mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-27 06:03:48 +03:00
Protocol and Caddyscript matchers
* Added matcher to determine what protocol the request is being made by - grpc, tls, http * Added ability to run caddyscript in a matcher to evaluate the http request * Added TLS field to caddyscript request time * Added a library to manipulate and compare a new caddyscript time type * Library for regex in starlark
This commit is contained in:
parent
402f423693
commit
27ecc7f384
9 changed files with 341 additions and 12 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -3,3 +3,6 @@ _gitignore/
|
||||||
# artifacts from pprof tooling
|
# artifacts from pprof tooling
|
||||||
*.prof
|
*.prof
|
||||||
*.test
|
*.test
|
||||||
|
|
||||||
|
# mac specific
|
||||||
|
.DS_Store
|
||||||
|
|
|
@ -3,11 +3,12 @@ package main
|
||||||
import (
|
import (
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
"bitbucket.org/lightcodelabs/caddy2"
|
|
||||||
|
|
||||||
_ "net/http/pprof"
|
_ "net/http/pprof"
|
||||||
|
|
||||||
|
"bitbucket.org/lightcodelabs/caddy2"
|
||||||
|
|
||||||
// this is where modules get plugged in
|
// this is where modules get plugged in
|
||||||
|
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp"
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/caddylog"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/caddylog"
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticfiles"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticfiles"
|
||||||
|
|
72
internal/caddyscript/lib/http.go
Normal file
72
internal/caddyscript/lib/http.go
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
package caddyscript
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
// HTTPRequest represents an http request type in caddyscript.
|
||||||
|
type HTTPRequest struct{ Req *http.Request }
|
||||||
|
|
||||||
|
// AttrNames defines what properties and methods are available on the HTTPRequest type.
|
||||||
|
func (r HTTPRequest) AttrNames() []string {
|
||||||
|
return []string{"header", "query", "url", "method", "host", "tls"}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r HTTPRequest) Freeze() {}
|
||||||
|
func (r HTTPRequest) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: HTTPRequest") }
|
||||||
|
func (r HTTPRequest) String() string { return fmt.Sprint(r.Req) }
|
||||||
|
func (r HTTPRequest) Type() string { return "HTTPRequest" }
|
||||||
|
func (r HTTPRequest) Truth() starlark.Bool { return true }
|
||||||
|
|
||||||
|
// Header handles returning a header key.
|
||||||
|
func (r HTTPRequest) Header(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
var key string
|
||||||
|
err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &key)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.None, fmt.Errorf("get request header: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return starlark.String(r.Req.Header.Get(key)), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Attr defines what happens when props or methods are called on the HTTPRequest type.
|
||||||
|
func (r HTTPRequest) Attr(name string) (starlark.Value, error) {
|
||||||
|
switch name {
|
||||||
|
case "tls":
|
||||||
|
tls := new(starlark.Dict)
|
||||||
|
tls.SetKey(starlark.String("cipher_suite"), starlark.MakeUint(uint(r.Req.TLS.CipherSuite)))
|
||||||
|
tls.SetKey(starlark.String("did_resume"), starlark.Bool(r.Req.TLS.DidResume))
|
||||||
|
tls.SetKey(starlark.String("handshake_complete"), starlark.Bool(r.Req.TLS.HandshakeComplete))
|
||||||
|
tls.SetKey(starlark.String("negotiated_protocol"), starlark.String(r.Req.TLS.NegotiatedProtocol))
|
||||||
|
tls.SetKey(starlark.String("negotiated_protocol_is_mutual"), starlark.Bool(r.Req.TLS.NegotiatedProtocolIsMutual))
|
||||||
|
tls.SetKey(starlark.String("server_name"), starlark.String(r.Req.TLS.ServerName))
|
||||||
|
tls.SetKey(starlark.String("version"), starlark.String(r.Req.TLS.Version))
|
||||||
|
|
||||||
|
return tls, nil
|
||||||
|
case "header":
|
||||||
|
b := starlark.NewBuiltin("Header", r.Header)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
|
||||||
|
return b, nil
|
||||||
|
case "query":
|
||||||
|
qVals := r.Req.URL.Query()
|
||||||
|
query := starlark.NewDict(len(qVals))
|
||||||
|
|
||||||
|
for k, v := range qVals {
|
||||||
|
query.SetKey(starlark.String(k), starlark.String(v[0]))
|
||||||
|
}
|
||||||
|
|
||||||
|
return query, nil
|
||||||
|
case "url":
|
||||||
|
return starlark.String(r.Req.URL.Path), nil
|
||||||
|
case "method":
|
||||||
|
return starlark.String(r.Req.Method), nil
|
||||||
|
case "host":
|
||||||
|
return starlark.String(r.Req.Host), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, nil
|
||||||
|
}
|
11
internal/caddyscript/lib/lib.go
Normal file
11
internal/caddyscript/lib/lib.go
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
package caddyscript
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
func invalidReciever(v starlark.Value, want string) (starlark.Value, error) {
|
||||||
|
return starlark.None, fmt.Errorf("invalid receiver: receiver set to type %v, want %v", v.Type(), want)
|
||||||
|
}
|
50
internal/caddyscript/lib/regex.go
Normal file
50
internal/caddyscript/lib/regex.go
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
package caddyscript
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"regexp"
|
||||||
|
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Regexp represents a regexp type for caddyscript.
|
||||||
|
type Regexp struct{}
|
||||||
|
|
||||||
|
// AttrNames defines what properties and methods are available on the Time type.
|
||||||
|
func (r Regexp) AttrNames() []string {
|
||||||
|
return []string{"match_string"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Attr defines what happens when props or methods are called on the Time type.
|
||||||
|
func (r Regexp) Attr(name string) (starlark.Value, error) {
|
||||||
|
switch name {
|
||||||
|
case "match_string":
|
||||||
|
b := starlark.NewBuiltin("match_string", r.MatchString)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// MatchString reports whether the string s contains any match of the regular expression pattern. More complicated queries need to use Compile and the full Regexp interface.
|
||||||
|
func (r Regexp) MatchString(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
var pattern, match string
|
||||||
|
err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 2, &pattern, &match)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
matched, err := regexp.MatchString(pattern, match)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.False, fmt.Errorf("matchstring: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return starlark.Bool(matched), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r Regexp) Freeze() {}
|
||||||
|
func (r Regexp) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: Regexp") }
|
||||||
|
func (r Regexp) String() string { return fmt.Sprint(r) }
|
||||||
|
func (r Regexp) Type() string { return "Regexp" }
|
||||||
|
func (r Regexp) Truth() starlark.Bool { return true }
|
130
internal/caddyscript/lib/time.go
Normal file
130
internal/caddyscript/lib/time.go
Normal file
|
@ -0,0 +1,130 @@
|
||||||
|
package caddyscript
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
ti "time"
|
||||||
|
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Time represents a time type for caddyscript.
|
||||||
|
type Time struct {
|
||||||
|
value int64 // time since epoch in nanoseconds
|
||||||
|
}
|
||||||
|
|
||||||
|
// AttrNames defines what properties and methods are available on the Time type.
|
||||||
|
func (r Time) AttrNames() []string {
|
||||||
|
return []string{"now", "parse", "add", "subtract", "minute", "hour", "day", "value"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Attr defines what happens when props or methods are called on the Time type.
|
||||||
|
func (r Time) Attr(name string) (starlark.Value, error) {
|
||||||
|
switch name {
|
||||||
|
case "now":
|
||||||
|
b := starlark.NewBuiltin("now", r.Now)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "parse_duration":
|
||||||
|
b := starlark.NewBuiltin("parse_duration", r.ParseDuration)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "add":
|
||||||
|
b := starlark.NewBuiltin("add", r.Add)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "subtract":
|
||||||
|
b := starlark.NewBuiltin("subtract", r.Subtract)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "minute":
|
||||||
|
b := starlark.NewBuiltin("minute", r.Minute)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "hour":
|
||||||
|
b := starlark.NewBuiltin("hour", r.Hour)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "day":
|
||||||
|
b := starlark.NewBuiltin("day", r.Day)
|
||||||
|
b = b.BindReceiver(r)
|
||||||
|
return b, nil
|
||||||
|
case "value":
|
||||||
|
return starlark.MakeInt64(r.value), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r Time) Freeze() {}
|
||||||
|
func (r Time) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: Time") }
|
||||||
|
func (r Time) String() string { return fmt.Sprint(r.value) }
|
||||||
|
func (r Time) Type() string { return "Time" }
|
||||||
|
func (r Time) Truth() starlark.Bool { return true }
|
||||||
|
|
||||||
|
// Hour returns the current hour of a unix timestamp in range [0, 23].
|
||||||
|
func (r Time) Hour(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
t := ti.Unix(0, r.value)
|
||||||
|
return starlark.MakeInt(t.Hour()), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Minute returns the current minute of the hour for a unix timestamp in range [0, 59].
|
||||||
|
func (r Time) Minute(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
t := ti.Unix(0, r.value)
|
||||||
|
return starlark.MakeInt(t.Minute()), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Day returns the current day in a week of a unix timestamp... [Sunday = 0...]
|
||||||
|
func (r Time) Day(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
t := ti.Unix(0, r.value)
|
||||||
|
return starlark.MakeInt(int(t.Weekday())), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now returns the current time as a unix timestamp.
|
||||||
|
func (r Time) Now(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
val := ti.Now().UnixNano()
|
||||||
|
r.value = val
|
||||||
|
return r, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseDuration parses a go duration string to a time type.
|
||||||
|
func (r Time) ParseDuration(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
var dur string
|
||||||
|
err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &dur)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
if parsed, err := ti.ParseDuration(dur); err == nil {
|
||||||
|
val := parsed.Nanoseconds()
|
||||||
|
r.value = val
|
||||||
|
return r, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return starlark.None, fmt.Errorf("time.parse_duration: argument cannot be parsed as a valid go time duration")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add adds time to a time type.
|
||||||
|
func (r Time) Add(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
var t Time
|
||||||
|
err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &t)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
val := r.value + t.value
|
||||||
|
r.value = val
|
||||||
|
return r, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Subtract adds time to a time type.
|
||||||
|
func (r Time) Subtract(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
|
||||||
|
var t Time
|
||||||
|
err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &t)
|
||||||
|
if err != nil {
|
||||||
|
return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
val := r.value - t.value
|
||||||
|
r.value = val
|
||||||
|
return r, nil
|
||||||
|
}
|
18
internal/caddyscript/matcherenv.go
Normal file
18
internal/caddyscript/matcherenv.go
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
package caddyscript
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
caddyscript "bitbucket.org/lightcodelabs/caddy2/internal/caddyscript/lib"
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
// MatcherEnv sets up the global context for the matcher caddyscript environment.
|
||||||
|
func MatcherEnv(r *http.Request) starlark.StringDict {
|
||||||
|
env := make(starlark.StringDict)
|
||||||
|
env["req"] = caddyscript.HTTPRequest{Req: r}
|
||||||
|
env["time"] = caddyscript.Time{}
|
||||||
|
env["regexp"] = caddyscript.Regexp{}
|
||||||
|
|
||||||
|
return env
|
||||||
|
}
|
|
@ -32,9 +32,7 @@ type httpModuleConfig struct {
|
||||||
|
|
||||||
func (hc *httpModuleConfig) Run() error {
|
func (hc *httpModuleConfig) Run() error {
|
||||||
// TODO: Either prevent overlapping listeners on different servers, or combine them into one
|
// TODO: Either prevent overlapping listeners on different servers, or combine them into one
|
||||||
|
|
||||||
// TODO: A way to loop requests back through, so have them start the matching over again, but keeping any mutations
|
// TODO: A way to loop requests back through, so have them start the matching over again, but keeping any mutations
|
||||||
|
|
||||||
for _, srv := range hc.Servers {
|
for _, srv := range hc.Servers {
|
||||||
// set up the routes
|
// set up the routes
|
||||||
for i, route := range srv.Routes {
|
for i, route := range srv.Routes {
|
||||||
|
|
|
@ -1,10 +1,24 @@
|
||||||
package caddyhttp
|
package caddyhttp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"bitbucket.org/lightcodelabs/caddy2"
|
"bitbucket.org/lightcodelabs/caddy2"
|
||||||
|
"bitbucket.org/lightcodelabs/caddy2/internal/caddyscript"
|
||||||
|
"go.starlark.net/starlark"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TODO: Matchers should probably support regex of some sort... performance trade-offs?
|
||||||
|
type (
|
||||||
|
matchHost []string
|
||||||
|
matchPath []string
|
||||||
|
matchMethod []string
|
||||||
|
matchQuery map[string][]string
|
||||||
|
matchHeader map[string][]string
|
||||||
|
matchProtocol string
|
||||||
|
matchScript string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -28,17 +42,47 @@ func init() {
|
||||||
Name: "http.matchers.header",
|
Name: "http.matchers.header",
|
||||||
New: func() (interface{}, error) { return matchHeader{}, nil },
|
New: func() (interface{}, error) { return matchHeader{}, nil },
|
||||||
})
|
})
|
||||||
|
caddy2.RegisterModule(caddy2.Module{
|
||||||
|
Name: "http.matchers.protocol",
|
||||||
|
New: func() (interface{}, error) { return new(matchProtocol), nil },
|
||||||
|
})
|
||||||
|
caddy2.RegisterModule(caddy2.Module{
|
||||||
|
Name: "http.matchers.caddyscript",
|
||||||
|
New: func() (interface{}, error) { return new(matchScript), nil },
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Matchers should probably support regex of some sort... performance trade-offs?
|
func (m matchScript) Match(r *http.Request) bool {
|
||||||
|
input := string(m)
|
||||||
|
thread := new(starlark.Thread)
|
||||||
|
env := caddyscript.MatcherEnv(r)
|
||||||
|
val, err := starlark.Eval(thread, "", input, env)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("caddyscript for matcher is invalid: attempting to evaluate expression `%v` error `%v`", input, err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
type (
|
return val.String() == "True"
|
||||||
matchHost []string
|
}
|
||||||
matchPath []string
|
|
||||||
matchMethod []string
|
func (m matchProtocol) Match(r *http.Request) bool {
|
||||||
matchQuery map[string][]string
|
switch string(m) {
|
||||||
matchHeader map[string][]string
|
case "grpc":
|
||||||
)
|
if r.Header.Get("content-type") == "application/grpc" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
case "https":
|
||||||
|
if r.TLS != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
case "http":
|
||||||
|
if r.TLS == nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func (m matchHost) Match(r *http.Request) bool {
|
func (m matchHost) Match(r *http.Request) bool {
|
||||||
for _, host := range m {
|
for _, host := range m {
|
||||||
|
@ -99,4 +143,6 @@ var (
|
||||||
_ RouteMatcher = matchMethod{}
|
_ RouteMatcher = matchMethod{}
|
||||||
_ RouteMatcher = matchQuery{}
|
_ RouteMatcher = matchQuery{}
|
||||||
_ RouteMatcher = matchHeader{}
|
_ RouteMatcher = matchHeader{}
|
||||||
|
_ RouteMatcher = new(matchProtocol)
|
||||||
|
_ RouteMatcher = new(matchScript)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue