From 27ecc7f384bbfc98b28dc73881968897fb8c9a8a Mon Sep 17 00:00:00 2001 From: dev Date: Wed, 3 Apr 2019 11:47:27 -0400 Subject: [PATCH] Protocol and Caddyscript matchers * Added matcher to determine what protocol the request is being made by - grpc, tls, http * Added ability to run caddyscript in a matcher to evaluate the http request * Added TLS field to caddyscript request time * Added a library to manipulate and compare a new caddyscript time type * Library for regex in starlark --- .gitignore | 3 + cmd/caddy2/main.go | 5 +- internal/caddyscript/lib/http.go | 72 ++++++++++++++++ internal/caddyscript/lib/lib.go | 11 +++ internal/caddyscript/lib/regex.go | 50 +++++++++++ internal/caddyscript/lib/time.go | 130 +++++++++++++++++++++++++++++ internal/caddyscript/matcherenv.go | 18 ++++ modules/caddyhttp/caddyhttp.go | 2 - modules/caddyhttp/matchers.go | 62 ++++++++++++-- 9 files changed, 341 insertions(+), 12 deletions(-) create mode 100644 internal/caddyscript/lib/http.go create mode 100644 internal/caddyscript/lib/lib.go create mode 100644 internal/caddyscript/lib/regex.go create mode 100644 internal/caddyscript/lib/time.go create mode 100644 internal/caddyscript/matcherenv.go diff --git a/.gitignore b/.gitignore index 37d227b72..b3b97feda 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,6 @@ _gitignore/ # artifacts from pprof tooling *.prof *.test + +# mac specific +.DS_Store diff --git a/cmd/caddy2/main.go b/cmd/caddy2/main.go index 9ec32f966..288edcb52 100644 --- a/cmd/caddy2/main.go +++ b/cmd/caddy2/main.go @@ -3,11 +3,12 @@ package main import ( "log" - "bitbucket.org/lightcodelabs/caddy2" - _ "net/http/pprof" + "bitbucket.org/lightcodelabs/caddy2" + // this is where modules get plugged in + _ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp" _ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/caddylog" _ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticfiles" diff --git a/internal/caddyscript/lib/http.go b/internal/caddyscript/lib/http.go new file mode 100644 index 000000000..233b43fdd --- /dev/null +++ b/internal/caddyscript/lib/http.go @@ -0,0 +1,72 @@ +package caddyscript + +import ( + "fmt" + "net/http" + + "go.starlark.net/starlark" +) + +// HTTPRequest represents an http request type in caddyscript. +type HTTPRequest struct{ Req *http.Request } + +// AttrNames defines what properties and methods are available on the HTTPRequest type. +func (r HTTPRequest) AttrNames() []string { + return []string{"header", "query", "url", "method", "host", "tls"} +} + +func (r HTTPRequest) Freeze() {} +func (r HTTPRequest) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: HTTPRequest") } +func (r HTTPRequest) String() string { return fmt.Sprint(r.Req) } +func (r HTTPRequest) Type() string { return "HTTPRequest" } +func (r HTTPRequest) Truth() starlark.Bool { return true } + +// Header handles returning a header key. +func (r HTTPRequest) Header(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + var key string + err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &key) + if err != nil { + return starlark.None, fmt.Errorf("get request header: %v", err.Error()) + } + + return starlark.String(r.Req.Header.Get(key)), nil +} + +// Attr defines what happens when props or methods are called on the HTTPRequest type. +func (r HTTPRequest) Attr(name string) (starlark.Value, error) { + switch name { + case "tls": + tls := new(starlark.Dict) + tls.SetKey(starlark.String("cipher_suite"), starlark.MakeUint(uint(r.Req.TLS.CipherSuite))) + tls.SetKey(starlark.String("did_resume"), starlark.Bool(r.Req.TLS.DidResume)) + tls.SetKey(starlark.String("handshake_complete"), starlark.Bool(r.Req.TLS.HandshakeComplete)) + tls.SetKey(starlark.String("negotiated_protocol"), starlark.String(r.Req.TLS.NegotiatedProtocol)) + tls.SetKey(starlark.String("negotiated_protocol_is_mutual"), starlark.Bool(r.Req.TLS.NegotiatedProtocolIsMutual)) + tls.SetKey(starlark.String("server_name"), starlark.String(r.Req.TLS.ServerName)) + tls.SetKey(starlark.String("version"), starlark.String(r.Req.TLS.Version)) + + return tls, nil + case "header": + b := starlark.NewBuiltin("Header", r.Header) + b = b.BindReceiver(r) + + return b, nil + case "query": + qVals := r.Req.URL.Query() + query := starlark.NewDict(len(qVals)) + + for k, v := range qVals { + query.SetKey(starlark.String(k), starlark.String(v[0])) + } + + return query, nil + case "url": + return starlark.String(r.Req.URL.Path), nil + case "method": + return starlark.String(r.Req.Method), nil + case "host": + return starlark.String(r.Req.Host), nil + } + + return nil, nil +} diff --git a/internal/caddyscript/lib/lib.go b/internal/caddyscript/lib/lib.go new file mode 100644 index 000000000..7853e7a0a --- /dev/null +++ b/internal/caddyscript/lib/lib.go @@ -0,0 +1,11 @@ +package caddyscript + +import ( + "fmt" + + "go.starlark.net/starlark" +) + +func invalidReciever(v starlark.Value, want string) (starlark.Value, error) { + return starlark.None, fmt.Errorf("invalid receiver: receiver set to type %v, want %v", v.Type(), want) +} diff --git a/internal/caddyscript/lib/regex.go b/internal/caddyscript/lib/regex.go new file mode 100644 index 000000000..a06a410fe --- /dev/null +++ b/internal/caddyscript/lib/regex.go @@ -0,0 +1,50 @@ +package caddyscript + +import ( + "fmt" + "regexp" + + "go.starlark.net/starlark" +) + +// Regexp represents a regexp type for caddyscript. +type Regexp struct{} + +// AttrNames defines what properties and methods are available on the Time type. +func (r Regexp) AttrNames() []string { + return []string{"match_string"} +} + +// Attr defines what happens when props or methods are called on the Time type. +func (r Regexp) Attr(name string) (starlark.Value, error) { + switch name { + case "match_string": + b := starlark.NewBuiltin("match_string", r.MatchString) + b = b.BindReceiver(r) + return b, nil + } + + return nil, nil +} + +// MatchString reports whether the string s contains any match of the regular expression pattern. More complicated queries need to use Compile and the full Regexp interface. +func (r Regexp) MatchString(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + var pattern, match string + err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 2, &pattern, &match) + if err != nil { + return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error()) + } + + matched, err := regexp.MatchString(pattern, match) + if err != nil { + return starlark.False, fmt.Errorf("matchstring: %v", err.Error()) + } + + return starlark.Bool(matched), nil +} + +func (r Regexp) Freeze() {} +func (r Regexp) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: Regexp") } +func (r Regexp) String() string { return fmt.Sprint(r) } +func (r Regexp) Type() string { return "Regexp" } +func (r Regexp) Truth() starlark.Bool { return true } diff --git a/internal/caddyscript/lib/time.go b/internal/caddyscript/lib/time.go new file mode 100644 index 000000000..2ab57cc65 --- /dev/null +++ b/internal/caddyscript/lib/time.go @@ -0,0 +1,130 @@ +package caddyscript + +import ( + "fmt" + ti "time" + + "go.starlark.net/starlark" +) + +// Time represents a time type for caddyscript. +type Time struct { + value int64 // time since epoch in nanoseconds +} + +// AttrNames defines what properties and methods are available on the Time type. +func (r Time) AttrNames() []string { + return []string{"now", "parse", "add", "subtract", "minute", "hour", "day", "value"} +} + +// Attr defines what happens when props or methods are called on the Time type. +func (r Time) Attr(name string) (starlark.Value, error) { + switch name { + case "now": + b := starlark.NewBuiltin("now", r.Now) + b = b.BindReceiver(r) + return b, nil + case "parse_duration": + b := starlark.NewBuiltin("parse_duration", r.ParseDuration) + b = b.BindReceiver(r) + return b, nil + case "add": + b := starlark.NewBuiltin("add", r.Add) + b = b.BindReceiver(r) + return b, nil + case "subtract": + b := starlark.NewBuiltin("subtract", r.Subtract) + b = b.BindReceiver(r) + return b, nil + case "minute": + b := starlark.NewBuiltin("minute", r.Minute) + b = b.BindReceiver(r) + return b, nil + case "hour": + b := starlark.NewBuiltin("hour", r.Hour) + b = b.BindReceiver(r) + return b, nil + case "day": + b := starlark.NewBuiltin("day", r.Day) + b = b.BindReceiver(r) + return b, nil + case "value": + return starlark.MakeInt64(r.value), nil + } + + return nil, nil +} + +func (r Time) Freeze() {} +func (r Time) Hash() (uint32, error) { return 0, fmt.Errorf("unhashable: Time") } +func (r Time) String() string { return fmt.Sprint(r.value) } +func (r Time) Type() string { return "Time" } +func (r Time) Truth() starlark.Bool { return true } + +// Hour returns the current hour of a unix timestamp in range [0, 23]. +func (r Time) Hour(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + t := ti.Unix(0, r.value) + return starlark.MakeInt(t.Hour()), nil +} + +// Minute returns the current minute of the hour for a unix timestamp in range [0, 59]. +func (r Time) Minute(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + t := ti.Unix(0, r.value) + return starlark.MakeInt(t.Minute()), nil +} + +// Day returns the current day in a week of a unix timestamp... [Sunday = 0...] +func (r Time) Day(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + t := ti.Unix(0, r.value) + return starlark.MakeInt(int(t.Weekday())), nil +} + +// Now returns the current time as a unix timestamp. +func (r Time) Now(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + val := ti.Now().UnixNano() + r.value = val + return r, nil +} + +// ParseDuration parses a go duration string to a time type. +func (r Time) ParseDuration(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + var dur string + err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &dur) + if err != nil { + return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error()) + } + + if parsed, err := ti.ParseDuration(dur); err == nil { + val := parsed.Nanoseconds() + r.value = val + return r, nil + } + + return starlark.None, fmt.Errorf("time.parse_duration: argument cannot be parsed as a valid go time duration") +} + +// Add adds time to a time type. +func (r Time) Add(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + var t Time + err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &t) + if err != nil { + return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error()) + } + + val := r.value + t.value + r.value = val + return r, nil +} + +// Subtract adds time to a time type. +func (r Time) Subtract(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) { + var t Time + err := starlark.UnpackPositionalArgs(fn.Name(), args, kwargs, 1, &t) + if err != nil { + return starlark.None, fmt.Errorf("could not unpack args: %v", err.Error()) + } + + val := r.value - t.value + r.value = val + return r, nil +} diff --git a/internal/caddyscript/matcherenv.go b/internal/caddyscript/matcherenv.go new file mode 100644 index 000000000..c6c8c0eae --- /dev/null +++ b/internal/caddyscript/matcherenv.go @@ -0,0 +1,18 @@ +package caddyscript + +import ( + "net/http" + + caddyscript "bitbucket.org/lightcodelabs/caddy2/internal/caddyscript/lib" + "go.starlark.net/starlark" +) + +// MatcherEnv sets up the global context for the matcher caddyscript environment. +func MatcherEnv(r *http.Request) starlark.StringDict { + env := make(starlark.StringDict) + env["req"] = caddyscript.HTTPRequest{Req: r} + env["time"] = caddyscript.Time{} + env["regexp"] = caddyscript.Regexp{} + + return env +} diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 059af62fc..179ad50a6 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -32,9 +32,7 @@ type httpModuleConfig struct { func (hc *httpModuleConfig) Run() error { // TODO: Either prevent overlapping listeners on different servers, or combine them into one - // TODO: A way to loop requests back through, so have them start the matching over again, but keeping any mutations - for _, srv := range hc.Servers { // set up the routes for i, route := range srv.Routes { diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 59f18386f..ab179d850 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1,10 +1,24 @@ package caddyhttp import ( + "log" "net/http" "strings" "bitbucket.org/lightcodelabs/caddy2" + "bitbucket.org/lightcodelabs/caddy2/internal/caddyscript" + "go.starlark.net/starlark" +) + +// TODO: Matchers should probably support regex of some sort... performance trade-offs? +type ( + matchHost []string + matchPath []string + matchMethod []string + matchQuery map[string][]string + matchHeader map[string][]string + matchProtocol string + matchScript string ) func init() { @@ -28,17 +42,47 @@ func init() { Name: "http.matchers.header", New: func() (interface{}, error) { return matchHeader{}, nil }, }) + caddy2.RegisterModule(caddy2.Module{ + Name: "http.matchers.protocol", + New: func() (interface{}, error) { return new(matchProtocol), nil }, + }) + caddy2.RegisterModule(caddy2.Module{ + Name: "http.matchers.caddyscript", + New: func() (interface{}, error) { return new(matchScript), nil }, + }) } -// TODO: Matchers should probably support regex of some sort... performance trade-offs? +func (m matchScript) Match(r *http.Request) bool { + input := string(m) + thread := new(starlark.Thread) + env := caddyscript.MatcherEnv(r) + val, err := starlark.Eval(thread, "", input, env) + if err != nil { + log.Printf("caddyscript for matcher is invalid: attempting to evaluate expression `%v` error `%v`", input, err) + return false + } -type ( - matchHost []string - matchPath []string - matchMethod []string - matchQuery map[string][]string - matchHeader map[string][]string -) + return val.String() == "True" +} + +func (m matchProtocol) Match(r *http.Request) bool { + switch string(m) { + case "grpc": + if r.Header.Get("content-type") == "application/grpc" { + return true + } + case "https": + if r.TLS != nil { + return true + } + case "http": + if r.TLS == nil { + return true + } + } + + return false +} func (m matchHost) Match(r *http.Request) bool { for _, host := range m { @@ -99,4 +143,6 @@ var ( _ RouteMatcher = matchMethod{} _ RouteMatcher = matchQuery{} _ RouteMatcher = matchHeader{} + _ RouteMatcher = new(matchProtocol) + _ RouteMatcher = new(matchScript) )