diff --git a/src/utils/parceyaml.rs b/src/utils/parceyaml.rs index 1a6cd29..e9443b9 100644 --- a/src/utils/parceyaml.rs +++ b/src/utils/parceyaml.rs @@ -104,7 +104,7 @@ async fn populate_headers_and_auth(config: &mut Configuration, parsed: &Config) auth_type: Arc::from(pa.auth_type.clone()), auth_cred: Arc::from(pa.auth_cred.clone()), }; - config.extraparams.authentication = Some(y); + config.extraparams.authentication = Some(Arc::from(y)); } } diff --git a/src/utils/structs.rs b/src/utils/structs.rs index 13e2609..57301bf 100644 --- a/src/utils/structs.rs +++ b/src/utils/structs.rs @@ -13,7 +13,7 @@ pub type Headers = DashMap, DashMap, Vec<(Arc, Arc)> pub struct Extraparams { pub to_https: Option, pub sticky_sessions: bool, - pub authentication: Option, + pub authentication: Option>, pub rate_limit: Option, } diff --git a/src/web/proxyhttp.rs b/src/web/proxyhttp.rs index 9aeb290..093f881 100644 --- a/src/web/proxyhttp.rs +++ b/src/web/proxyhttp.rs @@ -44,7 +44,7 @@ pub struct LB { pub struct Context { backend_id: Option, sticky_sessions: bool, - redirect_to: Option, + // redirect_to: Option, start_time: Instant, hostname: Option>, upstream_peer: Option>, @@ -59,7 +59,7 @@ impl ProxyHttp for LB { Context { backend_id: None, sticky_sessions: false, - redirect_to: None, + // redirect_to: None, start_time: Instant::now(), hostname: None, upstream_peer: None, @@ -68,14 +68,6 @@ impl ProxyHttp for LB { } } async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result { - if let Some(auth) = &_ctx.extraparams.authentication { - let authenticated = authenticate(&auth.auth_type, &auth.auth_cred, &session); - if !authenticated { - let _ = session.respond_error(401).await; - warn!("Forbidden: {:?}, {}", session.client_addr(), session.req_header().uri.path()); - return Ok(true); - } - } let hostname = return_header_host_from_upstream(session, &self.ump_upst); _ctx.hostname = hostname; let mut backend_id = None; @@ -95,19 +87,14 @@ impl ProxyHttp for LB { None => return Ok(false), Some(host) => { let optioninnermap = self.get_host(host, session.req_header().uri.path(), backend_id); - match optioninnermap { None => return Ok(false), Some(ref innermap) => { - // Inner auth works only if global is disabled. - if let Some(auth) = &innermap.authorization { - if _ctx.extraparams.authentication.is_none() { - let authenticated = authenticate(&auth.auth_type, &auth.auth_cred, &session); - if !authenticated { - let _ = session.respond_error(401).await; - warn!("Forbidden: {:?}, {}", session.client_addr(), session.req_header().uri.path()); - return Ok(true); - } + if let Some(auth) = _ctx.extraparams.authentication.as_ref().or(innermap.authorization.as_ref()) { + if !authenticate(&auth.auth_type, &auth.auth_cred, &session) { + let _ = session.respond_error(401).await; + warn!("Forbidden: {:?}, {}", session.client_addr(), session.req_header().uri.path()); + return Ok(true); } } @@ -127,6 +114,44 @@ impl ProxyHttp for LB { return Ok(true); } } + + if let Some(redirect_to) = &innermap.redirect_to { + let uri = session.req_header().uri.path(); + let capacity = redirect_to.len() + uri.len(); + let mut s = String::with_capacity(capacity); + s.push_str(redirect_to); + s.push_str(uri); + let mut resp = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?; + resp.insert_header("Location", s)?; + resp.insert_header("Content-Length", "0")?; + session.write_response_header(Box::new(resp), true).await?; + return Ok(true); + } + + if _ctx.extraparams.to_https.unwrap_or(false) || innermap.to_https { + if let Some(stream) = session.stream() { + if stream.get_ssl().is_none() { + if let Some(host) = _ctx.hostname.as_ref() { + let port = self.config.proxy_port_tls.clone().unwrap_or_else(|| "443".to_string()); + let uri = session.req_header().uri.path(); + let capacity = host.len() + uri.len() + 8; + let mut s = String::with_capacity(capacity); + s.push_str("https://"); + s.push_str(host); + if port != "443" { + s.push_str(":"); + s.push_str(&port); + } + s.push_str(uri); + let mut resp = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?; + resp.insert_header("Location", s)?; + resp.insert_header("Content-Length", "0")?; + session.write_response_header(Box::new(resp), true).await?; + return Ok(true); + } + } + } + } } } _ctx.upstream_peer = optioninnermap; @@ -162,33 +187,6 @@ impl ProxyHttp for LB { End of experimental options */ - if let Some(redirect_to) = &innermap.redirect_to { - let uri = session.req_header().uri.path(); - let capacity = redirect_to.len() + uri.len(); - let mut s = String::with_capacity(capacity); - s.push_str(redirect_to); - s.push_str(uri); - ctx.redirect_to = Some(s); - } - - if ctx.extraparams.to_https.unwrap_or(false) || innermap.to_https { - if let Some(stream) = session.stream() { - if stream.get_ssl().is_none() { - if let Some(host) = ctx.hostname.as_ref() { - let port = self.config.proxy_port_tls.clone().unwrap_or_else(|| "443".to_string()); - let uri = session.req_header().uri.path(); - let capacity = host.len() + uri.len() + 8; - let mut s = String::with_capacity(capacity); - s.push_str("https://"); - s.push_str(host); - s.push_str(port.as_str()); - s.push_str(uri); - ctx.redirect_to = Some(s); - } - } - } - } - if ctx.extraparams.sticky_sessions { let mut s = String::with_capacity(64); write!( @@ -287,20 +285,11 @@ impl ProxyHttp for LB { } } - if let Some(redirect_to) = &ctx.redirect_to { - *_upstream_response = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?; - _upstream_response.insert_header("Location", redirect_to)?; - _upstream_response.insert_header("Content-Length", "0")?; - return Ok(()); - } - - // ALLOCATIONS ! if let Some(client_headers) = &ctx.client_headers { for (k, v) in client_headers.iter() { _upstream_response.append_header(k.to_string(), v.as_ref())?; } } - // END ALLOCATIONS ! // session.set_keepalive(Some(300)); // println!("session.get_keepalive: {:?}", session.get_keepalive());