From a549e33e9ab41f6315481ad57c21fed62492285e Mon Sep 17 00:00:00 2001 From: Jonas Kaninda Date: Sun, 10 Nov 2024 14:52:31 +0100 Subject: [PATCH] feat: add configuration checking --- cmd/config/check.go | 45 +++++++++++++++++++++++++++ cmd/config/config.go | 5 +-- internal/checkConfig.go | 67 +++++++++++++++++++++++++++++++++++++++++ internal/config.go | 53 +++++++++++++++++++++++--------- internal/handler.go | 4 +-- internal/healthCheck.go | 17 ++++++++--- internal/route.go | 14 +++++++++ internal/types.go | 28 +++++++++-------- util/helpers.go | 5 +++ 9 files changed, 202 insertions(+), 36 deletions(-) create mode 100644 cmd/config/check.go create mode 100644 internal/checkConfig.go diff --git a/cmd/config/check.go b/cmd/config/check.go new file mode 100644 index 0000000..2a563c5 --- /dev/null +++ b/cmd/config/check.go @@ -0,0 +1,45 @@ +/* + * Copyright 2024 Jonas Kaninda + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package config + +import ( + pkg "github.com/jkaninda/goma-gateway/internal" + "github.com/spf13/cobra" + "log" +) + +var CheckConfigCmd = &cobra.Command{ + Use: "check", + Short: "Check Goma Gateway configuration file", + Run: func(cmd *cobra.Command, args []string) { + configFile, _ := cmd.Flags().GetString("config") + if configFile == "" { + log.Fatalln("no config file specified") + } + err := pkg.CheckConfig(configFile) + if err != nil { + log.Fatalf(" Error checking config file: %s\n", err) + } + log.Println("Goma Gateway configuration file checked successfully") + + }, +} + +func init() { + CheckConfigCmd.Flags().StringP("config", "c", "", "Path to the configuration filename") +} diff --git a/cmd/config/config.go b/cmd/config/config.go index f0ebb35..302ec75 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -17,8 +17,8 @@ limitations under the License. package config import ( - "github.com/jkaninda/goma-gateway/pkg/logger" "github.com/spf13/cobra" + "log" ) var Cmd = &cobra.Command{ @@ -28,7 +28,7 @@ var Cmd = &cobra.Command{ if len(args) == 0 { return } else { - logger.Fatal(`"config" accepts no argument %q`, args) + log.Fatalf("Config accepts no argument %q", args) } @@ -37,4 +37,5 @@ var Cmd = &cobra.Command{ func init() { Cmd.AddCommand(InitConfigCmd) + Cmd.AddCommand(CheckConfigCmd) } diff --git a/internal/checkConfig.go b/internal/checkConfig.go new file mode 100644 index 0000000..67c568e --- /dev/null +++ b/internal/checkConfig.go @@ -0,0 +1,67 @@ +/* + * Copyright 2024 Jonas Kaninda + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package pkg + +import ( + "fmt" + "github.com/jkaninda/goma-gateway/util" + "gopkg.in/yaml.v3" + "log" + "os" +) + +func CheckConfig(fileName string) error { + if !util.FileExists(fileName) { + return fmt.Errorf("config file not found: %s", fileName) + } + buf, err := os.ReadFile(fileName) + if err != nil { + return err + } + c := &GatewayConfig{} + err = yaml.Unmarshal(buf, c) + if err != nil { + return fmt.Errorf("parsing the configuration file %q: %w", fileName, err) + } + gateway := &GatewayServer{ + ctx: nil, + version: c.Version, + gateway: c.GatewayConfig, + middlewares: c.Middlewares, + } + for index, route := range gateway.gateway.Routes { + if len(route.Name) == 0 { + log.Printf("Warning: route name is empty, index: [%d]", index) + } + if route.Destination == "" && len(route.Backends) == 0 { + log.Printf("Error: no destination or backends specified for route: %s | index: [%d] \n", route.Name, index) + } + } + + //Check middleware + for index, mid := range c.Middlewares { + if util.HasWhitespace(mid.Name) { + log.Printf("Warning: Middleware contains whitespace: %s | index: [%d], please remove whitespace characters\n", mid.Name, index) + } + } + + log.Printf("Routes count=%d Middlewares count=%d\n", len(gateway.gateway.Routes), len(gateway.middlewares)) + + return nil + +} diff --git a/internal/config.go b/internal/config.go index e02e780..5baf3d4 100644 --- a/internal/config.go +++ b/internal/config.go @@ -48,6 +48,7 @@ func (GatewayServer) Config(configFile string) (*GatewayServer, error) { } return &GatewayServer{ ctx: nil, + version: c.Version, gateway: c.GatewayConfig, middlewares: c.Middlewares, }, nil @@ -122,7 +123,7 @@ func initConfig(configFile string) { GatewayConfig: Gateway{ WriteTimeout: 15, ReadTimeout: 15, - IdleTimeout: 60, + IdleTimeout: 30, AccessLog: "/dev/Stdout", ErrorLog: "/dev/stderr", DisableRouteHealthCheckError: false, @@ -140,11 +141,14 @@ func initConfig(configFile string) { Routes: []Route{ { Name: "Public", - Path: "/public", + Path: "/", Methods: []string{"GET"}, Destination: "https://example.com", Rewrite: "/", - HealthCheck: "", + HealthCheck: RouteHealthCheck{ + Path: "/", + HealthyStatuses: []int{200, 404}, + }, Middlewares: []string{"api-forbidden-paths"}, }, { @@ -152,7 +156,7 @@ func initConfig(configFile string) { Path: "/protected", Destination: "https://example.com", Rewrite: "/", - HealthCheck: "", + HealthCheck: RouteHealthCheck{}, Cors: Cors{ Origins: []string{"http://localhost:3000", "https://dev.example.com"}, Headers: map[string]string{ @@ -164,12 +168,35 @@ func initConfig(configFile string) { Middlewares: []string{"basic-auth", "api-forbidden-paths"}, }, { - Name: "Hostname example", - Hosts: []string{"example.com", "example.localhost"}, - Path: "/", - Destination: "https://example.com", + Path: "/", + Name: "Hostname and load balancing example", + Hosts: []string{"example.com", "example.localhost"}, + InterceptErrors: []int{404, 405, 500}, + RateLimit: 60, + Backends: []string{ + "https://example.com", + "https://example2.com", + "https://example4.com", + }, Rewrite: "/", - HealthCheck: "", + HealthCheck: RouteHealthCheck{}, + }, + { + Path: "/loadbalancing", + Name: "loadBalancing example", + Hosts: []string{"example.com", "example.localhost"}, + Backends: []string{ + "https://example.com", + "https://example2.com", + "https://example4.com", + }, + Rewrite: "/", + HealthCheck: RouteHealthCheck{ + Path: "/health/live", + HealthyStatuses: []int{200, 404}, + Interval: 30, + Timeout: 10, + }, }, }, }, @@ -207,7 +234,6 @@ func initConfig(configFile string) { "/swagger-ui/*", "/v2/swagger-ui/*", "/api-docs/*", - "/internal/*", "/actuator/*", }, }, @@ -234,12 +260,11 @@ func initConfig(configFile string) { Name: "oauth-authentik", Type: OAuth, Paths: []string{ - "/protected", - "/example-of-oauth", + "/*", }, Rule: OauthRulerMiddleware{ - ClientID: "xxx", - ClientSecret: "xxx", + ClientID: "xxxx", + ClientSecret: "xxxx", RedirectURL: "http://localhost:8080/callback", Scopes: []string{"email", "openid"}, JWTSecret: "your-strong-jwt-secret | It's optional", diff --git a/internal/handler.go b/internal/handler.go index 33fec61..bf11111 100644 --- a/internal/handler.go +++ b/internal/handler.go @@ -72,8 +72,8 @@ func (heathRoute HealthCheckRoute) HealthCheckHandler(w http.ResponseWriter, r * for _, route := range heathRoute.Routes { go func() { defer wg.Done() - if route.HealthCheck != "" { - err := healthCheck(route.Destination + route.HealthCheck) + if route.HealthCheck.Path != "" { + err := healthCheck(route.Destination+route.HealthCheck.Path, route.HealthCheck.HealthyStatuses) if err != nil { if heathRoute.DisableRouteHealthCheckError { routes = append(routes, HealthCheckRouteResponse{Name: route.Name, Status: "unhealthy", Error: "Route healthcheck errors disabled"}) diff --git a/internal/healthCheck.go b/internal/healthCheck.go index 931f1a4..518baf0 100644 --- a/internal/healthCheck.go +++ b/internal/healthCheck.go @@ -21,9 +21,10 @@ import ( "io" "net/http" "net/url" + "slices" ) -func healthCheck(healthURL string) error { +func healthCheck(healthURL string, healthyStatuses []int) error { healthCheckURL, err := url.Parse(healthURL) if err != nil { return fmt.Errorf("error parsing HealthCheck URL: %v ", err) @@ -45,10 +46,16 @@ func healthCheck(healthURL string) error { if err != nil { } }(healthResp.Body) - - if healthResp.StatusCode >= 400 { - logger.Debug("Error performing HealthCheck request: %v ", err) - return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode) + if len(healthyStatuses) > 0 { + if !slices.Contains(healthyStatuses, healthResp.StatusCode) { + logger.Error("Error performing HealthCheck request: %v ", err) + return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode) + } + } else { + if healthResp.StatusCode >= 400 { + logger.Debug("Error performing HealthCheck request: %v ", err) + return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode) + } } return nil } diff --git a/internal/route.go b/internal/route.go index 7a44822..b333031 100644 --- a/internal/route.go +++ b/internal/route.go @@ -199,7 +199,21 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router { disableXForward: route.DisableHeaderXForward, cors: route.Cors, } + // create route router := r.PathPrefix(route.Path).Subrouter() + // Apply common exploits to the route + // Enable common exploits + if route.BlockCommonExploits { + logger.Info("Block common exploits enabled") + router.Use(middleware.BlockExploitsMiddleware) + } + // Apply route rate limit + if route.RateLimit > 0 { + //rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute) + limiter := middleware.NewRateLimiterWindow(route.RateLimit, time.Minute, route.Cors.Origins) // requests per minute + // Add rate limit middleware to all routes, if defined + router.Use(limiter.RateLimitMiddleware()) + } // Apply route Cors router.Use(CORSHandler(route.Cors)) if len(route.Hosts) > 0 { diff --git a/internal/types.go b/internal/types.go index b181cbd..5a352f7 100644 --- a/internal/types.go +++ b/internal/types.go @@ -143,27 +143,29 @@ type Route struct { // // E.g. /cart to / => It will rewrite /cart path to / Rewrite string `yaml:"rewrite"` - // Destination Defines backend URL - Destination string `yaml:"destination"` // - Backends []string `yaml:"backends"` - // Cors contains the route cors headers - Cors Cors `yaml:"cors"` - //RateLimit int `yaml:"rateLimit"` // Methods allowed method Methods []string `yaml:"methods"` + // HealthCheck Defines the backend is health + HealthCheck RouteHealthCheck `yaml:"healthCheck"` + // Destination Defines backend URL + Destination string `yaml:"destination"` + Backends []string `yaml:"backends"` + // Cors contains the route cors headers + Cors Cors `yaml:"cors"` + RateLimit int `yaml:"rateLimit"` // DisableHeaderXForward Disable X-forwarded header. // // [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ] // // It will not match the backend route DisableHeaderXForward bool `yaml:"disableHeaderXForward"` - // HealthCheck Defines the backend is health check PATH - HealthCheck string `yaml:"healthCheck"` // InterceptErrors intercepts backend errors based on the status codes // // Eg: [ 403, 405, 500 ] InterceptErrors []int `yaml:"interceptErrors"` + // BlockCommonExploits enable, disable block common exploits + BlockCommonExploits bool `yaml:"blockCommonExploits"` // Middlewares Defines route middleware from Middleware names Middlewares []string `yaml:"middlewares"` } @@ -203,11 +205,10 @@ type Gateway struct { } type RouteHealthCheck struct { - Path string `yaml:"path"` - Interval int `yaml:"interval"` - Timeout int `yaml:"timeout"` - HealthyStatuses []int `yaml:"healthyStatuses"` - UnhealthyStatuses []int `yaml:"unhealthyStatuses"` + Path string `yaml:"path"` + Interval int `yaml:"interval"` + Timeout int `yaml:"timeout"` + HealthyStatuses []int `yaml:"healthyStatuses"` } type GatewayConfig struct { Version string `yaml:"version"` @@ -225,6 +226,7 @@ type ErrorResponse struct { } type GatewayServer struct { ctx context.Context + version string gateway Gateway middlewares []Middleware } diff --git a/util/helpers.go b/util/helpers.go index 6389439..a78464a 100644 --- a/util/helpers.go +++ b/util/helpers.go @@ -12,6 +12,7 @@ You may get a copy of the License at import ( "net/url" "os" + "regexp" "strconv" "strings" ) @@ -115,3 +116,7 @@ func UrlParsePath(uri string) string { } return parse.Path } + +func HasWhitespace(s string) bool { + return regexp.MustCompile(`\s`).MatchString(s) +}