[chore] header filter improvements (#3329)

* add error message to gin context on header blocked or not allowed * remove the unused header filter tracking code (leaving OTEL TODOs in place) * appease the linter
2024-10-31 22:40:01 +00:00 · 2024-09-23 11:36:56 +00:00 · 2024-09-23 11:36:56 +00:00 · 964262b169
commit 964262b169
parent 862cc9e3c4
1 changed files with 22 additions and 39 deletions
--- a/internal/middleware/headerfilter.go
+++ b/internal/middleware/headerfilter.go
@ -18,7 +18,7 @@
 package middleware

 import (
-	"sync"
+	"errors"

 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
@ -29,25 +29,11 @@
 )

 var (
-	allowMatches = matchstats{m: make(map[string]uint64)}
-	blockMatches = matchstats{m: make(map[string]uint64)}
+	// errors set on gin context by header filter middleware.
+	errHeaderNotAllowed = errors.New("header did not match allow filter")
+	errHeaderBlocked    = errors.New("header matched block filter")
 )

-// matchstats is a simple statistics
-// counter for header filter matches.
-// TODO: replace with otel.
-type matchstats struct {
-	m map[string]uint64
-	l sync.Mutex
-}
-
-func (m *matchstats) Add(hdr, regex string) {
-	m.l.Lock()
-	key := hdr + ":" + regex
-	m.m[key]++
-	m.l.Unlock()
-}
-
 // HeaderFilter returns a gin middleware handler that provides HTTP
 // request blocking (filtering) based on database allow / block filters.
 func HeaderFilter(state *state.State) gin.HandlerFunc {
@ -83,6 +69,7 @@ func headerFilterAllowMode(state *state.State) func(c *gin.Context) {
 		}

 		if block {
+			_ = c.Error(errHeaderBlocked)
 			respondBlocked(c)
 			return
 		}
@ -95,6 +82,7 @@ func headerFilterAllowMode(state *state.State) func(c *gin.Context) {
 		}

 		if notAllow {
+			_ = c.Error(errHeaderNotAllowed)
 			respondBlocked(c)
 			return
 		}
@ -129,6 +117,7 @@ func headerFilterBlockMode(state *state.State) func(c *gin.Context) {
 			}

 			if block {
+				_ = c.Error(errHeaderBlocked)
 				respondBlocked(c)
 				return
 			}
@ -146,7 +135,7 @@ func isHeaderBlocked(state *state.State, c *gin.Context) (bool, error) {
 	)

 	// Perform an explicit is-blocked check on request header.
-	key, expr, err := state.DB.BlockHeaderRegularMatch(ctx, hdr)
+	key, _, err := state.DB.BlockHeaderRegularMatch(ctx, hdr)
 	switch err {
 	case nil:
 		break
@ -161,12 +150,10 @@ func isHeaderBlocked(state *state.State, c *gin.Context) (bool, error) {
 	}

 	if key != "" {
-		if expr != "" {
-			// Increment block matches stat.
-			// TODO: replace expvar with build
-			// taggable metrics types in State{}.
-			blockMatches.Add(key, expr)
-		}
+		// if expr != "" {
+		// 	// TODO: replace expvar with build
+		// 	// taggable metrics types in State{}.
+		// }

 		// A header was matched against!
 		// i.e. this request is blocked.
@ -183,7 +170,7 @@ func isHeaderAllowed(state *state.State, c *gin.Context) (bool, error) {
 	)

 	// Perform an explicit is-allowed check on request header.
-	key, expr, err := state.DB.AllowHeaderRegularMatch(ctx, hdr)
+	key, _, err := state.DB.AllowHeaderRegularMatch(ctx, hdr)
 	switch err {
 	case nil:
 		break
@ -198,12 +185,10 @@ func isHeaderAllowed(state *state.State, c *gin.Context) (bool, error) {
 	}

 	if key != "" {
-		if expr != "" {
-			// Increment allow matches stat.
-			// TODO: replace expvar with build
-			// taggable metrics types in State{}.
-			allowMatches.Add(key, expr)
-		}
+		// if expr != "" {
+		// 	// TODO: replace expvar with build
+		// 	// taggable metrics types in State{}.
+		// }

 		// A header was matched against!
 		// i.e. this request is allowed.
@ -220,7 +205,7 @@ func isHeaderNotAllowed(state *state.State, c *gin.Context) (bool, error) {
 	)

 	// Perform an explicit is-NOT-allowed check on request header.
-	key, expr, err := state.DB.AllowHeaderInverseMatch(ctx, hdr)
+	key, _, err := state.DB.AllowHeaderInverseMatch(ctx, hdr)
 	switch err {
 	case nil:
 		break
@ -235,12 +220,10 @@ func isHeaderNotAllowed(state *state.State, c *gin.Context) (bool, error) {
 	}

 	if key != "" {
-		if expr != "" {
-			// Increment allow matches stat.
-			// TODO: replace expvar with build
-			// taggable metrics types in State{}.
-			allowMatches.Add(key, expr)
-		}
+		// if expr != "" {
+		// 	// TODO: replace expvar with build
+		// 	// taggable metrics types in State{}.
+		// }

 		// A header was matched against!
 		// i.e. request is NOT allowed.