Cleanup and minor refactor make readability easier

This commit is contained in:
Shayon Mukherjee 2024-05-12 09:14:12 -04:00
parent d4f86ac26d
commit 683cc2fd4a
3 changed files with 41 additions and 37 deletions

View File

@ -158,7 +158,6 @@ func testRequest(t *testing.T, url string, stream io.ReadWriter) *http.Request {
} }
func TestBastionDestination(t *testing.T) { func TestBastionDestination(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
header http.Header header http.Header

View File

@ -54,7 +54,7 @@ func (ing Ingress) FindMatchingRule(hostname, path string, cfJumpDestinationHead
for i, rule := range ing.Rules { for i, rule := range ing.Rules {
// If bastion mode is turned on and request is made as bastion, attempt // If bastion mode is turned on and request is made as bastion, attempt
// to match a rule where jump destination header matches the hostname // to match a rule where jump destination header matches the hostname
if rule.Config.BastionMode && len(cfJumpDestinationHeader) > 0 { if matchBastionDest(rule, cfJumpDestinationHeader) {
jumpDestinationUri, err := url.Parse(cfJumpDestinationHeader) jumpDestinationUri, err := url.Parse(cfJumpDestinationHeader)
if err == nil { if err == nil {
derivedHostName = jumpDestinationUri.Hostname() derivedHostName = jumpDestinationUri.Hostname()
@ -69,6 +69,10 @@ func (ing Ingress) FindMatchingRule(hostname, path string, cfJumpDestinationHead
return &ing.Rules[i], i return &ing.Rules[i], i
} }
func matchBastionDest(rule Rule, cfJumpDestinationHeader string) bool {
return rule.Config.BastionMode && len(cfJumpDestinationHeader) > 0 && rule.Service != nil && rule.Service.String() != config.BastionFlag
}
func matchHost(ruleHost, reqHost string) bool { func matchHost(ruleHost, reqHost string) bool {
if ruleHost == reqHost { if ruleHost == reqHost {
return true return true

View File

@ -90,18 +90,27 @@ func (p *Proxy) ProxyHTTP(
rule, ruleNum := p.ingressRules.FindMatchingRule(req.Host, req.URL.Path, req.Header.Get(carrier.CFJumpDestinationHeader)) rule, ruleNum := p.ingressRules.FindMatchingRule(req.Host, req.URL.Path, req.Header.Get(carrier.CFJumpDestinationHeader))
ruleSpan.SetAttributes(attribute.Int("rule-num", ruleNum)) ruleSpan.SetAttributes(attribute.Int("rule-num", ruleNum))
ruleSpan.End() ruleSpan.End()
logger := newHTTPLogger(p.log, tr.ConnIndex, req, ruleNum, rule.Service.String()) logger := newHTTPLogger(p.log, tr.ConnIndex, req, ruleNum, rule.Service.String())
logHTTPRequest(&logger, req) logHTTPRequest(&logger, req)
if err, applied := p.applyIngressMiddleware(rule, req, w); err != nil { if err, applied := p.applyIngressMiddleware(rule, req, w); err != nil {
if applied { if applied {
logRequestError(&logger, err) logRequestError(&logger, err)
return nil
} }
return err return err
} }
// Check if config is for Bastion Mode and service is a stream based origin proxy, if so stream service in bastion mode if _, isStreamBased := rule.Service.(ingress.StreamBasedOriginProxy); isStreamBased || rule.Config.BastionMode {
if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); ok || rule.Config.BastionMode { return p.handleStreamBasedService(rule, req, w, tr, &logger)
}
return p.handleHTTPBasedService(rule, req, w, tr, isWebsocket, &logger)
}
func (p *Proxy) handleStreamBasedService(rule *ingress.Rule, req *http.Request, w connection.ResponseWriter, tr *tracing.TracedHTTPRequest, logger *zerolog.Logger) error {
// If in bastion mode, we need to resolve the destination from the request, so service like http_status:404
// won't work since it doesn't have EstablishConnection method to resolve the destination
if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); !ok && rule.Config.BastionMode { if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); !ok && rule.Config.BastionMode {
return fmt.Errorf("Unsupported service to stream to in bastion mode: %s", rule.Service) return fmt.Errorf("Unsupported service to stream to in bastion mode: %s", rule.Service)
} }
@ -115,36 +124,28 @@ func (p *Proxy) ProxyHTTP(
if !ok { if !ok {
return fmt.Errorf("response writer is not a flusher") return fmt.Errorf("response writer is not a flusher")
} }
rws := connection.NewHTTPResponseReadWriterAcker(w, flusher, req) rws := connection.NewHTTPResponseReadWriterAcker(w, flusher, req)
logger := logger.With().Str(logFieldDestAddr, dest).Logger() if err := p.proxyStream(tr.ToTracedContext(), rws, dest, rule.Service.(ingress.StreamBasedOriginProxy), logger); err != nil {
// We know that Bastion mode is supported by StreamBasedOriginProxy, hence use the same logRequestError(logger, err)
if err := p.proxyStream(tr.ToTracedContext(), rws, dest, rule.Service.(ingress.StreamBasedOriginProxy), &logger); err != nil {
logRequestError(&logger, err)
return err return err
} }
return nil return nil
} }
func (p *Proxy) handleHTTPBasedService(rule *ingress.Rule, req *http.Request, w connection.ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool, logger *zerolog.Logger) error {
switch originProxy := rule.Service.(type) { switch originProxy := rule.Service.(type) {
case ingress.HTTPOriginProxy: case ingress.HTTPOriginProxy:
if err := p.proxyHTTPRequest( if err := p.proxyHTTPRequest(w, tr, originProxy, isWebsocket, rule.Config.DisableChunkedEncoding, logger); err != nil {
w, logRequestError(logger, err)
tr,
originProxy,
isWebsocket,
rule.Config.DisableChunkedEncoding,
&logger,
); err != nil {
logRequestError(&logger, err)
return err return err
} }
return nil
case ingress.HTTPLocalProxy: case ingress.HTTPLocalProxy:
p.proxyLocalRequest(originProxy, w, req, isWebsocket) p.proxyLocalRequest(originProxy, w, req, isWebsocket)
return nil
default: default:
return fmt.Errorf("Unrecognized service: %s, %t", rule.Service, originProxy) return fmt.Errorf("Unrecognized service: %s, %t", rule.Service, originProxy)
} }
return nil
} }
// ProxyTCP proxies to a TCP connection between the origin service and cloudflared. // ProxyTCP proxies to a TCP connection between the origin service and cloudflared.