feat: add configuration checking

2024-11-10 14:52:31 +01:00
parent 1a038ce0f5
commit a549e33e9a
9 changed files with 202 additions and 36 deletions
--- a/internal/checkConfig.go
+++ b/internal/checkConfig.go
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2024 Jonas Kaninda
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package pkg
+
+import (
+	"fmt"
+	"github.com/jkaninda/goma-gateway/util"
+	"gopkg.in/yaml.v3"
+	"log"
+	"os"
+)
+
+func CheckConfig(fileName string) error {
+	if !util.FileExists(fileName) {
+		return fmt.Errorf("config file not found: %s", fileName)
+	}
+	buf, err := os.ReadFile(fileName)
+	if err != nil {
+		return err
+	}
+	c := &GatewayConfig{}
+	err = yaml.Unmarshal(buf, c)
+	if err != nil {
+		return fmt.Errorf("parsing the configuration file %q: %w", fileName, err)
+	}
+	gateway := &GatewayServer{
+		ctx:         nil,
+		version:     c.Version,
+		gateway:     c.GatewayConfig,
+		middlewares: c.Middlewares,
+	}
+	for index, route := range gateway.gateway.Routes {
+		if len(route.Name) == 0 {
+			log.Printf("Warning: route name is empty, index: [%d]", index)
+		}
+		if route.Destination == "" && len(route.Backends) == 0 {
+			log.Printf("Error: no destination or backends specified for route: %s | index: [%d] \n", route.Name, index)
+		}
+	}
+
+	//Check middleware
+	for index, mid := range c.Middlewares {
+		if util.HasWhitespace(mid.Name) {
+			log.Printf("Warning: Middleware contains whitespace: %s | index: [%d], please remove whitespace characters\n", mid.Name, index)
+		}
+	}
+
+	log.Printf("Routes count=%d Middlewares count=%d\n", len(gateway.gateway.Routes), len(gateway.middlewares))
+
+	return nil
+
+}
--- a/internal/config.go
+++ b/internal/config.go
@@ -48,6 +48,7 @@ func (GatewayServer) Config(configFile string) (*GatewayServer, error) {
 		}
 		return &GatewayServer{
 			ctx:         nil,
+			version:     c.Version,
 			gateway:     c.GatewayConfig,
 			middlewares: c.Middlewares,
 		}, nil
@@ -122,7 +123,7 @@ func initConfig(configFile string) {
 		GatewayConfig: Gateway{
 			WriteTimeout:                 15,
 			ReadTimeout:                  15,
-			IdleTimeout:                  60,
+			IdleTimeout:                  30,
 			AccessLog:                    "/dev/Stdout",
 			ErrorLog:                     "/dev/stderr",
 			DisableRouteHealthCheckError: false,
@@ -140,11 +141,14 @@ func initConfig(configFile string) {
 			Routes: []Route{
 				{
 					Name:        "Public",
-					Path:        "/public",
+					Path:        "/",
 					Methods:     []string{"GET"},
 					Destination: "https://example.com",
 					Rewrite:     "/",
-					HealthCheck: "",
+					HealthCheck: RouteHealthCheck{
+						Path:            "/",
+						HealthyStatuses: []int{200, 404},
+					},
 					Middlewares: []string{"api-forbidden-paths"},
 				},
 				{
@@ -152,7 +156,7 @@ func initConfig(configFile string) {
 					Path:        "/protected",
 					Destination: "https://example.com",
 					Rewrite:     "/",
-					HealthCheck: "",
+					HealthCheck: RouteHealthCheck{},
 					Cors: Cors{
 						Origins: []string{"http://localhost:3000", "https://dev.example.com"},
 						Headers: map[string]string{
@@ -164,12 +168,35 @@ func initConfig(configFile string) {
 					Middlewares: []string{"basic-auth", "api-forbidden-paths"},
 				},
 				{
-					Name:        "Hostname example",
-					Hosts:       []string{"example.com", "example.localhost"},
-					Path:        "/",
-					Destination: "https://example.com",
+					Path:            "/",
+					Name:            "Hostname and load balancing example",
+					Hosts:           []string{"example.com", "example.localhost"},
+					InterceptErrors: []int{404, 405, 500},
+					RateLimit:       60,
+					Backends: []string{
+						"https://example.com",
+						"https://example2.com",
+						"https://example4.com",
+					},
 					Rewrite:     "/",
-					HealthCheck: "",
+					HealthCheck: RouteHealthCheck{},
+				},
+				{
+					Path:  "/loadbalancing",
+					Name:  "loadBalancing example",
+					Hosts: []string{"example.com", "example.localhost"},
+					Backends: []string{
+						"https://example.com",
+						"https://example2.com",
+						"https://example4.com",
+					},
+					Rewrite: "/",
+					HealthCheck: RouteHealthCheck{
+						Path:            "/health/live",
+						HealthyStatuses: []int{200, 404},
+						Interval:        30,
+						Timeout:         10,
+					},
 				},
 			},
 		},
@@ -207,7 +234,6 @@ func initConfig(configFile string) {
 					"/swagger-ui/*",
 					"/v2/swagger-ui/*",
 					"/api-docs/*",
-					"/internal/*",
 					"/actuator/*",
 				},
 			},
@@ -234,12 +260,11 @@ func initConfig(configFile string) {
 				Name: "oauth-authentik",
 				Type: OAuth,
 				Paths: []string{
-					"/protected",
-					"/example-of-oauth",
+					"/*",
 				},
 				Rule: OauthRulerMiddleware{
-					ClientID:     "xxx",
-					ClientSecret: "xxx",
+					ClientID:     "xxxx",
+					ClientSecret: "xxxx",
 					RedirectURL:  "http://localhost:8080/callback",
 					Scopes:       []string{"email", "openid"},
 					JWTSecret:    "your-strong-jwt-secret | It's optional",
--- a/internal/handler.go
+++ b/internal/handler.go
@@ -72,8 +72,8 @@ func (heathRoute HealthCheckRoute) HealthCheckHandler(w http.ResponseWriter, r *
 	for _, route := range heathRoute.Routes {
 		go func() {
 			defer wg.Done()
-			if route.HealthCheck != "" {
-				err := healthCheck(route.Destination + route.HealthCheck)
+			if route.HealthCheck.Path != "" {
+				err := healthCheck(route.Destination+route.HealthCheck.Path, route.HealthCheck.HealthyStatuses)
 				if err != nil {
 					if heathRoute.DisableRouteHealthCheckError {
 						routes = append(routes, HealthCheckRouteResponse{Name: route.Name, Status: "unhealthy", Error: "Route healthcheck errors disabled"})
--- a/internal/healthCheck.go
+++ b/internal/healthCheck.go
@@ -21,9 +21,10 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"slices"
 )

-func healthCheck(healthURL string) error {
+func healthCheck(healthURL string, healthyStatuses []int) error {
 	healthCheckURL, err := url.Parse(healthURL)
 	if err != nil {
 		return fmt.Errorf("error parsing HealthCheck URL: %v ", err)
@@ -45,10 +46,16 @@ func healthCheck(healthURL string) error {
 		if err != nil {
 		}
 	}(healthResp.Body)
-
-	if healthResp.StatusCode >= 400 {
-		logger.Debug("Error performing HealthCheck request: %v ", err)
-		return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode)
+	if len(healthyStatuses) > 0 {
+		if !slices.Contains(healthyStatuses, healthResp.StatusCode) {
+			logger.Error("Error performing HealthCheck request: %v ", err)
+			return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode)
+		}
+	} else {
+		if healthResp.StatusCode >= 400 {
+			logger.Debug("Error performing HealthCheck request: %v ", err)
+			return fmt.Errorf("health check failed with status code %v", healthResp.StatusCode)
+		}
 	}
 	return nil
 }
--- a/internal/route.go
+++ b/internal/route.go
@@ -199,7 +199,21 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 				disableXForward: route.DisableHeaderXForward,
 				cors:            route.Cors,
 			}
+			// create route
 			router := r.PathPrefix(route.Path).Subrouter()
+			// Apply common exploits to the route
+			// Enable common exploits
+			if route.BlockCommonExploits {
+				logger.Info("Block common exploits enabled")
+				router.Use(middleware.BlockExploitsMiddleware)
+			}
+			// Apply route rate limit
+			if route.RateLimit > 0 {
+				//rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute)
+				limiter := middleware.NewRateLimiterWindow(route.RateLimit, time.Minute, route.Cors.Origins) //  requests per minute
+				// Add rate limit middleware to all routes, if defined
+				router.Use(limiter.RateLimitMiddleware())
+			}
 			// Apply route Cors
 			router.Use(CORSHandler(route.Cors))
 			if len(route.Hosts) > 0 {
--- a/internal/types.go
+++ b/internal/types.go
@@ -143,27 +143,29 @@ type Route struct {
 	//
 	// E.g. /cart to / => It will rewrite /cart path to /
 	Rewrite string `yaml:"rewrite"`
-	// Destination Defines backend URL
-	Destination string `yaml:"destination"`
 	//
-	Backends []string `yaml:"backends"`
-	// Cors contains the route cors headers
-	Cors Cors `yaml:"cors"`
-	//RateLimit int      `yaml:"rateLimit"`
 	// Methods allowed method
 	Methods []string `yaml:"methods"`
+	// HealthCheck Defines the backend is health
+	HealthCheck RouteHealthCheck `yaml:"healthCheck"`
+	// Destination Defines backend URL
+	Destination string   `yaml:"destination"`
+	Backends    []string `yaml:"backends"`
+	// Cors contains the route cors headers
+	Cors      Cors `yaml:"cors"`
+	RateLimit int  `yaml:"rateLimit"`
 	// DisableHeaderXForward Disable X-forwarded header.
 	//
 	// [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
 	//
 	// It will not match the backend route
 	DisableHeaderXForward bool `yaml:"disableHeaderXForward"`
-	// HealthCheck Defines the backend is health check PATH
-	HealthCheck string `yaml:"healthCheck"`
 	// InterceptErrors intercepts backend errors based on the status codes
 	//
 	// Eg: [ 403, 405, 500 ]
 	InterceptErrors []int `yaml:"interceptErrors"`
+	// BlockCommonExploits enable, disable block common exploits
+	BlockCommonExploits bool `yaml:"blockCommonExploits"`
 	// Middlewares Defines route middleware from Middleware names
 	Middlewares []string `yaml:"middlewares"`
 }
@@ -203,11 +205,10 @@ type Gateway struct {
 }

 type RouteHealthCheck struct {
-	Path              string `yaml:"path"`
-	Interval          int    `yaml:"interval"`
-	Timeout           int    `yaml:"timeout"`
-	HealthyStatuses   []int  `yaml:"healthyStatuses"`
-	UnhealthyStatuses []int  `yaml:"unhealthyStatuses"`
+	Path            string `yaml:"path"`
+	Interval        int    `yaml:"interval"`
+	Timeout         int    `yaml:"timeout"`
+	HealthyStatuses []int  `yaml:"healthyStatuses"`
 }
 type GatewayConfig struct {
 	Version string `yaml:"version"`
@@ -225,6 +226,7 @@ type ErrorResponse struct {
 }
 type GatewayServer struct {
 	ctx         context.Context
+	version     string
 	gateway     Gateway
 	middlewares []Middleware
 }