caddyhttp: Use new CEL APIs (fix #4915)

Hahaha this is the ultimate "I have no idea what I'm doing" commit but it compiles and the tests pass and I declare victory! ... probably broke something, should be tested more. It is nice that the protobuf dependency becomes indirect now.
2024-12-26 13:43:47 +03:00 · 2022-07-28 14:50:28 -06:00 · 2022-07-28 14:50:28 -06:00 · ea8df6ff11
commit ea8df6ff11
parent c833e3b249
4 changed files with 43 additions and 109 deletions
--- a/go.mod
+++ b/go.mod
@ -33,7 +33,6 @@ require (
 	golang.org/x/net v0.0.0-20220630215102-69896b714898
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21
 	google.golang.org/protobuf v1.28.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@ -127,6 +126,7 @@ require (
 	golang.org/x/tools v0.1.7 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/grpc v1.46.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	howett.net/plist v1.0.0 // indirect
--- a/modules/caddyhttp/celmatcher.go
+++ b/modules/caddyhttp/celmatcher.go
@ -28,7 +28,6 @@ import (
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/checker/decls"
 	"github.com/google/cel-go/common"
 	"github.com/google/cel-go/common/operators"
 	"github.com/google/cel-go/common/types"
@ -40,7 +39,6 @@ import (
 	"github.com/google/cel-go/parser"
 	"go.uber.org/zap"
 	exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
 	"google.golang.org/protobuf/proto"
 )
 func init() {
@ -126,13 +124,12 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error {
 	// create the CEL environment
 	env, err := cel.NewEnv(
-		cel.Declarations(
+		cel.Function(placeholderFuncName, cel.SingletonBinaryImpl(m.caddyPlaceholderFunc), cel.Overload(
-			decls.NewVar("request", httpRequestObjectType),
+			placeholderFuncName+"_httpRequest_string",
-			decls.NewFunction(placeholderFuncName,
+			[]*cel.Type{httpRequestObjectType, cel.StringType},
-				decls.NewOverload(placeholderFuncName+"_httpRequest_string",
+			cel.AnyType,
-					[]*exprpb.Type{httpRequestObjectType, decls.String},
+		)),
-					decls.Any)),
+		cel.Variable("request", httpRequestObjectType),
 		),
 		cel.CustomTypeAdapter(m.ta),
 		ext.Strings(),
 		matcherLib,
@ -149,20 +146,12 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error {
 	// request matching is a boolean operation, so we don't really know
 	// what to do if the expression returns a non-boolean type
-	if !proto.Equal(checked.ResultType(), decls.Bool) {
+	if checked.OutputType() != cel.BoolType {
-		return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType())
+		return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.OutputType())
 	}
 	// compile the "program"
-	m.prg, err = env.Program(checked,
+	m.prg, err = env.Program(checked, cel.EvalOptions(cel.OptOptimize))
 		cel.EvalOptions(cel.OptOptimize),
 		cel.Functions(
 			&functions.Overload{
 				Operator: placeholderFuncName,
 				Binary:   m.caddyPlaceholderFunc,
 			},
 		),
 	)
 	if err != nil {
 		return fmt.Errorf("compiling CEL program: %s", err)
 	}
@ -321,62 +310,46 @@ type CELLibraryProducer interface {
 // limited set of function signatures. For strong type validation you may need
 // to provide a custom macro which does a more detailed analysis of the CEL
 // literal provided to the macro as an argument.
-func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*exprpb.Type, fac CELMatcherFactory) (cel.Library, error) {
+func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*cel.Type, fac CELMatcherFactory) (cel.Library, error) {
-	requestType := decls.NewObjectType("http.Request")
+	requestType := cel.ObjectType("http.Request")
 	var macro parser.Macro
 	switch len(matcherDataTypes) {
 	case 1:
 		matcherDataType := matcherDataTypes[0]
-		if isCELStringListType(matcherDataType) {
+		switch matcherDataType.String() {
 		case "list(string)":
 			macro = parser.NewGlobalVarArgMacro(macroName, celMatcherStringListMacroExpander(funcName))
-		} else if isCELStringType(matcherDataType) {
+		case cel.StringType.String():
 			macro = parser.NewGlobalMacro(macroName, 1, celMatcherStringMacroExpander(funcName))
-		} else if isCELJSONType(matcherDataType) {
+		case CELTypeJSON.String():
 			macro = parser.NewGlobalMacro(macroName, 1, celMatcherJSONMacroExpander(funcName))
-		} else {
+		default:
-			return nil, fmt.Errorf("unsupported matcher data type: %s", cel.FormatType(matcherDataType))
+			return nil, fmt.Errorf("unsupported matcher data type: %s", matcherDataType)
 		}
 	case 2:
-		if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) {
+		if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType {
 			macro = parser.NewGlobalMacro(macroName, 2, celMatcherStringListMacroExpander(funcName))
-			matcherDataTypes = []*exprpb.Type{CelTypeListString}
+			matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)}
 		} else {
-			return nil, fmt.Errorf(
+			return nil, fmt.Errorf("unsupported matcher data type: %s, %s", matcherDataTypes[0], matcherDataTypes[1])
 				"unsupported matcher data type: %s, %s",
 				cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]),
 			)
 		}
 	case 3:
-		if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) && isCELStringType(matcherDataTypes[2]) {
+		if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType && matcherDataTypes[2] == cel.StringType {
 			macro = parser.NewGlobalMacro(macroName, 3, celMatcherStringListMacroExpander(funcName))
-			matcherDataTypes = []*exprpb.Type{CelTypeListString}
+			matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)}
 		} else {
-			return nil, fmt.Errorf(
+			return nil, fmt.Errorf("unsupported matcher data type: %s, %s, %s", matcherDataTypes[0], matcherDataTypes[1], matcherDataTypes[2])
 				"unsupported matcher data type: %s, %s, %s",
 				cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]), cel.FormatType(matcherDataTypes[2]),
 			)
 		}
 	}
 	envOptions := []cel.EnvOption{
 		cel.Macros(macro),
-		cel.Declarations(
+		cel.Function(funcName,
-			decls.NewFunction(funcName,
+			cel.Overload(funcName, append([]*cel.Type{requestType}, matcherDataTypes...), cel.BoolType),
-				decls.NewOverload(
+
-					funcName,
+			cel.SingletonBinaryImpl(CELMatcherRuntimeFunction(funcName, fac))),
 					append([]*exprpb.Type{requestType}, matcherDataTypes...),
 					decls.Bool,
 				),
 			),
 		),
 	}
 	programOptions := []cel.ProgramOption{
 		cel.CustomDecorator(CELMatcherDecorator(funcName, fac)),
 		cel.Functions(
 			&functions.Overload{
 				Operator: funcName,
 				Binary:   CELMatcherRuntimeFunction(funcName, fac),
 			},
 		),
 	}
 	return NewMatcherCELLibrary(envOptions, programOptions), nil
 }
@ -610,25 +583,6 @@ func CELValueToMapStrList(data ref.Val) (map[string][]string, error) {
 	return mapStrListStr, nil
 }
 // isCELJSONType returns whether the type corresponds to JSON input.
 func isCELJSONType(t *exprpb.Type) bool {
 	switch t.GetTypeKind().(type) {
 	case *exprpb.Type_MapType_:
 		mapType := t.GetMapType()
 		return isCELStringType(mapType.GetKeyType()) && mapType.GetValueType().GetDyn() != nil
 	}
 	return false
 }
 // isCELStringType returns whether the type corresponds to a string.
 func isCELStringType(t *exprpb.Type) bool {
 	switch t.GetTypeKind().(type) {
 	case *exprpb.Type_Primitive:
 		return t.GetPrimitive() == exprpb.Type_STRING
 	}
 	return false
 }
 // isCELStringExpr indicates whether the expression is a supported string expression
 func isCELStringExpr(e *exprpb.Expr) bool {
 	return isCELStringLiteral(e) || isCELCaddyPlaceholderCall(e) || isCELConcatCall(e)
@ -681,15 +635,6 @@ func isCELConcatCall(e *exprpb.Expr) bool {
 	return false
 }
 // isCELStringListType returns whether the type corresponds to a list of strings.
 func isCELStringListType(t *exprpb.Type) bool {
 	switch t.GetTypeKind().(type) {
 	case *exprpb.Type_ListType_:
 		return isCELStringType(t.GetListType().GetElemType())
 	}
 	return false
 }
 // isCELStringListLiteral returns whether the expression resolves to a list literal
 // containing only string constants or a placeholder call.
 func isCELStringListLiteral(e *exprpb.Expr) bool {
@ -713,11 +658,10 @@ var (
 	placeholderRegexp    = regexp.MustCompile(`{([a-zA-Z][\w.-]+)}`)
 	placeholderExpansion = `caddyPlaceholder(request, "${1}")`
-	CelTypeListString = decls.NewListType(decls.String)
+	CELTypeJSON = cel.MapType(cel.StringType, cel.DynType)
 	CelTypeJson       = decls.NewMapType(decls.String, decls.Dyn)
 )
-var httpRequestObjectType = decls.NewObjectType("http.Request")
+var httpRequestObjectType = cel.ObjectType("http.Request")
 // The name of the CEL function which accesses Replacer values.
 const placeholderFuncName = "caddyPlaceholder"
--- a/modules/caddyhttp/fileserver/matcher.go
+++ b/modules/caddyhttp/fileserver/matcher.go
@ -27,7 +27,6 @@ import (
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/checker/decls"
 	"github.com/google/cel-go/common"
 	"github.com/google/cel-go/common/operators"
 	"github.com/google/cel-go/common/types/ref"
@ -153,17 +152,10 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 // Example:
 //    expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']})
 func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) {
-	requestType := decls.NewObjectType("http.Request")
+	requestType := cel.ObjectType("http.Request")
 	envOptions := []cel.EnvOption{
 		cel.Macros(parser.NewGlobalVarArgMacro("file", celFileMatcherMacroExpander())),
-		cel.Declarations(
+		cel.Function("file", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType)),
 			decls.NewFunction("file",
 				decls.NewOverload("file_request_map",
 					[]*exprpb.Type{requestType, caddyhttp.CelTypeJson},
 					decls.Bool,
 				),
 			),
 		),
 	}
 	matcherFactory := func(data ref.Val) (caddyhttp.RequestMatcher, error) {
--- a/modules/caddyhttp/matchers.go
+++ b/modules/caddyhttp/matchers.go
@ -33,11 +33,9 @@ import (
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/checker/decls"
 	"github.com/google/cel-go/common/types"
 	"github.com/google/cel-go/common/types/ref"
 	"go.uber.org/zap"
 	exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
 )
 type (
@ -310,7 +308,7 @@ func (MatchHost) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 	return CELMatcherImpl(
 		"host",
 		"host_match_request_list",
-		[]*exprpb.Type{CelTypeListString},
+		[]*cel.Type{cel.ListType(cel.StringType)},
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
 			strList, err := data.ConvertToNative(refStringList)
@ -441,7 +439,7 @@ func (MatchPath) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 		// name of the function that the macro will be rewritten to call.
 		"path_match_request_list",
 		// internal data type of the MatchPath value.
-		[]*exprpb.Type{CelTypeListString},
+		[]*cel.Type{cel.ListType(cel.StringType)},
 		// function to convert a constant list of strings to a MatchPath instance.
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
@ -509,7 +507,7 @@ func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 	unnamedPattern, err := CELMatcherImpl(
 		"path_regexp",
 		"path_regexp_request_string",
-		[]*exprpb.Type{decls.String},
+		[]*cel.Type{cel.StringType},
 		func(data ref.Val) (RequestMatcher, error) {
 			pattern := data.(types.String)
 			matcher := MatchPathRE{MatchRegexp{Pattern: string(pattern)}}
@ -523,7 +521,7 @@ func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 	namedPattern, err := CELMatcherImpl(
 		"path_regexp",
 		"path_regexp_request_string_string",
-		[]*exprpb.Type{decls.String, decls.String},
+		[]*cel.Type{cel.StringType, cel.StringType},
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
 			params, err := data.ConvertToNative(refStringList)
@ -582,7 +580,7 @@ func (MatchMethod) CELLibrary(_ caddy.Context) (cel.Library, error) {
 	return CELMatcherImpl(
 		"method",
 		"method_request_list",
-		[]*exprpb.Type{CelTypeListString},
+		[]*cel.Type{cel.ListType(cel.StringType)},
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
 			strList, err := data.ConvertToNative(refStringList)
@ -668,7 +666,7 @@ func (MatchQuery) CELLibrary(_ caddy.Context) (cel.Library, error) {
 	return CELMatcherImpl(
 		"query",
 		"query_matcher_request_map",
-		[]*exprpb.Type{CelTypeJson},
+		[]*cel.Type{CELTypeJSON},
 		func(data ref.Val) (RequestMatcher, error) {
 			mapStrListStr, err := CELValueToMapStrList(data)
 			if err != nil {
@ -744,7 +742,7 @@ func (MatchHeader) CELLibrary(_ caddy.Context) (cel.Library, error) {
 	return CELMatcherImpl(
 		"header",
 		"header_matcher_request_map",
-		[]*exprpb.Type{CelTypeJson},
+		[]*cel.Type{CELTypeJSON},
 		func(data ref.Val) (RequestMatcher, error) {
 			mapStrListStr, err := CELValueToMapStrList(data)
 			if err != nil {
@ -901,7 +899,7 @@ func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 	unnamedPattern, err := CELMatcherImpl(
 		"header_regexp",
 		"header_regexp_request_string_string",
-		[]*exprpb.Type{decls.String, decls.String},
+		[]*cel.Type{cel.StringType, cel.StringType},
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
 			params, err := data.ConvertToNative(refStringList)
@ -921,7 +919,7 @@ func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 	namedPattern, err := CELMatcherImpl(
 		"header_regexp",
 		"header_regexp_request_string_string_string",
-		[]*exprpb.Type{decls.String, decls.String, decls.String},
+		[]*cel.Type{cel.StringType, cel.StringType, cel.StringType},
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})
 			params, err := data.ConvertToNative(refStringList)
@ -985,7 +983,7 @@ func (MatchProtocol) CELLibrary(_ caddy.Context) (cel.Library, error) {
 	return CELMatcherImpl(
 		"protocol",
 		"protocol_request_string",
-		[]*exprpb.Type{decls.String},
+		[]*cel.Type{cel.StringType},
 		func(data ref.Val) (RequestMatcher, error) {
 			protocolStr, ok := data.(types.String)
 			if !ok {
@ -1107,7 +1105,7 @@ func (MatchRemoteIP) CELLibrary(ctx caddy.Context) (cel.Library, error) {
 		// name of the function that the macro will be rewritten to call.
 		"remote_ip_match_request_list",
 		// internal data type of the MatchPath value.
-		[]*exprpb.Type{CelTypeListString},
+		[]*cel.Type{cel.ListType(cel.StringType)},
 		// function to convert a constant list of strings to a MatchPath instance.
 		func(data ref.Val) (RequestMatcher, error) {
 			refStringList := reflect.TypeOf([]string{})