`
 	Dial      DialConfig      `yaml:"dial"`
 	Sentry    SentryConfig    `yaml:"sentry"`
-	Cache     CacheConfig      `yaml:"cache"`
-	Templates TemplatesConfig  `yaml:"templates"`
-}
-
-func NewDefaultProxyServerConfig() ProxyServerConfig {
-	return ProxyServerConfig{
-		Debug:     false,
-		HTTP:      NewHTTPConfig("0.0.0.0", 8080),
-		Metrics:   NewDefaultMetricsConfig(),
-		Transport: NewDefaultTransportConfig(),
-		Dial:      NewDefaultDialConfig(),
-		Sentry:    NewDefaultSentryConfig(),
-		Cache:     NewDefaultCacheConfig(),
-		Templates: NewDefaultTemplatesConfig(),
-	}
 }
 
 // See https://pkg.go.dev/net/http#Transport
@@ -45,51 +25,15 @@ type TransportConfig struct {
 	WriteBufferSize        InterpolatedInt       `yaml:"writeBufferSize"`
 	ReadBufferSize         InterpolatedInt       `yaml:"readBufferSize"`
 	MaxResponseHeaderBytes InterpolatedInt       `yaml:"maxResponseHeaderBytes"`
-	InsecureSkipVerify     InterpolatedBool      `yaml:"insecureSkipVerify"`
 }
 
-func (c TransportConfig) AsTransport() *http.Transport {
+func NewDefaultProxyServerConfig() ProxyServerConfig {
-	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
+	return ProxyServerConfig{
-
+		HTTP:      NewHTTPConfig("0.0.0.0", 8080),
-	httpTransport.Proxy = http.ProxyFromEnvironment
+		Metrics:   NewDefaultMetricsConfig(),
-	httpTransport.ForceAttemptHTTP2 = bool(c.ForceAttemptHTTP2)
+		Transport: NewDefaultTransportConfig(),
-	httpTransport.MaxIdleConns = int(c.MaxIdleConns)
+		Dial:      NewDefaultDialConfig(),
-	httpTransport.MaxIdleConnsPerHost = int(c.MaxIdleConnsPerHost)
+		Sentry:    NewDefaultSentryConfig(),
-	httpTransport.MaxConnsPerHost = int(c.MaxConnsPerHost)
-	httpTransport.IdleConnTimeout = time.Duration(*c.IdleConnTimeout)
-	httpTransport.TLSHandshakeTimeout = time.Duration(*c.TLSHandshakeTimeout)
-	httpTransport.ExpectContinueTimeout = time.Duration(*c.ExpectContinueTimeout)
-	httpTransport.DisableKeepAlives = bool(c.DisableKeepAlives)
-	httpTransport.DisableCompression = bool(c.DisableCompression)
-	httpTransport.ResponseHeaderTimeout = time.Duration(*c.ResponseHeaderTimeout)
-	httpTransport.WriteBufferSize = int(c.WriteBufferSize)
-	httpTransport.ReadBufferSize = int(c.ReadBufferSize)
-	httpTransport.MaxResponseHeaderBytes = int64(c.MaxResponseHeaderBytes)
-
-	if httpTransport.TLSClientConfig == nil {
-		httpTransport.TLSClientConfig = &tls.Config{}
-	}
-	httpTransport.TLSClientConfig.InsecureSkipVerify = bool(c.InsecureSkipVerify)
-
-	return httpTransport
-}
-
-func NewDefaultTransportConfig() TransportConfig {
-	return TransportConfig{
-		ForceAttemptHTTP2:      true,
-		MaxIdleConns:           100,
-		MaxIdleConnsPerHost:    100,
-		MaxConnsPerHost:        100,
-		IdleConnTimeout:        NewInterpolatedDuration(90 * time.Second),
-		TLSHandshakeTimeout:    NewInterpolatedDuration(10 * time.Second),
-		ExpectContinueTimeout:  NewInterpolatedDuration(1 * time.Second),
-		ResponseHeaderTimeout:  NewInterpolatedDuration(10 * time.Second),
-		DisableCompression:     false,
-		DisableKeepAlives:      false,
-		ReadBufferSize:         4096,
-		WriteBufferSize:        4096,
-		MaxResponseHeaderBytes: 0,
-		InsecureSkipVerify:     false,
 	}
 }
 
@@ -110,22 +54,20 @@ func NewDefaultDialConfig() DialConfig {
 	}
 }
 
-type CacheConfig struct {
+func NewDefaultTransportConfig() TransportConfig {
-	TTL InterpolatedDuration `yaml:"ttl"`
+	return TransportConfig{
-}
+		ForceAttemptHTTP2:      true,
-
+		MaxIdleConns:           100,
-func NewDefaultCacheConfig() CacheConfig {
+		MaxIdleConnsPerHost:    100,
-	return CacheConfig{
+		MaxConnsPerHost:        100,
-		TTL: *NewInterpolatedDuration(time.Second * 30),
+		IdleConnTimeout:        NewInterpolatedDuration(90 * time.Second),
-	}
+		TLSHandshakeTimeout:    NewInterpolatedDuration(10 * time.Second),
-}
+		ExpectContinueTimeout:  NewInterpolatedDuration(1 * time.Second),
-
+		ResponseHeaderTimeout:  NewInterpolatedDuration(10 * time.Second),
-type TemplatesConfig struct {
+		DisableCompression:     false,
-	Dir InterpolatedString `yaml:"dir"`
+		DisableKeepAlives:      false,
-}
+		ReadBufferSize:         4096,
-
+		WriteBufferSize:        4096,
-func NewDefaultTemplatesConfig() TemplatesConfig {
+		MaxResponseHeaderBytes: 0,
-	return TemplatesConfig{
-		Dir: "./templates",
 	}
 }

internal/config/testdata/environment/interpolated-map-1.yml

@@ -1,6 +0,0 @@
-prop1: "${TEST_PROP1}"
-prop2: 1
-sub:
-  subProp1: "${TEST_SUB_PROP1}"
-sub2:
-  sub2Prop1: ["${TEST_SUB2_PROP1}", "test"]

internal/config/testdata/environment/interpolated-map-2.yml

@@ -1 +0,0 @@
-foo: http://${BAR}

internal/proxy/director/director.go

@@ -7,7 +7,6 @@ import (
 
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
@@ -18,9 +17,6 @@ type Director struct {
 	proxyRepository store.ProxyRepository
 	layerRepository store.LayerRepository
 	layerRegistry   *LayerRegistry
-
-	proxyCache cache.Cache[string, []*store.Proxy]
-	layerCache cache.Cache[string, []*store.Layer]
 }
 
 func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
@@ -70,7 +66,6 @@ MAIN:
 
 	r.URL.Host = toURL.Host
 	r.URL.Scheme = toURL.Scheme
-	r.URL.Path = toURL.JoinPath(r.URL.Path).Path
 
 	ctx = logger.With(ctx,
 		logger.F("proxy", match.Name),
@@ -78,11 +73,6 @@ MAIN:
 		logger.F("remoteAddr", r.RemoteAddr),
 	)
 
-	logger.Debug(
-		ctx, "rewritten url",
-		logger.F("rewrittenURL", r.URL.String()),
-	)
-
 	metricProxyRequestsTotal.With(prometheus.Labels{metricLabelProxy: string(match.Name)}).Add(1)
 
 	ctx = withProxy(ctx, match)
@@ -98,14 +88,7 @@ MAIN:
 	return r, nil
 }
 
-const proxiesCacheKey = "proxies"
-
 func (d *Director) getProxies(ctx context.Context) ([]*store.Proxy, error) {
-	proxies, exists := d.proxyCache.Get(proxiesCacheKey)
-	if exists {
-		return proxies, nil
-	}
-
 	headers, err := d.proxyRepository.QueryProxy(ctx, store.WithProxyQueryEnabled(true))
 	if err != nil {
 		return nil, errors.WithStack(err)
@@ -113,7 +96,7 @@ func (d *Director) getProxies(ctx context.Context) ([]*store.Proxy, error) {
 
 	sort.Sort(store.ByProxyWeight(headers))
 
-	proxies = make([]*store.Proxy, 0, len(headers))
+	proxies := make([]*store.Proxy, 0, len(headers))
 
 	for _, h := range headers {
 		if !h.Enabled {
@@ -128,19 +111,10 @@ func (d *Director) getProxies(ctx context.Context) ([]*store.Proxy, error) {
 		proxies = append(proxies, proxy)
 	}
 
-	d.proxyCache.Set(proxiesCacheKey, proxies)
-
 	return proxies, nil
 }
 
 func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]*store.Layer, error) {
-	cacheKey := "layers-" + string(proxyName)
-
-	layers, exists := d.layerCache.Get(cacheKey)
-	if exists {
-		return layers, nil
-	}
-
 	headers, err := d.layerRepository.QueryLayers(ctx, proxyName, store.WithLayerQueryEnabled(true))
 	if err != nil {
 		return nil, errors.WithStack(err)
@@ -148,7 +122,7 @@ func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]
 
 	sort.Sort(store.ByLayerWeight(headers))
 
-	layers = make([]*store.Layer, 0, len(headers))
+	layers := make([]*store.Layer, 0, len(headers))
 
 	for _, h := range headers {
 		if !h.Enabled {
@@ -163,8 +137,6 @@ func (d *Director) getLayers(ctx context.Context, proxyName store.ProxyName) ([]
 		layers = append(layers, layer)
 	}
 
-	d.layerCache.Set(cacheKey, layers)
-
 	return layers, nil
 }
 
@@ -268,16 +240,8 @@ func (d *Director) Middleware() proxy.Middleware {
 	}
 }
 
-func New(proxyRepository store.ProxyRepository, layerRepository store.LayerRepository, funcs ...OptionFunc) *Director {
+func New(proxyRepository store.ProxyRepository, layerRepository store.LayerRepository, layers ...Layer) *Director {
-	opts := NewOptions(funcs...)
+	registry := NewLayerRegistry(layers...)
 
-	registry := NewLayerRegistry(opts.Layers...)
+	return &Director{proxyRepository, layerRepository, registry}
-
-	return &Director{
-		proxyRepository: proxyRepository,
-		layerRepository: layerRepository,
-		layerRegistry:   registry,
-		proxyCache:      opts.ProxyCache,
-		layerCache:      opts.LayerCache,
-	}
 }

internal/proxy/director/layer/authn/layer.go

@@ -17,7 +17,6 @@ import (
 type Layer struct {
 	layerType store.LayerType
 	auth      Authenticator
-	debug     bool
 
 	templateDir string
 }
@@ -41,9 +40,8 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 						return
 					}
 
-					err = errors.WithStack(err)
+					logger.Error(ctx, "could not execute pre-auth hook", logger.E(errors.WithStack(err)))
-					logger.Error(ctx, "could not execute pre-auth hook", logger.E(err))
+					http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-					l.renderErrorPage(w, r, layer, options, err)
 
 					return
 				}
@@ -67,9 +65,8 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 					return
 				}
 
-				err = errors.WithStack(err)
+				logger.Error(ctx, "could not authenticate user", logger.E(errors.WithStack(err)))
-				logger.Error(ctx, "could not authenticate user", logger.E(err))
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-				l.renderErrorPage(w, r, layer, options, err)
 
 				return
 			}
@@ -80,9 +77,8 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 					return
 				}
 
-				err = errors.WithStack(err)
+				logger.Error(ctx, "could not apply rules", logger.E(errors.WithStack(err)))
-				logger.Error(ctx, "could not apply rules", logger.E(err))
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-				l.renderErrorPage(w, r, layer, options, err)
 
 				return
 			}
@@ -98,9 +94,8 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 						return
 					}
 
-					err = errors.WithStack(err)
+					logger.Error(ctx, "could not execute post-auth hook", logger.E(errors.WithStack(err)))
-					logger.Error(ctx, "could not execute post-auth hook", logger.E(err))
+					http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-					l.renderErrorPage(w, r, layer, options, err)
 
 					return
 				}
@@ -113,47 +108,12 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 	}
 }
 
-type baseTemplateData struct {
-	Layer   *store.Layer
-	Debug   bool
-	Request *http.Request
-}
-
 func (l *Layer) renderForbiddenPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) {
-	templateData := struct {
-		baseTemplateData
-		User *User
-	}{
-		baseTemplateData: baseTemplateData{
-			Layer:   layer,
-			Debug:   l.debug,
-			Request: r,
-		},
-		User: user,
-	}
-
 	w.WriteHeader(http.StatusForbidden)
-	l.renderPage(w, r, "forbidden", options.Templates.Forbidden.Block, templateData)
+	l.renderPage(w, r, layer, "forbidden", options.Templates.Forbidden.Block, user)
 }
 
-func (l *Layer) renderErrorPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, options *LayerOptions, err error) {
+func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, page string, block string, user *User) {
-	templateData := struct {
-		baseTemplateData
-		Err error
-	}{
-		baseTemplateData: baseTemplateData{
-			Layer:   layer,
-			Debug:   l.debug,
-			Request: r,
-		},
-		Err: err,
-	}
-
-	w.WriteHeader(http.StatusInternalServerError)
-	l.renderPage(w, r, "error", options.Templates.Error.Block, templateData)
-}
-
-func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, page string, block string, templateData any) {
 	ctx := r.Context()
 
 	pattern := filepath.Join(l.templateDir, page+".gohtml")
@@ -168,8 +128,18 @@ func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, page string,
 		return
 	}
 
+	templateData := struct {
+		Layer *store.Layer
+		User  *User
+	}{
+		Layer: layer,
+		User:  user,
+	}
+
 	w.Header().Add("Cache-Control", "no-cache")
 
+	w.WriteHeader(http.StatusOK)
+
 	if err := tmpl.ExecuteTemplate(w, block, templateData); err != nil {
 		logger.Error(ctx, "could not render authn page", logger.E(errors.WithStack(err)))
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -190,7 +160,6 @@ func NewLayer(layerType store.LayerType, auth Authenticator, funcs ...OptionFunc
 		layerType:   layerType,
 		auth:        auth,
 		templateDir: opts.TemplateDir,
-		debug:       opts.Debug,
 	}
 }
 

internal/proxy/director/layer/authn/layer_options.go

@@ -17,7 +17,6 @@ type LayerOptions struct {
 
 type TemplatesOptions struct {
 	Forbidden TemplateOptions `mapstructure:"forbidden"`
-	Error     TemplateOptions `mapstructure:"error"`
 }
 
 type TemplateOptions struct {
@@ -44,9 +43,6 @@ func DefaultLayerOptions() LayerOptions {
 			Forbidden: TemplateOptions{
 				Block: "default",
 			},
-			Error: TemplateOptions{
-				Block: "default",
-			},
 		},
 	}
 

internal/proxy/director/layer/authn/network/authenticator.go

@@ -57,8 +57,6 @@ func (a *Authenticator) matchAnyAuthorizedCIDRs(ctx context.Context, remoteHostP
 		if err != nil {
 			return false, errors.WithStack(err)
 		}
-	} else {
-		remoteHost = remoteHostPort
 	}
 
 	remoteAddr := net.ParseIP(remoteHost)

internal/proxy/director/layer/authn/network/authenticator_test.go

@@ -1,60 +0,0 @@
-package network
-
-import (
-	"context"
-	"fmt"
-	"testing"
-
-	"github.com/pkg/errors"
-)
-
-func TestMatchAuthorizedCIDRs(t *testing.T) {
-
-	type testCase struct {
-		RemoteHostPort  string
-		AuthorizedCIDRs []string
-		ExpectedResult  bool
-		ExpectedError   error
-	}
-
-	testCases := []testCase{
-		{
-			RemoteHostPort: "192.168.1.15",
-			AuthorizedCIDRs: []string{
-				"192.168.1.0/24",
-			},
-			ExpectedResult: true,
-		},
-		{
-			RemoteHostPort: "192.168.1.15:43349",
-			AuthorizedCIDRs: []string{
-				"192.168.1.0/24",
-			},
-			ExpectedResult: true,
-		},
-		{
-			RemoteHostPort: "192.168.1.15:43349",
-			AuthorizedCIDRs: []string{
-				"192.168.1.5/32",
-			},
-			ExpectedResult: false,
-		},
-	}
-
-	auth := Authenticator{}
-	ctx := context.Background()
-
-	for idx, tc := range testCases {
-		t.Run(fmt.Sprintf("Case #%d", idx), func(t *testing.T) {
-			result, err := auth.matchAnyAuthorizedCIDRs(ctx, tc.RemoteHostPort, tc.AuthorizedCIDRs)
-
-			if g, e := result, tc.ExpectedResult; e != g {
-				t.Errorf("result: expected '%v', got '%v'", e, g)
-			}
-
-			if e, g := tc.ExpectedError, err; !errors.Is(err, tc.ExpectedError) {
-				t.Errorf("err: expected '%v', got '%v'", e, g)
-			}
-		})
-	}
-}

internal/proxy/director/layer/authn/oidc/authenticator.go

@@ -1,18 +1,11 @@
 package oidc
 
 import (
-	"bytes"
 	"context"
-	"crypto/tls"
 	"fmt"
 	"net/http"
 	"net/url"
-	"slices"
-	"strings"
-	"text/template"
-	"time"
 
-	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
@@ -25,8 +18,6 @@ import (
 
 type Authenticator struct {
 	store sessions.Store
-	httpTransport     *http.Transport
-	httpClientTimeout time.Duration
 }
 
 func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer) error {
@@ -42,35 +33,21 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
 		return errors.WithStack(err)
 	}
 
-	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Proxy, layer.Name))
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
 	if err != nil {
 		logger.Error(ctx, "could not retrieve session", logger.E(errors.WithStack(err)))
 	}
 
-	loginCallbackURL, err := a.getLoginCallbackURL(originalURL, layer.Proxy, layer.Name, options)
+	redirectURL := a.getRedirectURL(layer.Proxy, layer.Name, originalURL, options)
+	logoutURL := a.getLogoutURL(layer.Proxy, layer.Name, originalURL, options)
+
+	client, err := a.getClient(options, redirectURL.String())
 	if err != nil {
 		return errors.WithStack(err)
 	}
 
-	client, err := a.getClient(options, loginCallbackURL.String())
+	switch r.URL.Path {
-	if err != nil {
+	case redirectURL.Path:
-		return errors.WithStack(err)
-	}
-
-	loginCallbackPathPattern, err := a.templatize(options.OIDC.MatchLoginCallbackPath, layer.Proxy, layer.Name)
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	logoutPathPattern, err := a.templatize(options.OIDC.MatchLogoutPath, layer.Proxy, layer.Name)
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	logger.Debug(ctx, "checking url", logger.F("loginCallbackPathPattern", loginCallbackPathPattern), logger.F("logoutPathPattern", logoutPathPattern))
-
-	switch {
-	case wildcard.Match(originalURL.Path, loginCallbackPathPattern):
 		if err := client.HandleCallback(w, r, sess); err != nil {
 			return errors.WithStack(err)
 		}
@@ -80,24 +57,11 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
 			metricLabelProxy: string(layer.Proxy),
 		}).Add(1)
 
-	case wildcard.Match(originalURL.Path, logoutPathPattern):
+	case logoutURL.Path:
-		postLogoutRedirectURL := r.URL.Query().Get("redirect")
+		postLogoutRedirectURL := options.OIDC.PostLogoutRedirectURL
-
+		if options.OIDC.PostLogoutRedirectURL == "" {
-		if postLogoutRedirectURL != "" {
-			isAuthorized := slices.Contains(options.OIDC.PostLogoutRedirectURLs, postLogoutRedirectURL)
-			if !isAuthorized {
-				http.Error(w, "unauthorized post-logout redirect", http.StatusBadRequest)
-				return errors.WithStack(authn.ErrSkipRequest)
-			}
-		}
-
-		if postLogoutRedirectURL == "" {
-			if options.OIDC.PublicBaseURL != "" {
-				postLogoutRedirectURL = options.OIDC.PublicBaseURL
-			} else {
 			postLogoutRedirectURL = originalURL.Scheme + "://" + originalURL.Host
 		}
-		}
 
 		if err := client.HandleLogout(w, r, sess, postLogoutRedirectURL); err != nil {
 			return errors.WithStack(err)
@@ -116,12 +80,17 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
 func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, layer *store.Layer) (*authn.User, error) {
 	ctx := r.Context()
 
+	originalURL, err := director.OriginalURL(ctx)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
 	options, err := fromStoreOptions(layer.Options)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 
-	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Proxy, layer.Name))
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@@ -148,27 +117,14 @@ func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, lay
 		sess.Options.SameSite = http.SameSiteDefaultMode
 	}
 
-	originalURL, err := director.OriginalURL(ctx)
+	redirectURL := a.getRedirectURL(layer.Proxy, layer.Name, originalURL, options)
+
+	client, err := a.getClient(options, redirectURL.String())
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 
-	loginCallbackURL, err := a.getLoginCallbackURL(originalURL, layer.Proxy, layer.Name, options)
+	idToken, err := client.Authenticate(w, r, sess)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	client, err := a.getClient(options, loginCallbackURL.String())
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	postLoginRedirectURL, err := a.mergeURL(originalURL, originalURL.Path, options.OIDC.PublicBaseURL, true)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	idToken, err := client.Authenticate(w, r, sess, postLoginRedirectURL.String())
 	if err != nil {
 		if errors.Is(err, ErrLoginRequired) {
 			metricLoginRequestsTotal.With(prometheus.Labels{
@@ -182,7 +138,7 @@ func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, lay
 		return nil, errors.WithStack(err)
 	}
 
-	user, err := a.toUser(originalURL, idToken, layer.Proxy, layer.Name, options, sess)
+	user, err := a.toUser(idToken, layer.Proxy, layer.Name, originalURL, options, sess)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@@ -240,7 +196,7 @@ func (c claims) AsAttrs() map[string]any {
 	return attrs
 }
 
-func (a *Authenticator) toUser(originalURL *url.URL, idToken *oidc.IDToken, proxyName store.ProxyName, layerName store.LayerName, options *LayerOptions, sess *sessions.Session) (*authn.User, error) {
+func (a *Authenticator) toUser(idToken *oidc.IDToken, proxyName store.ProxyName, layerName store.LayerName, originalURL *url.URL, options *LayerOptions, sess *sessions.Session) (*authn.User, error) {
 	var claims claims
 
 	if err := idToken.Claims(&claims); err != nil {
@@ -253,11 +209,7 @@ func (a *Authenticator) toUser(originalURL *url.URL, idToken *oidc.IDToken, prox
 
 	attrs := claims.AsAttrs()
 
-	logoutURL, err := a.getLogoutURL(originalURL, proxyName, layerName, options)
+	logoutURL := a.getLogoutURL(proxyName, layerName, originalURL, options)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
 	attrs["logout_url"] = logoutURL.String()
 
 	if accessToken, exists := sess.Values[sessionKeyAccessToken]; exists && accessToken != nil {
@@ -277,109 +229,25 @@ func (a *Authenticator) toUser(originalURL *url.URL, idToken *oidc.IDToken, prox
 	return user, nil
 }
 
-func (a *Authenticator) getLoginCallbackURL(originalURL *url.URL, proxyName store.ProxyName, layerName store.LayerName, options *LayerOptions) (*url.URL, error) {
+func (a *Authenticator) getRedirectURL(proxyName store.ProxyName, layerName store.LayerName, u *url.URL, options *LayerOptions) *url.URL {
-	path, err := a.templatize(options.OIDC.LoginCallbackPath, proxyName, layerName)
+	return &url.URL{
-	if err != nil {
+		Scheme: u.Scheme,
-		return nil, errors.WithStack(err)
+		Host:   u.Host,
-	}
+		Path:   fmt.Sprintf(options.OIDC.LoginCallbackPath, fmt.Sprintf("%s/%s", proxyName, layerName)),
-
-	merged, err := a.mergeURL(originalURL, path, options.OIDC.PublicBaseURL, false)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	return merged, nil
-}
-
-func (a *Authenticator) getLogoutURL(originalURL *url.URL, proxyName store.ProxyName, layerName store.LayerName, options *LayerOptions) (*url.URL, error) {
-	path, err := a.templatize(options.OIDC.LogoutPath, proxyName, layerName)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	merged, err := a.mergeURL(originalURL, path, options.OIDC.PublicBaseURL, true)
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	return merged, nil
-}
-
-func (a *Authenticator) mergeURL(base *url.URL, path string, overlay string, withQuery bool) (*url.URL, error) {
-	merged := &url.URL{
-		Scheme: base.Scheme,
-		Host:   base.Host,
-		Path:   path,
-	}
-
-	if withQuery {
-		merged.RawQuery = base.RawQuery
-	}
-
-	if overlay != "" {
-		overlayURL, err := url.Parse(overlay)
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		merged.Scheme = overlayURL.Scheme
-		merged.Host = overlayURL.Host
-		merged.Path = overlayURL.Path + strings.TrimPrefix(path, "/")
-
-		for key, values := range overlayURL.Query() {
-			query := merged.Query()
-			for _, v := range values {
-				query.Add(key, v)
-			}
-			merged.RawQuery = query.Encode()
 	}
 }
 
-	return merged, nil
+func (a *Authenticator) getLogoutURL(proxyName store.ProxyName, layerName store.LayerName, u *url.URL, options *LayerOptions) *url.URL {
+	return &url.URL{
+		Scheme: u.Scheme,
+		Host:   u.Host,
+		Path:   fmt.Sprintf(options.OIDC.LogoutPath, fmt.Sprintf("%s/%s", proxyName, layerName)),
 	}
-
-func (a *Authenticator) templatize(rawTemplate string, proxyName store.ProxyName, layerName store.LayerName) (string, error) {
-	tmpl, err := template.New("").Parse(rawTemplate)
-	if err != nil {
-		return "", errors.WithStack(err)
-	}
-
-	var raw bytes.Buffer
-
-	err = tmpl.Execute(&raw, struct {
-		ProxyName store.ProxyName
-		LayerName store.LayerName
-	}{
-		ProxyName: proxyName,
-		LayerName: layerName,
-	})
-	if err != nil {
-		return "", errors.WithStack(err)
-	}
-
-	return raw.String(), nil
 }
 
 func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*Client, error) {
 	ctx := context.Background()
 
-	transport := a.httpTransport.Clone()
-
-	if options.OIDC.TLSInsecureSkipVerify {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-
-		transport.TLSClientConfig.InsecureSkipVerify = true
-	}
-
-	httpClient := &http.Client{
-		Timeout:   a.httpClientTimeout,
-		Transport: transport,
-	}
-
-	ctx = oidc.ClientContext(ctx, httpClient)
-
 	if options.OIDC.SkipIssuerVerification {
 		ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
 	}
@@ -395,20 +263,13 @@ func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*C
 		WithRedirectURL(redirectURL),
 		WithScopes(options.OIDC.Scopes...),
 		WithAuthParams(options.OIDC.AuthParams),
-		WithHTTPClient(httpClient),
 	)
 
 	return client, nil
 }
 
-const defaultCookieNamePrefix = "_bouncer_authn_oidc"
+func (a *Authenticator) getCookieName(cookieName string, layerName store.LayerName) string {
-
+	return fmt.Sprintf("%s_%s", cookieName, layerName)
-func (a *Authenticator) getCookieName(cookieName string, proxyName store.ProxyName, layerName store.LayerName) string {
-	if cookieName != "" {
-		return cookieName
-	}
-
-	return strings.ToLower(fmt.Sprintf("%s_%s_%s", defaultCookieNamePrefix, proxyName, layerName))
 }
 
 var (

internal/proxy/director/layer/authn/oidc/client.go

@@ -6,6 +6,7 @@ import (
 	"net/url"
 	"strings"
 
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/dchest/uniuri"
 	"github.com/gorilla/sessions"
@@ -29,7 +30,6 @@ var (
 )
 
 type Client struct {
-	httpClient *http.Client
 	oauth2     *oauth2.Config
 	provider   *oidc.Provider
 	verifier   *oidc.IDTokenVerifier
@@ -44,12 +44,12 @@ func (c *Client) Provider() *oidc.Provider {
 	return c.provider
 }
 
-func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) (*oidc.IDToken, error) {
+func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session) (*oidc.IDToken, error) {
 	idToken, err := c.getIDToken(r, sess)
 	if err != nil {
-		logger.Warn(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
+		logger.Error(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
 
-		c.login(w, r, sess, postLoginRedirectURL)
+		c.login(w, r, sess)
 
 		return nil, errors.WithStack(ErrLoginRequired)
 	}
@@ -57,15 +57,23 @@ func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sess
 	return idToken, nil
 }
 
-func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) {
+func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Session) {
 	ctx := r.Context()
 
 	state := uniuri.New()
 	nonce := uniuri.New()
 
+	originalURL, err := director.OriginalURL(ctx)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve original url", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
 	sess.Values[sessionKeyLoginState] = state
 	sess.Values[sessionKeyLoginNonce] = nonce
-	sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
+	sess.Values[sessionKeyPostLoginRedirectURL] = originalURL.String()
 
 	if err := sess.Save(r, w); err != nil {
 		logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))
@@ -202,7 +210,6 @@ func (c *Client) sessionEndURL(idTokenHint, state, postLogoutRedirectURL string)
 
 func (c *Client) validate(r *http.Request, sess *sessions.Session) (*oauth2.Token, *oidc.IDToken, string, error) {
 	ctx := r.Context()
-	ctx = oidc.ClientContext(ctx, c.httpClient)
 
 	rawStoredState := sess.Values[sessionKeyLoginState]
 	receivedState := r.URL.Query().Get("state")
@@ -239,7 +246,7 @@ func (c *Client) validate(r *http.Request, sess *sessions.Session) (*oauth2.Toke
 func (c *Client) getRawIDToken(sess *sessions.Session) (string, error) {
 	rawIDToken, ok := sess.Values[sessionKeyIDToken].(string)
 	if !ok || rawIDToken == "" {
-		return "", errors.New("id token not found")
+		return "", errors.New("invalid id token")
 	}
 
 	return rawIDToken, nil
@@ -280,6 +287,5 @@ func NewClient(funcs ...ClientOptionFunc) *Client {
 		provider:   opts.Provider,
 		verifier:   verifier,
 		authParams: opts.AuthParams,
-		httpClient: opts.HTTPClient,
 	}
 }

internal/proxy/director/layer/authn/oidc/client_options.go

@@ -2,7 +2,6 @@ package oidc
 
 import (
 	"context"
-	"net/http"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 )
@@ -15,7 +14,6 @@ type ClientOptions struct {
 	Scopes          []string
 	AuthParams      map[string]string
 	SkipIssuerCheck bool
-	HTTPClient      *http.Client
 }
 
 type ClientOptionFunc func(*ClientOptions)
@@ -65,16 +63,9 @@ func WithProvider(provider *oidc.Provider) ClientOptionFunc {
 	}
 }
 
-func WithHTTPClient(client *http.Client) ClientOptionFunc {
-	return func(opt *ClientOptions) {
-		opt.HTTPClient = client
-	}
-}
-
 func NewClientOptions(funcs ...ClientOptionFunc) *ClientOptions {
 	opt := &ClientOptions{
 		Scopes: []string{oidc.ScopeOpenID, "profile"},
-		HTTPClient: http.DefaultClient,
 	}
 
 	for _, f := range funcs {

internal/proxy/director/layer/authn/oidc/layer-options.json

@@ -17,13 +17,9 @@
                     "title": "URL de base du fournisseur OpenID Connect (racine du .well-known/openid-configuration)",
                     "type": "string"
                 },
-                "postLogoutRedirectURLs": {
+                "postLogoutRedirectURL": {
-                    "title": "URLs de redirection après déconnexion autorisées",
+                    "title": "URL de redirection après déconnexion",
-                    "description": "La variable d'URL 'redirect=<url>' peut être utilisée pour spécifier une redirection après déconnexion.",
-                    "type": "array",
-                    "item": {
                     "type": "string"
-                    }
                 },
                 "scopes": {
                     "title": "Scopes associés au client OpenID Connect",
@@ -48,43 +44,20 @@
                 },
                 "loginCallbackPath": {
                     "title": "Chemin associé à l'URL de callback OpenID Connect",
-                    "default": "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback",
+                    "default": "/.bouncer/authn/oidc/%s/callback",
-                    "description": "Les marqueurs '{{ .ProxyName }}' et '{{ .LayerName }}'  peuvent être utilisés pour injecter le nom du proxy ainsi que celui du layer.",
+                    "description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
-                    "type": "string"
-                },
-                "matchLoginCallbackPath": {
-                    "title": "Patron de correspondance du chemin interne de callback OpenID Connect",
-                    "default": "*.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback",
-                    "description": "Les marqueurs '{{ .ProxyName }}' et '{{ .LayerName }}'  peuvent être utilisés pour injecter le nom du proxy ainsi que celui du layer.",
                     "type": "string"
                 },
                 "logoutPath": {
                     "title": "Chemin associé à l'URL de déconnexion",
-                    "default": "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout",
+                    "default": "/.bouncer/authn/oidc/%s/logout",
-                    "description": "Les marqueurs '{{ .ProxyName }}' et '{{ .LayerName }}'  peuvent être utilisés pour injecter le nom du proxy ainsi que celui du layer.",
+                    "description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
-                    "type": "string"
-                },
-                "publicBaseURL": {
-                    "title": "URL publique de base associée au service distant",
-                    "default": "",
-                    "description": "Peut être utilisé par exemple si il y a discordance de nom d'hôte ou de chemin sur les URLs publiques/internes.",
-                    "type": "string"
-                },
-                "matchLogoutPath": {
-                    "title": "Patron de correspondance du chemin interne de déconnexion",
-                    "default": "*.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout",
-                    "description": "Les marqueurs '{{ .ProxyName }}' et '{{ .LayerName }}'  peuvent être utilisés pour injecter le nom du proxy ainsi que celui du layer.",
                     "type": "string"
                 },
                 "skipIssuerVerification": {
                     "title": "Activer/désactiver la vérification de concordance de l'identifiant du fournisseur d'identité",
                     "default": false,
                     "type": "boolean"
-                },
-                "tlsInsecureSkipVerify": {
-                    "title": "Activer/désactiver la vérification du certificat TLS distant",
-                    "default": false,
-                    "type": "boolean"
                 }
             },
             "additionalProperties": false,

internal/proxy/director/layer/authn/oidc/layer.go

@@ -8,11 +8,6 @@ import (
 
 const LayerType store.LayerType = "authn-oidc"
 
-func NewLayer(store sessions.Store, funcs ...OptionFunc) *authn.Layer {
+func NewLayer(store sessions.Store) *authn.Layer {
-	opts := NewOptions(funcs...)
+	return authn.NewLayer(LayerType, &Authenticator{store: store})
-	return authn.NewLayer(LayerType, &Authenticator{
-		httpTransport:     opts.HTTPTransport,
-		httpClientTimeout: opts.HTTPClientTimeout,
-		store:             store,
-	}, opts.AuthnOptions...)
 }

internal/proxy/director/layer/authn/oidc/layer_options.go

@@ -8,6 +8,8 @@ import (
 	"github.com/pkg/errors"
 )
 
+const defaultCookieName = "_bouncer_authn_oidc"
+
 type LayerOptions struct {
 	authn.LayerOptions
 	OIDC   OIDCOptions   `mapstructure:"oidc"`
@@ -17,15 +19,11 @@ type LayerOptions struct {
 type OIDCOptions struct {
 	ClientID               string            `mapstructure:"clientId"`
 	ClientSecret           string            `mapstructure:"clientSecret"`
-	PublicBaseURL          string            `mapstructure:"publicBaseURL"`
 	LoginCallbackPath      string            `mapstructure:"loginCallbackPath"`
-	MatchLoginCallbackPath string            `mapstructure:"matchLoginCallbackPath"`
 	LogoutPath             string            `mapstructure:"logoutPath"`
-	MatchLogoutPath        string            `mapstructure:"matchLogoutPath"`
 	IssuerURL              string            `mapstructure:"issuerURL"`
 	SkipIssuerVerification bool              `mapstructure:"skipIssuerVerification"`
-	PostLogoutRedirectURLs []string          `mapstructure:"postLogoutRedirectURLs"`
+	PostLogoutRedirectURL  string            `mapstructure:"postLogoutRedirectURL"`
-	TLSInsecureSkipVerify  bool              `mapstructure:"tlsInsecureSkipVerify"`
 	Scopes                 []string          `mapstructure:"scopes"`
 	AuthParams             map[string]string `mapstructure:"authParams"`
 }
@@ -41,21 +39,15 @@ type CookieOptions struct {
 }
 
 func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
-	loginCallbackPath := ".bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback"
-	logoutPath := ".bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout"
-
 	layerOptions := LayerOptions{
 		LayerOptions: authn.DefaultLayerOptions(),
 		OIDC: OIDCOptions{
-			PublicBaseURL:          "",
+			LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
-			LoginCallbackPath:      loginCallbackPath,
+			LogoutPath:        "/.bouncer/authn/oidc/%s/logout",
-			MatchLoginCallbackPath: "*" + loginCallbackPath,
-			LogoutPath:             logoutPath,
-			MatchLogoutPath:        "*" + logoutPath,
 			Scopes:            []string{"openid"},
 		},
 		Cookie: CookieOptions{
-			Name:     "",
+			Name:     defaultCookieName,
 			Path:     "/",
 			HTTPOnly: true,
 			MaxAge:   time.Hour,

internal/proxy/director/layer/authn/oidc/options.go

@@ -1,48 +0,0 @@
-package oidc
-
-import (
-	"net/http"
-	"time"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
-)
-
-type Options struct {
-	HTTPTransport     *http.Transport
-	HTTPClientTimeout time.Duration
-	AuthnOptions      []authn.OptionFunc
-}
-
-type OptionFunc func(opts *Options)
-
-func WithHTTPTransport(transport *http.Transport) OptionFunc {
-	return func(opts *Options) {
-		opts.HTTPTransport = transport
-	}
-}
-
-func WithHTTPClientTimeout(timeout time.Duration) OptionFunc {
-	return func(opts *Options) {
-		opts.HTTPClientTimeout = timeout
-	}
-}
-
-func WithAuthnOptions(funcs ...authn.OptionFunc) OptionFunc {
-	return func(opts *Options) {
-		opts.AuthnOptions = funcs
-	}
-}
-
-func NewOptions(funcs ...OptionFunc) *Options {
-	opts := &Options{
-		HTTPTransport:     http.DefaultTransport.(*http.Transport),
-		HTTPClientTimeout: 30 * time.Second,
-		AuthnOptions:      make([]authn.OptionFunc, 0),
-	}
-
-	for _, fn := range funcs {
-		fn(opts)
-	}
-
-	return opts
-}

internal/proxy/director/layer/authn/options.go

@@ -2,7 +2,6 @@ package authn
 
 type Options struct {
 	TemplateDir string
-	Debug       bool
 }
 
 type OptionFunc func(*Options)
@@ -10,7 +9,6 @@ type OptionFunc func(*Options)
 func NewOptions(funcs ...OptionFunc) *Options {
 	opts := &Options{
 		TemplateDir: "./templates",
-		Debug:       false,
 	}
 
 	for _, fn := range funcs {
@@ -25,9 +23,3 @@ func WithTemplateDir(templateDir string) OptionFunc {
 		o.TemplateDir = templateDir
 	}
 }
-
-func WithDebug(debug bool) OptionFunc {
-	return func(o *Options) {
-		o.Debug = debug
-	}
-}

internal/proxy/director/layer/authn/rules.go

@@ -1,16 +1,70 @@
 package authn
 
 import (
+	"fmt"
 	"net/http"
+	"strconv"
+	"strings"
+	"time"
 
-	"forge.cadoles.com/cadoles/bouncer/internal/rule"
+	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
 	"github.com/expr-lang/expr"
 	"github.com/pkg/errors"
 )
 
-type Env struct {
+func (l *Layer) getHeaderRuleOptions(r *http.Request) []expr.Option {
-	User *User `expr:"user"`
+	options := make([]expr.Option, 0)
+
+	setHeader := expr.Function(
+		"set_header",
+		func(params ...any) (any, error) {
+			name := params[0].(string)
+			rawValue := params[1]
+
+			var value string
+			switch v := rawValue.(type) {
+			case []string:
+				value = strings.Join(v, ",")
+			case time.Time:
+				value = strconv.FormatInt(v.UTC().Unix(), 10)
+			case time.Duration:
+				value = strconv.FormatInt(int64(v.Seconds()), 10)
+			default:
+				value = fmt.Sprintf("%v", rawValue)
+			}
+
+			r.Header.Set(name, value)
+
+			return true, nil
+		},
+		new(func(string, string) bool),
+	)
+
+	options = append(options, setHeader)
+
+	delHeaders := expr.Function(
+		"del_headers",
+		func(params ...any) (any, error) {
+			pattern := params[0].(string)
+			deleted := false
+
+			for key := range r.Header {
+				if !wildcard.Match(key, pattern) {
+					continue
+				}
+
+				r.Header.Del(key)
+				deleted = true
+			}
+
+			return deleted, nil
+		},
+		new(func(string) bool),
+	)
+
+	options = append(options, delHeaders)
+
+	return options
 }
 
 func (l *Layer) applyRules(r *http.Request, options *LayerOptions, user *User) error {
@@ -19,39 +73,38 @@ func (l *Layer) applyRules(r *http.Request, options *LayerOptions, user *User) e
 		return nil
 	}
 
-	engine, err := rule.NewEngine[*Env](
+	env := map[string]any{
-		rule.WithRules(options.Rules...),
+		"user": user,
-		rule.WithExpr(getAuthnAPI()...),
-		ruleHTTP.WithRequestFuncs(r),
-	)
-	if err != nil {
-		return errors.WithStack(err)
 	}
 
-	env := &Env{
+	rulesOptions := l.getHeaderRuleOptions(r)
-		User: user,
-	}
 
-	if _, err := engine.Apply(env); err != nil {
+	var ruleErr error
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
-func getAuthnAPI() []expr.Option {
-	options := make([]expr.Option, 0)
-
-	// forbidden() allows the layer to hijack the current request and return a 403 Forbidden HTTP status
 	forbidden := expr.Function(
 		"forbidden",
 		func(params ...any) (any, error) {
-			return true, errors.WithStack(ErrForbidden)
+			ruleErr = errors.WithStack(ErrForbidden)
+			return true, nil
 		},
 		new(func() bool),
 	)
 
-	options = append(options, forbidden)
+	rulesOptions = append(rulesOptions, forbidden)
 
-	return options
+	for i, r := range rules {
+		program, err := expr.Compile(r, rulesOptions...)
+		if err != nil {
+			return errors.Wrapf(err, "could not compile rule #%d", i)
+		}
+
+		if _, err := expr.Run(program, env); err != nil {
+			return errors.Wrapf(err, "could not execute rule #%d", i)
+		}
+
+		if ruleErr != nil {
+			return errors.WithStack(ruleErr)
+		}
+	}
+
+	return nil
 }

internal/proxy/director/layer/queue/adapter.go

@@ -10,10 +10,7 @@ type Status struct {
 }
 
 type Adapter interface {
-	// Touch updates the session TTL and returns its current rank
 	Touch(ctx context.Context, queueName string, sessionId string) (int64, error)
-	// Status returns the queue current status
 	Status(ctx context.Context, queueName string) (*Status, error)
-	// Refresh forces a refresh of the queue, taking into account the given TTL for sessions
 	Refresh(ctx context.Context, queueName string, keepAlive time.Duration) error
 }

internal/proxy/director/layer/rewriter/layer-options.json

@@ -1,38 +0,0 @@
-{
-    "type": "object",
-    "properties": {
-        "rules": {
-            "title": "Règles appliquées aux requêtes/réponses transitant par le proxy",
-            "type": "object",
-            "properties": {
-                "request": {
-                    "title": "Règles appliquées aux requêtes transitant par le proxy",
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                },
-                "response": {
-                    "title": "Règles appliquées aux réponses transitant par le proxy",
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-            },
-            "additionalProperties": false
-        },
-        "matchURLs": {
-            "title": "Liste de filtrage des URLs sur lesquelles le layer est actif",
-            "description": "Par exemple, si vous souhaitez limiter votre layer à l'ensemble d'une section '`/blog`' d'un site, vous pouvez déclarer la valeur `['*/blog*']`. Les autres URLs du site ne seront pas affectées par ce layer.",
-            "default": [
-                "*"
-            ],
-            "type": "array",
-            "items": {
-                "type": "string"
-            }
-        }
-    },
-    "additionalProperties": false
-}

internal/proxy/director/layer/rewriter/layer.go

@@ -1,84 +0,0 @@
-package rewriter
-
-import (
-	"net/http"
-
-	proxy "forge.cadoles.com/Cadoles/go-proxy"
-	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"github.com/pkg/errors"
-	"gitlab.com/wpetit/goweb/logger"
-)
-
-const LayerType store.LayerType = "rewriter"
-
-type Layer struct{}
-
-func (l *Layer) LayerType() store.LayerType {
-	return LayerType
-}
-
-func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
-	return func(next http.Handler) http.Handler {
-		fn := func(w http.ResponseWriter, r *http.Request) {
-			ctx := r.Context()
-
-			options, err := fromStoreOptions(layer.Options)
-			if err != nil {
-				logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err)))
-				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-				return
-			}
-
-			matches := wildcard.MatchAny(r.URL.String(), options.MatchURLs...)
-			if !matches {
-				next.ServeHTTP(w, r)
-
-				return
-			}
-
-			if err := l.applyRequestRules(r, options); err != nil {
-				logger.Error(ctx, "could not apply request rules", logger.E(errors.WithStack(err)))
-				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-				return
-			}
-
-			next.ServeHTTP(w, r)
-		}
-
-		return http.HandlerFunc(fn)
-	}
-}
-
-// ResponseTransformer implements director.ResponseTransformerLayer.
-func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransformer {
-	return func(r *http.Response) error {
-		options, err := fromStoreOptions(layer.Options)
-		if err != nil {
-			return errors.WithStack(err)
-		}
-
-		matches := wildcard.MatchAny(r.Request.URL.String(), options.MatchURLs...)
-		if !matches {
-			return nil
-		}
-
-		if err := l.applyResponseRules(r, options); err != nil {
-			return errors.WithStack(err)
-		}
-
-		return nil
-	}
-}
-
-func New() *Layer {
-	return &Layer{}
-}
-
-var (
-	_ director.MiddlewareLayer          = &Layer{}
-	_ director.ResponseTransformerLayer = &Layer{}
-)

internal/proxy/director/layer/rewriter/layer_options.go

@@ -1,56 +0,0 @@
-package rewriter
-
-import (
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"github.com/mitchellh/mapstructure"
-	"github.com/pkg/errors"
-)
-
-type LayerOptions struct {
-	MatchURLs []string `mapstructure:"matchURLs"`
-	Rules     Rules    `mapstructure:"rules"`
-}
-
-type Rules struct {
-	Request  []string `mapstructure:"request"`
-	Response []string `mapstructure:"response"`
-}
-
-func DefaultLayerOptions() LayerOptions {
-	return LayerOptions{
-		MatchURLs: []string{"*"},
-		Rules: Rules{
-			Request:  []string{},
-			Response: []string{},
-		},
-	}
-
-}
-
-func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
-	layerOptions := DefaultLayerOptions()
-
-	if err := FromStoreOptions(storeOptions, &layerOptions); err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	return &layerOptions, nil
-}
-
-func FromStoreOptions(storeOptions store.LayerOptions, dest any) error {
-	config := mapstructure.DecoderConfig{
-		Result:     dest,
-		ZeroFields: true,
-	}
-
-	decoder, err := mapstructure.NewDecoder(&config)
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	if err := decoder.Decode(storeOptions); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}

internal/proxy/director/layer/rewriter/rules.go

@@ -1,133 +0,0 @@
-package rewriter
-
-import (
-	"net/http"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/rule"
-	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
-	"github.com/pkg/errors"
-)
-
-type RequestEnv struct {
-	Request RequestInfo `expr:"request"`
-}
-
-type RequestInfo struct {
-	Method           string              `expr:"method"`
-	URL              string              `expr:"url"`
-	Proto            string              `expr:"proto"`
-	ProtoMajor       int                 `expr:"protoMajor"`
-	ProtoMinor       int                 `expr:"protoMinor"`
-	Header           map[string][]string `expr:"header"`
-	ContentLength    int64               `expr:"contentLength"`
-	TransferEncoding []string            `expr:"transferEncoding"`
-	Host             string              `expr:"host"`
-	Trailer          map[string][]string `expr:"trailer"`
-	RemoteAddr       string              `expr:"remoteAddr"`
-	RequestURI       string              `expr:"requestUri"`
-}
-
-func (l *Layer) applyRequestRules(r *http.Request, options *LayerOptions) error {
-	rules := options.Rules.Request
-	if len(rules) == 0 {
-		return nil
-	}
-
-	engine, err := rule.NewEngine[*RequestEnv](
-		ruleHTTP.WithRequestFuncs(r),
-		rule.WithRules(options.Rules.Request...),
-	)
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	env := &RequestEnv{
-		Request: RequestInfo{
-			Method:           r.Method,
-			URL:              r.URL.String(),
-			Proto:            r.Proto,
-			ProtoMajor:       r.ProtoMajor,
-			ProtoMinor:       r.ProtoMinor,
-			Header:           r.Header,
-			ContentLength:    r.ContentLength,
-			TransferEncoding: r.TransferEncoding,
-			Host:             r.Host,
-			Trailer:          r.Trailer,
-			RemoteAddr:       r.RemoteAddr,
-			RequestURI:       r.RequestURI,
-		},
-	}
-
-	if _, err := engine.Apply(env); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
-type ResponseEnv struct {
-	Request  RequestInfo  `expr:"request"`
-	Response ResponseInfo `expr:"response"`
-}
-
-type ResponseInfo struct {
-	Status           string              `expr:"status"`
-	StatusCode       int                 `expr:"statusCode"`
-	Proto            string              `expr:"proto"`
-	ProtoMajor       int                 `expr:"protoMajor"`
-	ProtoMinor       int                 `expr:"protoMinor"`
-	Header           map[string][]string `expr:"header"`
-	ContentLength    int64               `expr:"contentLength"`
-	TransferEncoding []string            `expr:"transferEncoding"`
-	Uncompressed     bool                `expr:"uncompressed"`
-	Trailer          map[string][]string `expr:"trailer"`
-}
-
-func (l *Layer) applyResponseRules(r *http.Response, options *LayerOptions) error {
-	rules := options.Rules.Request
-	if len(rules) == 0 {
-		return nil
-	}
-
-	engine, err := rule.NewEngine[*ResponseEnv](
-		rule.WithRules(options.Rules.Response...),
-		ruleHTTP.WithResponseFuncs(r),
-	)
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	env := &ResponseEnv{
-		Request: RequestInfo{
-			Method:           r.Request.Method,
-			URL:              r.Request.URL.String(),
-			Proto:            r.Request.Proto,
-			ProtoMajor:       r.Request.ProtoMajor,
-			ProtoMinor:       r.Request.ProtoMinor,
-			Header:           r.Request.Header,
-			ContentLength:    r.Request.ContentLength,
-			TransferEncoding: r.Request.TransferEncoding,
-			Host:             r.Request.Host,
-			Trailer:          r.Request.Trailer,
-			RemoteAddr:       r.Request.RemoteAddr,
-			RequestURI:       r.Request.RequestURI,
-		},
-		Response: ResponseInfo{
-			Proto:            r.Proto,
-			ProtoMajor:       r.ProtoMajor,
-			ProtoMinor:       r.ProtoMinor,
-			Header:           r.Header,
-			ContentLength:    r.ContentLength,
-			TransferEncoding: r.TransferEncoding,
-			Trailer:          r.Trailer,
-			Status:           r.Status,
-			StatusCode:       r.StatusCode,
-		},
-	}
-
-	if _, err := engine.Apply(env); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}

internal/proxy/director/layer/rewriter/schema.go

@@ -1,8 +0,0 @@
-package rewriter
-
-import (
-	_ "embed"
-)
-
-//go:embed layer-options.json
-var RawLayerOptionsSchema []byte

internal/proxy/director/options.go

@@ -1,58 +0,0 @@
-package director
-
-import (
-	"time"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/cache"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-)
-
-type Options struct {
-	Layers     []Layer
-	ProxyCache cache.Cache[string, []*store.Proxy]
-	LayerCache cache.Cache[string, []*store.Layer]
-}
-
-type OptionFunc func(opts *Options)
-
-func NewOptions(funcs ...OptionFunc) *Options {
-	opts := &Options{
-		Layers: make([]Layer, 0),
-		ProxyCache: ttl.NewCache(
-			memory.NewCache[string, []*store.Proxy](),
-			memory.NewCache[string, time.Time](),
-			30*time.Second,
-		),
-		LayerCache: ttl.NewCache(
-			memory.NewCache[string, []*store.Layer](),
-			memory.NewCache[string, time.Time](),
-			30*time.Second,
-		),
-	}
-
-	for _, fn := range funcs {
-		fn(opts)
-	}
-
-	return opts
-}
-
-func WithLayers(layers ...Layer) OptionFunc {
-	return func(opts *Options) {
-		opts.Layers = layers
-	}
-}
-
-func WithProxyCache(cache cache.Cache[string, []*store.Proxy]) OptionFunc {
-	return func(opts *Options) {
-		opts.ProxyCache = cache
-	}
-}
-
-func WithLayerCache(cache cache.Cache[string, []*store.Layer]) OptionFunc {
-	return func(opts *Options) {
-		opts.LayerCache = cache
-	}
-}

internal/proxy/option.go

@@ -1,8 +1,6 @@
 package proxy
 
 import (
-	"time"
-
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 )
@@ -11,7 +9,6 @@ type Option struct {
 	ServerConfig   config.ProxyServerConfig
 	RedisConfig    config.RedisConfig
 	DirectorLayers []director.Layer
-	DirectorCacheTTL time.Duration
 }
 
 type OptionFunc func(*Option)
@@ -21,7 +18,6 @@ func defaultOption() *Option {
 		ServerConfig:   config.NewDefaultProxyServerConfig(),
 		RedisConfig:    config.NewDefaultRedisConfig(),
 		DirectorLayers: make([]director.Layer, 0),
-		DirectorCacheTTL: 30 * time.Second,
 	}
 }
 
@@ -42,9 +38,3 @@ func WithDirectorLayers(layers ...director.Layer) OptionFunc {
 		opt.DirectorLayers = layers
 	}
 }
-
-func WithDirectorCacheTTL(ttl time.Duration) OptionFunc {
-	return func(opt *Option) {
-		opt.DirectorCacheTTL = ttl
-	}
-}

internal/proxy/proxy_test.go

@@ -1,156 +0,0 @@
-package proxy_test
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"testing"
-	"time"
-
-	"forge.cadoles.com/Cadoles/go-proxy"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	redisStore "forge.cadoles.com/cadoles/bouncer/internal/store/redis"
-	"github.com/pkg/errors"
-	"github.com/redis/go-redis/v9"
-)
-
-func BenchmarkProxy(b *testing.B) {
-	redisEndpoint := os.Getenv("BOUNCER_BENCH_REDIS_ADDR")
-	if redisEndpoint == "" {
-		redisEndpoint = "127.0.0.1:6379"
-	}
-
-	client := redis.NewUniversalClient(&redis.UniversalOptions{
-		Addrs: []string{redisEndpoint},
-	})
-
-	proxyRepository := redisStore.NewProxyRepository(client)
-	layerRepository := redisStore.NewLayerRepository(client)
-
-	backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		if _, err := w.Write([]byte("Hello, world.")); err != nil {
-			b.Logf("[ERROR] %+v", errors.WithStack(err))
-		}
-	}))
-	defer backend.Close()
-
-	if err := waitFor(backend.URL, 5*time.Second); err != nil {
-		b.Fatalf("[FATAL] %+v", errors.WithStack(err))
-	}
-
-	b.Logf("started backend '%s'", backend.URL)
-
-	ctx := context.Background()
-
-	proxyName := store.ProxyName(b.Name())
-
-	b.Logf("creating proxy '%s'", proxyName)
-
-	if err := proxyRepository.DeleteProxy(ctx, proxyName); err != nil {
-		b.Fatalf("[FATAL] %+v", errors.WithStack(err))
-	}
-
-	if _, err := proxyRepository.CreateProxy(ctx, proxyName, backend.URL, "*"); err != nil {
-		b.Fatalf("[FATAL] %+v", errors.WithStack(err))
-	}
-
-	if _, err := proxyRepository.UpdateProxy(ctx, proxyName, store.WithProxyUpdateEnabled(true)); err != nil {
-		b.Fatalf("[FATAL] %+v", errors.WithStack(err))
-	}
-
-	director := director.New(
-		proxyRepository, layerRepository,
-		director.WithLayerCache(
-			ttl.NewCache(
-				memory.NewCache[string, []*store.Layer](),
-				memory.NewCache[string, time.Time](),
-				30*time.Second,
-			),
-		),
-		director.WithProxyCache(
-			ttl.NewCache(
-				memory.NewCache[string, []*store.Proxy](),
-				memory.NewCache[string, time.Time](),
-				30*time.Second,
-			),
-		),
-	)
-
-	directorMiddleware := director.Middleware()
-
-	handler := proxy.New(
-		proxy.WithRequestTransformers(
-			director.RequestTransformer(),
-		),
-		proxy.WithResponseTransformers(
-			director.ResponseTransformer(),
-		),
-		proxy.WithReverseProxyFactory(func(ctx context.Context, target *url.URL) *httputil.ReverseProxy {
-			reverse := httputil.NewSingleHostReverseProxy(target)
-			reverse.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
-				b.Logf("[ERROR] %s", errors.WithStack(err))
-			}
-			return reverse
-		}),
-	)
-
-	server := httptest.NewServer(directorMiddleware(handler))
-	defer server.Close()
-
-	b.Logf("started proxy '%s'", server.URL)
-
-	httpClient := server.Client()
-
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		res, err := httpClient.Get(server.URL)
-		if err != nil {
-			b.Errorf("could not fetch server url: %+v", errors.WithStack(err))
-		}
-
-		body, err := io.ReadAll(res.Body)
-		if err != nil {
-			b.Errorf("could not read response body: %+v", errors.WithStack(err))
-		}
-
-		b.Logf("%s - %v", res.Status, string(body))
-
-		if err := res.Body.Close(); err != nil {
-			b.Errorf("could not close response body: %+v", errors.WithStack(err))
-		}
-	}
-}
-
-func waitFor(url string, ttl time.Duration) error {
-	var lastErr error
-	timeout := time.After(ttl)
-	for {
-		select {
-		case <-timeout:
-			if lastErr != nil {
-				return lastErr
-			}
-
-			return errors.New("wait timed out")
-		default:
-			res, err := http.Get(url)
-			if err != nil {
-				lastErr = errors.WithStack(err)
-				continue
-			}
-
-			if res.StatusCode >= 200 && res.StatusCode < 400 {
-				return nil
-			}
-		}
-	}
-}

internal/proxy/server.go

@@ -3,25 +3,18 @@ package proxy
 import (
 	"context"
 	"fmt"
-	"html/template"
 	"log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
-	"path/filepath"
-	"strconv"
 	"time"
 
 	"forge.cadoles.com/Cadoles/go-proxy"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
-	"forge.cadoles.com/cadoles/bouncer/internal/cache/ttl"
 	bouncerChi "forge.cadoles.com/cadoles/bouncer/internal/chi"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
-
-	"github.com/Masterminds/sprig/v3"
 	"github.com/getsentry/sentry-go"
 	sentryhttp "github.com/getsentry/sentry-go/http"
 	"github.com/go-chi/chi/v5"
@@ -35,7 +28,6 @@ type Server struct {
 	serverConfig    config.ProxyServerConfig
 	redisConfig     config.RedisConfig
 	directorLayers  []director.Layer
-	directorCacheTTL time.Duration
 	proxyRepository store.ProxyRepository
 	layerRepository store.LayerRepository
 }
@@ -94,21 +86,7 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 	director := director.New(
 		s.proxyRepository,
 		s.layerRepository,
-		director.WithLayers(s.directorLayers...),
+		s.directorLayers...,
-		director.WithLayerCache(
-			ttl.NewCache(
-				memory.NewCache[string, []*store.Layer](),
-				memory.NewCache[string, time.Time](),
-				s.directorCacheTTL,
-			),
-		),
-		director.WithProxyCache(
-			ttl.NewCache(
-				memory.NewCache[string, []*store.Proxy](),
-				memory.NewCache[string, time.Time](),
-				s.directorCacheTTL,
-			),
-		),
 	)
 
 	if s.serverConfig.HTTP.UseRealIP {
@@ -181,10 +159,26 @@ func (s *Server) createReverseProxy(ctx context.Context, target *url.URL) *httpu
 		DualStack:     bool(dialConfig.DualStack),
 	}
 
-	httpTransport := s.serverConfig.Transport.AsTransport()
+	transportConfig := s.serverConfig.Transport
-	httpTransport.DialContext = dialer.DialContext
+
+	reverseProxy.Transport = &http.Transport{
+		Proxy:                  http.ProxyFromEnvironment,
+		DialContext:            dialer.DialContext,
+		ForceAttemptHTTP2:      bool(transportConfig.ForceAttemptHTTP2),
+		MaxIdleConns:           int(transportConfig.MaxIdleConns),
+		MaxIdleConnsPerHost:    int(transportConfig.MaxIdleConnsPerHost),
+		MaxConnsPerHost:        int(transportConfig.MaxConnsPerHost),
+		IdleConnTimeout:        time.Duration(*transportConfig.IdleConnTimeout),
+		TLSHandshakeTimeout:    time.Duration(*transportConfig.TLSHandshakeTimeout),
+		ExpectContinueTimeout:  time.Duration(*transportConfig.ExpectContinueTimeout),
+		DisableKeepAlives:      bool(transportConfig.DisableKeepAlives),
+		DisableCompression:     bool(transportConfig.DisableCompression),
+		ResponseHeaderTimeout:  time.Duration(*transportConfig.ResponseHeaderTimeout),
+		WriteBufferSize:        int(transportConfig.WriteBufferSize),
+		ReadBufferSize:         int(transportConfig.ReadBufferSize),
+		MaxResponseHeaderBytes: int64(transportConfig.MaxResponseHeaderBytes),
+	}
 
-	reverseProxy.Transport = httpTransport
 	reverseProxy.ErrorHandler = s.errorHandler
 
 	return reverseProxy
@@ -196,63 +190,7 @@ func (s *Server) errorHandler(w http.ResponseWriter, r *http.Request, err error)
 	logger.Error(r.Context(), "proxy error", logger.E(err))
 	sentry.CaptureException(err)
 
-	s.renderErrorPage(w, r, err, http.StatusBadGateway, http.StatusText(http.StatusBadGateway))
-}
-
-func (s *Server) renderErrorPage(w http.ResponseWriter, r *http.Request, err error, statusCode int, status string) {
-	templateData := struct {
-		StatusCode int
-		Status     string
-		Err        error
-		Debug      bool
-	}{
-		Debug:      bool(s.serverConfig.Debug),
-		StatusCode: statusCode,
-		Status:     status,
-		Err:        err,
-	}
-
-	w.WriteHeader(statusCode)
-	s.renderPage(w, r, "error", strconv.FormatInt(int64(statusCode), 10), templateData)
-}
-
-func (s *Server) renderPage(w http.ResponseWriter, r *http.Request, page string, block string, templateData any) {
-	ctx := r.Context()
-
-	templatesConf := s.serverConfig.Templates
-
-	pattern := filepath.Join(string(templatesConf.Dir), page+".gohtml")
-
-	logger.Info(ctx, "loading proxy templates", logger.F("pattern", pattern))
-
-	tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
-	if err != nil {
-		logger.Error(ctx, "could not load proxy templates", logger.E(errors.WithStack(err)))
 	http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-		return
-	}
-
-	w.Header().Add("Cache-Control", "no-cache")
-
-	blockTmpl := tmpl.Lookup(block)
-	if blockTmpl == nil {
-		blockTmpl = tmpl.Lookup("default")
-	}
-
-	if blockTmpl == nil {
-		logger.Error(ctx, "could not find template block nor default one", logger.F("block", block))
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-		return
-	}
-
-	if err := blockTmpl.Execute(w, templateData); err != nil {
-		logger.Error(ctx, "could not render proxy page", logger.E(errors.WithStack(err)))
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-		return
-	}
 }
 
 func NewServer(funcs ...OptionFunc) *Server {
@@ -265,6 +203,5 @@ func NewServer(funcs ...OptionFunc) *Server {
 		serverConfig:   opt.ServerConfig,
 		redisConfig:    opt.RedisConfig,
 		directorLayers: opt.DirectorLayers,
-		directorCacheTTL: opt.DirectorCacheTTL,
 	}
 }

internal/rule/engine.go

@@ -1,44 +0,0 @@
-package rule
-
-import (
-	"github.com/expr-lang/expr"
-	"github.com/expr-lang/expr/vm"
-	"github.com/pkg/errors"
-)
-
-type Engine[E any] struct {
-	rules []*vm.Program
-}
-
-func (e *Engine[E]) Apply(env E) ([]any, error) {
-	results := make([]any, 0, len(e.rules))
-	for i, r := range e.rules {
-		result, err := expr.Run(r, env)
-		if err != nil {
-			return nil, errors.Wrapf(err, "could not run rule #%d", i)
-		}
-
-		results = append(results, result)
-	}
-
-	return results, nil
-}
-
-func NewEngine[E any](funcs ...OptionFunc) (*Engine[E], error) {
-	opts := NewOptions(funcs...)
-
-	engine := &Engine[E]{
-		rules: make([]*vm.Program, 0, len(opts.Rules)),
-	}
-
-	for i, r := range opts.Rules {
-		program, err := expr.Compile(r, opts.Expr...)
-		if err != nil {
-			return nil, errors.Wrapf(err, "could not compile rule #%d", i)
-		}
-
-		engine.rules = append(engine.rules, program)
-	}
-
-	return engine, nil
-}

internal/rule/http/option.go

@@ -1,42 +0,0 @@
-package http
-
-import (
-	"net/http"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/rule"
-	"github.com/expr-lang/expr"
-)
-
-func WithRequestFuncs(r *http.Request) rule.OptionFunc {
-	return func(opts *rule.Options) {
-		funcs := []expr.Option{
-			setRequestURL(r),
-			setRequestHeaderFunc(r),
-			addRequestHeaderFunc(r),
-			delRequestHeadersFunc(r),
-			setRequestHostFunc(r),
-		}
-
-		if len(opts.Expr) == 0 {
-			opts.Expr = make([]expr.Option, 0)
-		}
-
-		opts.Expr = append(opts.Expr, funcs...)
-	}
-}
-
-func WithResponseFuncs(r *http.Response) rule.OptionFunc {
-	return func(opts *rule.Options) {
-		funcs := []expr.Option{
-			setResponseHeaderFunc(r),
-			addResponseHeaderFunc(r),
-			delResponseHeadersFunc(r),
-		}
-
-		if len(opts.Expr) == 0 {
-			opts.Expr = make([]expr.Option, 0)
-		}
-
-		opts.Expr = append(opts.Expr, funcs...)
-	}
-}

internal/rule/http/request.go

@@ -1,122 +0,0 @@
-package http
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"github.com/expr-lang/expr"
-	"github.com/pkg/errors"
-)
-
-func setRequestHostFunc(r *http.Request) expr.Option {
-	return expr.Function(
-		"set_host",
-		func(params ...any) (any, error) {
-			host := params[0].(string)
-			r.Host = host
-
-			return true, nil
-		},
-		new(func(string) bool),
-	)
-}
-
-func setRequestURL(r *http.Request) expr.Option {
-	return expr.Function(
-		"set_url",
-		func(params ...any) (any, error) {
-			rawURL := params[0].(string)
-
-			url, err := url.Parse(rawURL)
-			if err != nil {
-				return false, errors.WithStack(err)
-			}
-
-			r.URL = url
-
-			return true, nil
-		},
-		new(func(string) bool),
-	)
-}
-
-func addRequestHeaderFunc(r *http.Request) expr.Option {
-	return expr.Function(
-		"add_header",
-		func(params ...any) (any, error) {
-			name := params[0].(string)
-			rawValue := params[1]
-
-			var value string
-			switch v := rawValue.(type) {
-			case []string:
-				value = strings.Join(v, ",")
-			case time.Time:
-				value = strconv.FormatInt(v.UTC().Unix(), 10)
-			case time.Duration:
-				value = strconv.FormatInt(int64(v.Seconds()), 10)
-			default:
-				value = fmt.Sprintf("%v", rawValue)
-			}
-
-			r.Header.Add(name, value)
-
-			return true, nil
-		},
-		new(func(string, string) bool),
-	)
-}
-
-func setRequestHeaderFunc(r *http.Request) expr.Option {
-	return expr.Function(
-		"set_header",
-		func(params ...any) (any, error) {
-			name := params[0].(string)
-			rawValue := params[1]
-
-			var value string
-			switch v := rawValue.(type) {
-			case []string:
-				value = strings.Join(v, ",")
-			case time.Time:
-				value = strconv.FormatInt(v.UTC().Unix(), 10)
-			case time.Duration:
-				value = strconv.FormatInt(int64(v.Seconds()), 10)
-			default:
-				value = fmt.Sprintf("%v", rawValue)
-			}
-
-			r.Header.Set(name, value)
-
-			return true, nil
-		},
-		new(func(string, string) bool),
-	)
-}
-
-func delRequestHeadersFunc(r *http.Request) expr.Option {
-	return expr.Function(
-		"del_headers",
-		func(params ...any) (any, error) {
-			pattern := params[0].(string)
-			deleted := false
-
-			for key := range r.Header {
-				if !wildcard.Match(key, pattern) {
-					continue
-				}
-
-				r.Header.Del(key)
-				deleted = true
-			}
-
-			return deleted, nil
-		},
-		new(func(string) bool),
-	)
-}

internal/rule/http/response.go

@@ -1,88 +0,0 @@
-package http
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"github.com/expr-lang/expr"
-)
-
-func addResponseHeaderFunc(r *http.Response) expr.Option {
-	return expr.Function(
-		"add_header",
-		func(params ...any) (any, error) {
-			name := params[0].(string)
-			rawValue := params[1]
-
-			var value string
-			switch v := rawValue.(type) {
-			case []string:
-				value = strings.Join(v, ",")
-			case time.Time:
-				value = strconv.FormatInt(v.UTC().Unix(), 10)
-			case time.Duration:
-				value = strconv.FormatInt(int64(v.Seconds()), 10)
-			default:
-				value = fmt.Sprintf("%v", rawValue)
-			}
-
-			r.Header.Add(name, value)
-
-			return true, nil
-		},
-		new(func(string, string) bool),
-	)
-}
-
-func setResponseHeaderFunc(r *http.Response) expr.Option {
-	return expr.Function(
-		"set_header",
-		func(params ...any) (any, error) {
-			name := params[0].(string)
-			rawValue := params[1]
-
-			var value string
-			switch v := rawValue.(type) {
-			case []string:
-				value = strings.Join(v, ",")
-			case time.Time:
-				value = strconv.FormatInt(v.UTC().Unix(), 10)
-			case time.Duration:
-				value = strconv.FormatInt(int64(v.Seconds()), 10)
-			default:
-				value = fmt.Sprintf("%v", rawValue)
-			}
-
-			r.Header.Set(name, value)
-
-			return true, nil
-		},
-		new(func(string, string) bool),
-	)
-}
-
-func delResponseHeadersFunc(r *http.Response) expr.Option {
-	return expr.Function(
-		"del_headers",
-		func(params ...any) (any, error) {
-			pattern := params[0].(string)
-			deleted := false
-
-			for key := range r.Header {
-				if !wildcard.Match(key, pattern) {
-					continue
-				}
-
-				r.Header.Del(key)
-				deleted = true
-			}
-
-			return deleted, nil
-		},
-		new(func(string) bool),
-	)
-}

internal/rule/options.go

@@ -1,35 +0,0 @@
-package rule
-
-import "github.com/expr-lang/expr"
-
-type Options struct {
-	Rules []string
-	Expr  []expr.Option
-}
-
-type OptionFunc func(opts *Options)
-
-func NewOptions(funcs ...OptionFunc) *Options {
-	opts := &Options{
-		Expr:  make([]expr.Option, 0),
-		Rules: make([]string, 0),
-	}
-
-	for _, fn := range funcs {
-		fn(opts)
-	}
-
-	return opts
-}
-
-func WithRules(rules ...string) OptionFunc {
-	return func(opts *Options) {
-		opts.Rules = rules
-	}
-}
-
-func WithExpr(options ...expr.Option) OptionFunc {
-	return func(opts *Options) {
-		opts.Expr = options
-	}
-}

internal/setup/authn_basic_layer.go

@@ -21,7 +21,6 @@ func init() {
 func setupAuthnBasicLayer(conf *config.Config) (director.Layer, error) {
 	options := []authn.OptionFunc{
 		authn.WithTemplateDir(string(conf.Layers.Authn.TemplateDir)),
-		authn.WithDebug(bool(conf.Layers.Authn.Debug)),
 	}
 
 	return basic.NewLayer(options...), nil

internal/setup/authn_network_layer.go

@@ -21,7 +21,6 @@ func init() {
 func setupAuthnNetworkLayer(conf *config.Config) (director.Layer, error) {
 	options := []authn.OptionFunc{
 		authn.WithTemplateDir(string(conf.Layers.Authn.TemplateDir)),
-		authn.WithDebug(bool(conf.Layers.Authn.Debug)),
 	}
 
 	return network.NewLayer(options...), nil

internal/setup/authn_oidc_layer.go

@@ -1,8 +1,6 @@
 package setup
 
 import (
-	"time"
-
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
@@ -27,15 +25,5 @@ func setupAuthnOIDCLayer(conf *config.Config) (director.Layer, error) {
 	adapter := redis.NewStoreAdapter(rdb)
 	store := session.NewStore(adapter)
 
-	transport := conf.Layers.Authn.OIDC.HTTPClient.AsTransport()
+	return oidc.NewLayer(store), nil
-
-	return oidc.NewLayer(
-		store,
-		oidc.WithHTTPTransport(transport),
-		oidc.WithHTTPClientTimeout(time.Duration(*conf.Layers.Authn.OIDC.HTTPClient.Timeout)),
-		oidc.WithAuthnOptions(
-			authn.WithTemplateDir(string(conf.Layers.Authn.TemplateDir)),
-			authn.WithDebug(bool(conf.Layers.Authn.Debug)),
-		),
-	), nil
 }

internal/setup/rewriter_layer.go

@@ -1,15 +0,0 @@
-package setup
-
-import (
-	"forge.cadoles.com/cadoles/bouncer/internal/config"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/rewriter"
-)
-
-func init() {
-	RegisterLayer(rewriter.LayerType, setupRewriterLayer, rewriter.RawLayerOptionsSchema)
-}
-
-func setupRewriterLayer(conf *config.Config) (director.Layer, error) {
-	return rewriter.New(), nil
-}

layers/authn/templates/error.gohtml

@@ -1,104 +0,0 @@
-{{ define "default" }}
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width,initial-scale=1" />
-    <title>Erreur - {{ .Layer.Name }}</title>
-    <style>
-      html {
-        box-sizing: border-box;
-        font-size: 16px;
-      }
-
-      *,
-      *:before,
-      *:after {
-        box-sizing: inherit;
-      }
-
-      body,
-      h1,
-      h2,
-      h3,
-      h4,
-      h5,
-      h6,
-      p,
-      ol,
-      ul {
-        margin: 0;
-        padding: 0;
-        font-weight: normal;
-      }
-
-      html,
-      body {
-        width: 100%;
-        height: 100%;
-        font-family: Arial, Helvetica, sans-serif;
-        background-color: #ffe4e4;
-      }
-
-      #container {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        height: 100%;
-        flex-direction: column;
-      }
-
-      #card {
-        padding: 1.5em 1em;
-        border: 1px solid #d90202;
-        background-color: #feb0b0;
-        border-radius: 5px;
-        box-shadow: 2px 2px #cccccc1c;
-        color: #810000 !important;
-      }
-
-      .title {
-        margin-bottom: 1.2em;
-      }
-
-      p {
-        margin-bottom: 0.5em;
-      }
-
-      .footer {
-        font-size: 0.7em;
-        margin-top: 2em;
-        text-align: right;
-      }
-
-      .back-link {
-        text-align: center;
-      }
-    </style>
-  </head>
-  <body>
-    <div id="container">
-      <div id="card">
-        <h2 class="title">Une erreur est survenue !</h2>
-        {{ if .Debug }}
-        <pre>{{ .Err }}</pre>
-        {{ end }}
-        {{/* if a public base url is provided, show navigation link */}}
-        {{ $oidc := ( index .Layer.Options "oidc" ) }}
-        {{ $publicBaseURL := ( index $oidc "publicBaseURL" ) }}
-        {{ if $publicBaseURL }}
-        <div class="back-link">
-          <a href="{{ $publicBaseURL }}" title="Retourner sur l'application"
-            >Retourner sur l'application</a
-          >
-        </div>
-        {{ end }}
-        <p class="footer">
-          Propulsé par
-          <a href="https://forge.cadoles.com/Cadoles/bouncer">Bouncer</a>.
-        </p>
-      </div>
-    </div>
-  </body>
-</html>
-{{ end }}

misc/bootstrap.d/dummy.yml

@@ -19,8 +19,7 @@ layers:
   #       clientId: my-client-id
   #       clientSecret: my-client-id
   #       issuerURL: https://forge.cadoles.com/
-  #       postLogoutRedirectURLs:
+  #       postLogoutRedirectURL: http://localhost:8080
-  #         - http://localhost:8080
   #       scopes: ["profile", "openid", "email"]
   #       authParams:
   #         acr_values: "eidas2"

misc/docker-compose/README.md

@@ -13,17 +13,17 @@ Le répertoire [`misc/docker-compose`](./) contient un exemple de déploiement d
 
 ## Étapes
 
-1. Se positionner dans le répertoire puis lancer l'environnement avec la commande `docker compose`:
+1. Se positionner dans le répertoire puis lancer l'environnement avec la commande `docker-compose`:
 
     ```bash
     cd misc/docker-compose
-   docker compose up
+    docker-compose up
     ```
 
 2. Entrer dans le conteneur `bouncer-admin` puis créer un jeton d'accès:
 
     ```bash
-   docker compose exec bouncer-admin /bin/sh
+    docker-compose exec bouncer-admin /bin/sh
     bouncer auth create-token --role writer > .bouncer-token
     ```
 
@@ -35,9 +35,3 @@ Le répertoire [`misc/docker-compose`](./) contient un exemple de déploiement d
     ```
 
 4. Via votre navigateur, accéder à l'URL http://127.0.0.1:8080. La page du site Cadoles devrait s'afficher. Dans le log de la commande `docker-compose up` vous devriez voir que les requêtes sont routées à tour de rôle sur les 3 instances de Bouncer en exécution.
-
-5. Stopper l'environnement:
-
-   ```
-   docker compose down -v
-   ```

misc/docker-compose/docker-compose.yml

@@ -1,3 +1,4 @@
+version: "2"
 services:
   haproxy:
     image: reg.cadoles.com/proxy_cache/library/haproxy:2.7-alpine

misc/images/bouncer/Dockerfile

@@ -0,0 +1,49 @@
+FROM golang:1.20 AS BUILD
+
+RUN apt-get update \
+    && apt-get install -y make
+
+ARG YQ_VERSION=4.34.1
+
+RUN mkdir -p /usr/local/bin \
+    && wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 \
+    && chmod +x /usr/local/bin/yq
+
+COPY . /src
+
+WORKDIR /src
+
+RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
+
+# Patch config
+RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml
+
+FROM alpine:3.18 AS RUNTIME
+
+ARG DUMB_INIT_VERSION=1.2.5
+
+RUN apk add --no-cache ca-certificates
+
+RUN mkdir -p /usr/local/bin \
+    && wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64 \
+    && chmod +x /usr/local/bin/dumb-init
+
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+
+RUN mkdir -p /usr/local/bin /usr/share/bouncer/bin /etc/bouncer
+
+COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/bouncer /usr/share/bouncer/bin/bouncer
+COPY --from=BUILD /src/layers /usr/share/bouncer/layers
+COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/config.yml /etc/bouncer/config.yml
+
+RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer
+
+EXPOSE 8080
+EXPOSE 8081
+
+ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
+
+CMD ["bouncer"]

misc/packaging/common/config.yml

@@ -70,12 +70,6 @@ admin:
 
 # Configuration du service "proxy"
 proxy:
-  # Activer/désactiver le mode debug (affichage ou non des messages d'erreur)
-  debug: false
-  # Configuration des templates utilisés par le proxy
-  templates:
-    # Répertoire contenant les templates
-    dir: /etc/bouncer/templates
   http:
     # Hôte d'écoute du service,
     # 0.0.0.0 pour écouter sur toutes les interfaces
@@ -99,14 +93,6 @@ proxy:
       credentials:
         prom: etheus
 
-  # Configuration de la mise en cache
-  # locale des données proxy/layers
-  cache:
-    # Les proxys/layers sont mis en cache local pour une durée de 30s
-    # par défaut. Si les modifications sont rares, vous pouvez augmenter
-    # cette valeur pour réduire la "pression" sur le serveur Redis.
-    ttl: 30s
-
   # Configuration du transport HTTP(S)
   # Voir https://pkg.go.dev/net/http#Transport
   transport:

templates/error.gohtml

@@ -1,96 +0,0 @@
-{{ define "default" }}
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width,initial-scale=1" />
-    {{ $title := print .StatusCode " - " .Status }}
-    <title>{{ $title }}</title>
-    <style>
-      html {
-        box-sizing: border-box;
-        font-size: 16px;
-      }
-
-      *,
-      *:before,
-      *:after {
-        box-sizing: inherit;
-      }
-
-      body,
-      h1,
-      h2,
-      h3,
-      h4,
-      h5,
-      h6,
-      p,
-      ol,
-      ul {
-        margin: 0;
-        padding: 0;
-        font-weight: normal;
-      }
-
-      html,
-      body {
-        width: 100%;
-        height: 100%;
-        font-family: Arial, Helvetica, sans-serif;
-        background-color: #ffe4e4;
-      }
-
-      #container {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        height: 100%;
-        flex-direction: column;
-      }
-
-      #card {
-        padding: 1.5em 1em;
-        border: 1px solid #d90202;
-        background-color: #feb0b0;
-        border-radius: 5px;
-        box-shadow: 2px 2px #cccccc1c;
-        color: #810000 !important;
-      }
-
-      .title {
-        margin-bottom: 1.2em;
-      }
-
-      p {
-        margin-bottom: 0.5em;
-      }
-
-      code,
-      pre {
-        font-family: monospace;
-      }
-
-      .footer {
-        font-size: 0.7em;
-        margin-top: 2em;
-        text-align: right;
-      }
-    </style>
-  </head>
-  <body>
-    <div id="container">
-      <div id="card">
-        <h2 class="title">{{ $title }}</h2>
-        {{ if .Debug }}
-        <pre>{{ .Err }}</pre>
-        {{ end }}
-        <p class="footer">
-          Propulsé par
-          <a href="https://forge.cadoles.com/Cadoles/bouncer">Bouncer</a>.
-        </p>
-      </div>
-    </div>
-  </body>
-</html>
-{{ end }}