feat(sentry): ignore 'net/http: abort' errors

See: - https://sentry.in.nuonet.fr/share/issue/972e100ea22d44759c44b6cfad8be7b2/ - https://pkg.go.dev/net/http#:~:text=ErrAbortHandler%20is%20a%20sentinel%20panic%20value%20to%20abort%20a%20handler.%20While%20any%20panic%20from%20ServeHTTP%20aborts%20the%20response%20to%20the%20client%2C%20panicking%20with%20ErrAbortHandler%20also%20suppresses%20logging%20of%20a%20stack%20trace%20to%20the%20server%27s%20error%20log.
fix: prevent loss of information when returning errors
2024-11-08 11:19:38 +01:00 · 2024-11-08 11:13:39 +01:00 · 2024-10-21 14:07:51 +02:00 · 2024-10-21 13:49:32 +02:00 · 2024-10-21 13:48:59 +02:00 · 2024-10-21 13:48:07 +02:00
19 changed files with 156 additions and 123 deletions
--- a/4
+++ b/4
@ -17,8 +17,8 @@ GOTEST_ARGS ?= -short
 OPENWRT_DEVICE ?= 192.168.1.1
 SIEGE_URLS_FILE ?= misc/siege/urls.txt
-SIEGE_CONCURRENCY ?= 50
+SIEGE_CONCURRENCY ?= 200
-SIEGE_DURATION ?= 1M
+SIEGE_DURATION ?= 5M
 data/bootstrap.d/dummy.yml:
 	mkdir -p data/bootstrap.d
--- a/doc/fr/references/layers/rewriter.md
+++ b/doc/fr/references/layers/rewriter.md
@ -60,7 +60,7 @@ Retourne `nil` si le cookie n'existe pas.
 }
 ```
-##### `set_cookie(ctx, cookie Cookie)`
+##### `add_cookie(ctx, cookie Cookie)`
 Définit un cookie sur la requête/réponse (en fonction du contexte d'utilisation).
 Voir la méthode `get_cookie()` pour voir les attributs potentiels.
--- a/internal/admin/server.go
+++ b/internal/admin/server.go
@ -2,6 +2,7 @@ package admin
 import (
 	"context"
 	"expvar"
 	"fmt"
 	"log"
 	"net"
@ -115,7 +116,9 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 		router.Use(middleware.RealIP)
 	}
 	router.Use(middleware.RequestID)
 	router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter()))
 	router.Use(middleware.Recoverer)
 	if s.serverConfig.Sentry.DSN != "" {
 		logger.Info(ctx, "enabling sentry http middleware")
@ -176,6 +179,7 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 				r.HandleFunc("/profile", pprof.Profile)
 				r.HandleFunc("/symbol", pprof.Symbol)
 				r.HandleFunc("/trace", pprof.Trace)
 				r.Handle("/vars", expvar.Handler())
 				r.HandleFunc("/{name}", func(w http.ResponseWriter, r *http.Request) {
 					name := chi.URLParam(r, "name")
 					pprof.Handler(name).ServeHTTP(w, r)
--- a/internal/chi/log_formatter.go
+++ b/internal/chi/log_formatter.go
@ -2,7 +2,6 @@ package chi
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"time"
@ -37,12 +36,19 @@ type LogEntry struct {
 // Panic implements middleware.LogEntry
 func (e *LogEntry) Panic(v interface{}, stack []byte) {
-	logger.Error(e.ctx, fmt.Sprintf("%s %s", e.method, e.path), logger.F("stack", string(stack)))
+	logger.Error(
 		e.ctx, "http panic",
 		logger.F("stack", string(stack)),
 		logger.F("host", e.host),
 		logger.F("method", e.method),
 		logger.F("path", e.path),
 	)
 }
 // Write implements middleware.LogEntry
 func (e *LogEntry) Write(status int, bytes int, header http.Header, elapsed time.Duration, extra interface{}) {
-	logger.Info(e.ctx, fmt.Sprintf("%s %s - %d", e.method, e.path, status),
+	logger.Info(
 		e.ctx, "http request",
 		logger.F("host", e.host),
 		logger.F("status", status),
 		logger.F("bytes", bytes),
--- a/internal/config/redis.go
+++ b/internal/config/redis.go
@ -15,8 +15,16 @@ type RedisConfig struct {
 	WriteTimeout          InterpolatedDuration    `yaml:"writeTimeout"`
 	DialTimeout           InterpolatedDuration    `yaml:"dialTimeout"`
 	LockMaxRetries        InterpolatedInt         `yaml:"lockMaxRetries"`
 	RouteByLatency        InterpolatedBool        `yaml:"routeByLatency"`
 	ContextTimeoutEnabled InterpolatedBool        `yaml:"contextTimeoutEnabled"`
 	MaxRetries            InterpolatedInt         `yaml:"maxRetries"`
 	PingInterval          InterpolatedDuration    `yaml:"pingInterval"`
 	PoolSize              InterpolatedInt         `yaml:"poolSize"`
 	PoolTimeout           InterpolatedDuration    `yaml:"poolTimeout"`
 	MinIdleConns          InterpolatedInt         `yaml:"minIdleConns"`
 	MaxIdleConns          InterpolatedInt         `yaml:"maxIdleConns"`
 	ConnMaxIdleTime       InterpolatedDuration    `yaml:"connMaxIdleTime"`
 	ConnMaxLifetime       InterpolatedDuration    `yaml:"connMaxLifeTime"`
 }
 func NewDefaultRedisConfig() RedisConfig {
@ -29,5 +37,7 @@ func NewDefaultRedisConfig() RedisConfig {
 		LockMaxRetries:        10,
 		MaxRetries:            3,
 		PingInterval:          InterpolatedDuration(30 * time.Second),
 		ContextTimeoutEnabled: true,
 		RouteByLatency:        true,
 	}
 }
--- a/internal/config/sentry.go
+++ b/internal/config/sentry.go
@ -28,11 +28,11 @@ func NewDefaultSentryConfig() SentryConfig {
 		Debug:              false,
 		FlushTimeout:       NewInterpolatedDuration(2 * time.Second),
 		AttachStacktrace:   true,
-		SampleRate:         0.2,
+		SampleRate:         1,
-		EnableTracing:      true,
+		EnableTracing:      false,
-		TracesSampleRate:   0.2,
+		TracesSampleRate:   0.1,
-		ProfilesSampleRate: 0.2,
+		ProfilesSampleRate: 0.1,
-		IgnoreErrors:       []string{},
+		IgnoreErrors:       []string{"context canceled", "net/http: abort"},
 		SendDefaultPII:     false,
 		ServerName:         "",
 		Environment:        "",
--- a/internal/proxy/director/director.go
+++ b/internal/proxy/director/director.go
@ -8,7 +8,6 @@ import (
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
 	"forge.cadoles.com/cadoles/bouncer/internal/cache"
 	bouncersentry "forge.cadoles.com/cadoles/bouncer/internal/sentry"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
@ -42,21 +41,11 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 	for _, p := range proxies {
 		for _, from := range p.From {
 			logger.Debug(
 				ctx, "matching request with proxy's from",
 				logger.F("from", from),
 			)
 			if matches := wildcard.Match(url.String(), from); !matches {
 				continue
 			}
-			logger.Debug(
+			proxyCtx := logger.With(ctx,
 				ctx, "proxy's from matched",
 				logger.F("from", from),
 			)
 			ctx = logger.With(ctx,
 				logger.F("proxy", p.Name),
 				logger.F("host", r.Host),
 				logger.F("remoteAddr", r.RemoteAddr),
@ -64,7 +53,7 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 			metricProxyRequestsTotal.With(prometheus.Labels{metricLabelProxy: string(p.Name)}).Add(1)
-			proxyLayers, err := d.getLayers(ctx, p.Name)
+			proxyLayers, err := d.getLayers(proxyCtx, p.Name)
 			if err != nil {
 				return r, errors.WithStack(err)
 			}
@ -84,8 +73,8 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 			r.URL.Scheme = toURL.Scheme
 			r.URL.Path = toURL.JoinPath(r.URL.Path).Path
-			ctx = withLayers(ctx, layers)
+			proxyCtx = withLayers(proxyCtx, layers)
-			r = r.WithContext(ctx)
+			r = r.WithContext(proxyCtx)
 			return r, nil
 		}
@ -259,7 +248,6 @@ func (d *Director) Middleware() proxy.Middleware {
 			}
 			handler := createMiddlewareChain(next, httpMiddlewares)
 			handler = bouncersentry.SpanHandler(handler, "director.proxy")
 			handler.ServeHTTP(w, r)
 		}
--- a/internal/proxy/director/layer/authn/layer.go
+++ b/internal/proxy/director/layer/authn/layer.go
@ -10,6 +10,9 @@ import (
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/util"
 	"forge.cadoles.com/cadoles/bouncer/internal/rule"
 	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/Masterminds/sprig/v3"
 	"github.com/pkg/errors"
@ -21,6 +24,8 @@ type Layer struct {
 	auth      Authenticator
 	debug     bool
 	ruleEngineCache *util.RuleEngineCache[*Vars, *LayerOptions]
 	templateDir string
 }
@ -74,7 +79,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 				return
 			}
-			if err := l.applyRules(ctx, r, options, user); err != nil {
+			if err := l.applyRules(ctx, r, layer, options, user); err != nil {
 				if errors.Is(err, ErrForbidden) {
 					l.renderForbiddenPage(w, r, layer, options, user)
 					return
@ -189,6 +194,18 @@ func NewLayer(layerType store.LayerType, auth Authenticator, funcs ...OptionFunc
 	opts := NewOptions(funcs...)
 	return &Layer{
 		ruleEngineCache: util.NewInMemoryRuleEngineCache[*Vars, *LayerOptions](func(options *LayerOptions) (*rule.Engine[*Vars], error) {
 			engine, err := rule.NewEngine[*Vars](
 				rule.WithRules(options.Rules...),
 				rule.WithExpr(getAuthnAPI()...),
 				ruleHTTP.WithRequestFuncs(),
 			)
 			if err != nil {
 				return nil, errors.WithStack(err)
 			}
 			return engine, nil
 		}),
 		layerType:   layerType,
 		auth:        auth,
 		templateDir: opts.TemplateDir,
--- a/internal/proxy/director/layer/authn/layer_options.go
+++ b/internal/proxy/director/layer/authn/layer_options.go
@ -28,12 +28,13 @@ func DefaultLayerOptions() LayerOptions {
 	return LayerOptions{
 		MatchURLs: []string{"*"},
 		Rules: []string{
-			"del_headers('Remote-*')",
+			"del_headers(ctx, 'Remote-*')",
-			"set_header('Remote-User', user.subject)",
+			"set_header(ctx,'Remote-User', vars.user.subject)",
 			`map(
-				toPairs(user.attrs), {
+				toPairs(vars.user.attrs), {
 					let name = replace(lower(string(get(#, 0))), '_', '-');
 					set_header(
 						ctx,
 						'Remote-User-Attr-' + name, 
 						get(#, 1)
 					) 
--- a/internal/proxy/director/layer/authn/oidc/client.go
+++ b/internal/proxy/director/layer/authn/oidc/client.go
@ -48,7 +48,7 @@ func (c *Client) Provider() *oidc.Provider {
 func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) (*oidc.IDToken, error) {
 	idToken, err := c.getIDToken(r, sess)
 	if err != nil {
-		logger.Warn(r.Context(), "could not retrieve idtoken", logger.CapturedE(errors.WithStack(err)))
+		logger.Warn(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
 		c.login(w, r, sess, postLoginRedirectURL)
@ -69,7 +69,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
 	sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
 	if err := sess.Save(r, w); err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not save session"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not save session"))
 		return
 	}
--- a/internal/proxy/director/layer/authn/rules.go
+++ b/internal/proxy/director/layer/authn/rules.go
@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"
 	"forge.cadoles.com/cadoles/bouncer/internal/rule"
 	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/expr-lang/expr"
 	"github.com/pkg/errors"
 )
@ -14,17 +14,11 @@ type Vars struct {
 	User *User `expr:"user"`
 }
-func (l *Layer) applyRules(ctx context.Context, r *http.Request, options *LayerOptions, user *User) error {
+func (l *Layer) applyRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) error {
-	rules := options.Rules
+	key := string(layer.Proxy) + "-" + string(layer.Name)
-	if len(rules) == 0 {
+	revisionedEngine := l.ruleEngineCache.Get(key)
 		return nil
 	}
-	engine, err := rule.NewEngine[*Vars](
+	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 		rule.WithRules(options.Rules...),
 		rule.WithExpr(getAuthnAPI()...),
 		ruleHTTP.WithRequestFuncs(),
 	)
 	if err != nil {
 		return errors.WithStack(err)
 	}
--- a/internal/proxy/director/layer/queue/queue.go
+++ b/internal/proxy/director/layer/queue/queue.go
@ -54,7 +54,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 			options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
 				return
 			}
@ -89,7 +89,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 			rank, err := q.adapter.Touch(ctx, queueName, sessionID)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve session rank"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not update queue session rank"))
 				return
 			}
@ -142,7 +142,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
 	status, err := q.adapter.Status(ctx, queueName)
 	if err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve queue status"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve queue status"))
 		return
 	}
@ -191,7 +191,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
 	var buf bytes.Buffer
 	if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not render queue page"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not render queue page"))
 		return
 	}
--- a/internal/proxy/director/layer/rewriter/layer.go
+++ b/internal/proxy/director/layer/rewriter/layer.go
@ -16,8 +16,8 @@ import (
 const LayerType store.LayerType = "rewriter"
 type Layer struct {
-	requestRuleEngine  *util.RevisionedRuleEngine[*RequestVars, *LayerOptions]
+	requestRuleEngineCache  *util.RuleEngineCache[*RequestVars, *LayerOptions]
-	responseRuleEngine *util.RevisionedRuleEngine[*ResponseVars, *LayerOptions]
+	responseRuleEngineCache *util.RuleEngineCache[*ResponseVars, *LayerOptions]
 }
 func (l *Layer) LayerType() store.LayerType {
@ -31,7 +31,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 			options, err := fromStoreOptions(layer.Options)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
 				return
 			}
@ -42,7 +42,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 				return
 			}
-			if err := l.applyRequestRules(ctx, r, layer.Revision, options); err != nil {
+			if err := l.applyRequestRules(ctx, r, layer, options); err != nil {
 				var redirect *errRedirect
 				if errors.As(err, &redirect) {
 					http.Redirect(w, r, redirect.URL(), redirect.StatusCode())
@ -76,7 +76,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
 		ctx := r.Request.Context()
-		if err := l.applyResponseRules(ctx, r, layer.Revision, options); err != nil {
+		if err := l.applyResponseRules(ctx, r, layer, options); err != nil {
 			return errors.WithStack(err)
 		}
@ -86,7 +86,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
 func New(funcs ...OptionFunc) *Layer {
 	return &Layer{
-		requestRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
+		requestRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
 			engine, err := rule.NewEngine[*RequestVars](
 				rule.WithRules(options.Rules.Request...),
 				ruleHTTP.WithRequestFuncs(),
@ -98,7 +98,7 @@ func New(funcs ...OptionFunc) *Layer {
 			return engine, nil
 		}),
-		responseRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
+		responseRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
 			engine, err := rule.NewEngine[*ResponseVars](
 				rule.WithRules(options.Rules.Response...),
 				ruleHTTP.WithResponseFuncs(),
--- a/internal/proxy/director/layer/rewriter/rules.go
+++ b/internal/proxy/director/layer/rewriter/rules.go
@ -8,6 +8,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/rule"
 	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 )
@ -87,13 +88,13 @@ func fromRequest(r *http.Request) RequestVar {
 	}
 }
-func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRevision int, options *LayerOptions) error {
+func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions) error {
 	rules := options.Rules.Request
 	if len(rules) == 0 {
 		return nil
 	}
-	engine, err := l.getRequestRuleEngine(ctx, layerRevision, options)
+	engine, err := l.getRequestRuleEngine(ctx, layer, options)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@ -117,8 +118,11 @@ func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRev
 	return nil
 }
-func (l *Layer) getRequestRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
+func (l *Layer) getRequestRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
-	engine, err := l.requestRuleEngine.Get(ctx, layerRevision, options)
+	key := string(layer.Proxy) + "-" + string(layer.Name)
 	revisionedEngine := l.requestRuleEngineCache.Get(key)
 	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@ -145,13 +149,13 @@ type ResponseVar struct {
 	Trailer          map[string][]string `expr:"trailer"`
 }
-func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerRevision int, options *LayerOptions) error {
+func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layer *store.Layer, options *LayerOptions) error {
 	rules := options.Rules.Response
 	if len(rules) == 0 {
 		return nil
 	}
-	engine, err := l.getResponseRuleEngine(ctx, layerRevision, options)
+	engine, err := l.getResponseRuleEngine(ctx, layer, options)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@ -187,8 +191,11 @@ func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerR
 	return nil
 }
-func (l *Layer) getResponseRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
+func (l *Layer) getResponseRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
-	engine, err := l.responseRuleEngine.Get(ctx, layerRevision, options)
+	key := string(layer.Proxy) + "-" + string(layer.Name)
 	revisionedEngine := l.responseRuleEngineCache.Get(key)
 	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/internal/proxy/director/layer/util/rule_engine_cache.go
+++ b/internal/proxy/director/layer/util/rule_engine_cache.go
@ -0,0 +1,28 @@
 package util
 import (
 	"forge.cadoles.com/cadoles/bouncer/internal/cache"
 	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
 )
 type RuleEngineCache[V any, O any] struct {
 	cache   cache.Cache[string, *RevisionedRuleEngine[V, O]]
 	factory RuleEngineFactoryFunc[V, O]
 }
 func (c *RuleEngineCache[V, O]) Get(key string) *RevisionedRuleEngine[V, O] {
 	revisionedRuleEngine, exists := c.cache.Get(key)
 	if !exists {
 		revisionedRuleEngine = NewRevisionedRuleEngine(c.factory)
 		c.cache.Set(key, revisionedRuleEngine)
 	}
 	return revisionedRuleEngine
 }
 func NewInMemoryRuleEngineCache[V any, O any](factory RuleEngineFactoryFunc[V, O]) *RuleEngineCache[V, O] {
 	return &RuleEngineCache[V, O]{
 		factory: factory,
 		cache:   memory.NewCache[string, *RevisionedRuleEngine[V, O]](),
 	}
 }
--- a/internal/proxy/server.go
+++ b/internal/proxy/server.go
@ -3,6 +3,7 @@ package proxy
 import (
 	"bytes"
 	"context"
 	"expvar"
 	"fmt"
 	"html/template"
 	"io"
@ -31,8 +32,6 @@ import (
 	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"gitlab.com/wpetit/goweb/logger"
 	bouncersentry "forge.cadoles.com/cadoles/bouncer/internal/sentry"
 )
 type Server struct {
@ -120,7 +119,9 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 		router.Use(middleware.RealIP)
 	}
 	router.Use(middleware.RequestID)
 	router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter()))
 	router.Use(middleware.Recoverer)
 	if s.serverConfig.Sentry.DSN != "" {
 		logger.Info(ctx, "enabling sentry http middleware")
@ -171,6 +172,7 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 				r.HandleFunc("/profile", pprof.Profile)
 				r.HandleFunc("/symbol", pprof.Symbol)
 				r.HandleFunc("/trace", pprof.Trace)
 				r.Handle("/vars", expvar.Handler())
 				r.HandleFunc("/{name}", func(w http.ResponseWriter, r *http.Request) {
 					name := chi.URLParam(r, "name")
 					pprof.Handler(name).ServeHTTP(w, r)
@ -193,7 +195,7 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 			proxy.WithDefaultHandler(http.HandlerFunc(s.handleDefault)),
 		)
-		r.Handle("/*", bouncersentry.SpanHandler(handler, "http.proxy"))
+		r.Handle("/*", handler)
 	})
 	if err := http.Serve(listener, router); err != nil && !errors.Is(err, net.ErrClosed) {
@ -230,7 +232,12 @@ func (s *Server) handleDefault(w http.ResponseWriter, r *http.Request) {
 func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int, err error) {
 	err = errors.WithStack(err)
 	if errors.Is(err, context.Canceled) {
 		logger.Warn(r.Context(), err.Error(), logger.E(err))
 	} else {
 		logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
 	}
 	s.renderErrorPage(w, r, err, status, http.StatusText(status))
 }
--- a/internal/sentry/sentry.go
+++ b/internal/sentry/sentry.go
@ -1,37 +0,0 @@
 package sentry
 import (
 	"net/http"
 	"github.com/getsentry/sentry-go"
 )
 func SpanHandler(handler http.Handler, name string) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		hub := sentry.GetHubFromContext(ctx)
 		if hub == nil {
 			hub = sentry.CurrentHub().Clone()
 			ctx = sentry.SetHubOnContext(ctx, hub)
 		}
 		options := []sentry.SpanOption{
 			sentry.WithOpName(name),
 			sentry.ContinueFromRequest(r),
 			sentry.WithTransactionSource(sentry.SourceURL),
 		}
 		span := sentry.StartSpan(ctx,
 			name,
 			options...,
 		)
 		defer span.Finish()
 		r = r.WithContext(span.Context())
 		handler.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
--- a/internal/setup/redis.go
+++ b/internal/setup/redis.go
@ -38,9 +38,15 @@ func newRedisClient(conf config.RedisConfig) redis.UniversalClient {
 		ReadTimeout:           time.Duration(conf.ReadTimeout),
 		WriteTimeout:          time.Duration(conf.WriteTimeout),
 		DialTimeout:           time.Duration(conf.DialTimeout),
-		RouteByLatency:        true,
+		RouteByLatency:        bool(conf.RouteByLatency),
-		ContextTimeoutEnabled: true,
+		ContextTimeoutEnabled: bool(conf.ContextTimeoutEnabled),
 		MaxRetries:            int(conf.MaxRetries),
 		PoolSize:              int(conf.PoolSize),
 		PoolTimeout:           time.Duration(conf.PoolTimeout),
 		MinIdleConns:          int(conf.MinIdleConns),
 		MaxIdleConns:          int(conf.MaxIdleConns),
 		ConnMaxIdleTime:       time.Duration(conf.ConnMaxIdleTime),
 		ConnMaxLifetime:       time.Duration(conf.ConnMaxLifetime),
 	})
 	go func() {
--- a/layers/authn/templates/error.gohtml
+++ b/layers/authn/templates/error.gohtml
@ -55,6 +55,8 @@
        border-radius: 5px;
        box-shadow: 2px 2px #cccccc1c;
        color: #810000 !important;
        max-width: 80%;
        overflow-x: hidden;
      }
      .title {
@ -81,7 +83,7 @@
      <div id="card">
        <h2 class="title">Une erreur est survenue !</h2>
        {{ if .Debug }}
-        <pre>{{ .Err }}</pre>
+        <pre style="overflow-x: auto">{{ .Err }}</pre>
        {{ end }}
        {{/* if a public base url is provided, show navigation link */}}
        {{ $oidc := ( index .Layer.Options "oidc" ) }}
Author	SHA1	Message	Date
William Petit	239d4573c3	feat(sentry): ignore 'net/http: abort' errors All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details See: - https://sentry.in.nuonet.fr/share/issue/972e100ea22d44759c44b6cfad8be7b2/ - https://pkg.go.dev/net/http#:~:text=ErrAbortHandler%20is%20a%20sentinel%20panic%20value%20to%20abort%20a%20handler.%20While%20any%20panic%20from%20ServeHTTP%20aborts%20the%20response%20to%20the%20client%2C%20panicking%20with%20ErrAbortHandler%20also%20suppresses%20logging%20of%20a%20stack%20trace%20to%20the%20server%27s%20error%20log.	2024-11-08 11:19:38 +01:00
William Petit	cffe3eca1b	fix: prevent loss of information when returning errors Some checks reported warnings Cadoles/bouncer/pipeline/head This commit was not built Details Linked to: - https://sentry.in.nuonet.fr/share/issue/5fa72de1b01b46bc81601958a2ff5fd2/ - https://sentry.in.nuonet.fr/share/issue/5a225f6400a647c0bbf1f7ea01566e63/	2024-11-08 11:13:39 +01:00
wpetit	a686c52aed	Merge pull request 'fix(rewriter): prevent mixing of cached rule engines (#44 )' (#45 ) from issue-44 into develop All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details Reviewed-on: #45	2024-10-21 14:07:51 +02:00
William Petit	c0470ca623	feat: better display of large error messsages Some checks are pending Cadoles/bouncer/pipeline/head Build queued... Details Cadoles/bouncer/pipeline/pr-develop Build queued... Details	2024-10-21 13:49:32 +02:00
William Petit	c611705d45	fix(rewriter): prevent mixing of cached rule engines (#44 )	2024-10-21 13:48:59 +02:00
William Petit	16fa751dc7	doc: fix rewriter rule method name	2024-10-21 13:48:07 +02:00
William Petit	8983a44d9e	feat: do not capture warning errors All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2024-10-11 14:18:52 +02:00
William Petit	11375e546f	feat: allow more control on redis client configuration Some checks reported warnings Cadoles/bouncer/pipeline/head This commit was not built Details	2024-10-11 14:17:45 +02:00
William Petit	69501f6302	feat: log context cancelled error as warn instead of errors All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2024-10-02 12:13:50 +02:00
William Petit	382d17cc85	feat: do not use logger.Debug in critical path	2024-10-02 12:13:26 +02:00
William Petit	9bd1d0fbd7	feat: remove superfluous sentry span handlers	2024-10-02 12:12:51 +02:00
William Petit	ecacbb1cbd	feat: disable sentry tracing by default	2024-10-02 12:12:10 +02:00
William Petit	910f1f8ba2	feat: do not use fmt.Sprintf in http logger	2024-10-02 12:11:30 +02:00
William Petit	be59be1795	feat: add recoverer + request-id http middlewares	2024-10-02 12:10:38 +02:00
William Petit	4d6958e2f5	chore: increase default siege requests volume	2024-10-02 12:09:41 +02:00
William Petit	f3b553cb10	feat: expose expvars as profiling endpoint	2024-10-02 12:09:02 +02:00