feat(proxy): Add reverse proxy feature
This commit is contained in:
Björn Benouarets
@@ -1,61 +0,0 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"git.secnex.io/secnex/api-gateway/config"
|
||||
"git.secnex.io/secnex/api-gateway/res"
|
||||
"git.secnex.io/secnex/masterlog"
|
||||
)
|
||||
|
||||
func authPathMatches(pattern, requestPath string) bool {
|
||||
if pattern == "*" {
|
||||
return true
|
||||
}
|
||||
if pattern == requestPath {
|
||||
return true
|
||||
}
|
||||
if strings.Contains(pattern, "*") {
|
||||
matched, _ := path.Match(pattern, requestPath)
|
||||
return matched
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func Auth(next http.Handler, authType string, authHeader string, authPath config.AuthPathConfiguration) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
masterlog.Debug("Auth middleware", map[string]interface{}{
|
||||
"path": r.URL.Path,
|
||||
"include": authPath.Include,
|
||||
"exclude": authPath.Exclude,
|
||||
})
|
||||
if len(authPath.Include) > 0 {
|
||||
matched := false
|
||||
for _, include := range authPath.Include {
|
||||
if authPathMatches(include, r.URL.Path) {
|
||||
matched = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !matched {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
for _, exclude := range authPath.Exclude {
|
||||
if authPathMatches(exclude, r.URL.Path) {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
if r.Header.Get(authHeader) == "" {
|
||||
res.Unauthorized(w)
|
||||
return
|
||||
}
|
||||
r.Header.Del(authHeader)
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
16
app/middlewares/host.go
Normal file
16
app/middlewares/host.go
Normal file
@@ -0,0 +1,16 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.secnex.io/secnex/masterlog"
|
||||
)
|
||||
|
||||
func HostMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
masterlog.Info("HostMiddleware", map[string]interface{}{
|
||||
"host": r.Host,
|
||||
})
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
27
app/middlewares/logger.go
Normal file
27
app/middlewares/logger.go
Normal file
@@ -0,0 +1,27 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.secnex.io/secnex/masterlog"
|
||||
"github.com/go-chi/chi/v5/middleware"
|
||||
)
|
||||
|
||||
func LoggerMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
start := time.Now()
|
||||
|
||||
ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
|
||||
next.ServeHTTP(ww, r)
|
||||
|
||||
masterlog.Info("HTTP Request", map[string]interface{}{
|
||||
"method": r.Method,
|
||||
"path": r.URL.Path,
|
||||
"status": ww.Status(),
|
||||
"duration": time.Since(start).String(),
|
||||
"host": r.Host,
|
||||
"ip": r.RemoteAddr,
|
||||
})
|
||||
})
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
package middlewares
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"slices"
|
||||
|
||||
"git.secnex.io/secnex/api-gateway/config"
|
||||
"git.secnex.io/secnex/api-gateway/res"
|
||||
)
|
||||
|
||||
func WAF(next http.Handler, wafConfig config.WAFConfiguration) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if !wafConfig.Enabled {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
if slices.Contains(wafConfig.Methods, "*") {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
if !slices.Contains(wafConfig.Methods, r.Method) {
|
||||
res.Forbidden(w)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user