refactor http handler

2023-07-28 15:18:21 +09:00 · 2023-07-28 15:18:21 +09:00 · a40d8a0072
commit a40d8a0072
parent 2e3216019b
7 changed files with 91 additions and 72 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 0ae7c60b15637d7343410ba1e5cc3151e3814557
+Subproject commit 532ba7d80405ad083fd05546fa71becbe5eff1a4
--- a/rpxy-bin/Cargo.toml
+++ b/rpxy-bin/Cargo.toml
@ -20,7 +20,7 @@ rpxy-lib = { path = "../rpxy-lib/", features = ["http3", "sticky-cookie"] }

 anyhow = "1.0.72"
 rustc-hash = "1.1.0"
-serde = { version = "1.0.174", default-features = false, features = ["derive"] }
+serde = { version = "1.0.177", default-features = false, features = ["derive"] }
 derive_builder = "0.12.0"
 tokio = { version = "1.29.1", default-features = false, features = [
  "net",
@ -43,7 +43,7 @@ tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }


 [target.'cfg(not(target_env = "msvc"))'.dependencies]
-tikv-jemallocator = "0.5.0"
+tikv-jemallocator = "0.5.4"


 [dev-dependencies]
--- a/rpxy-lib/src/handler/handler_main.rs
+++ b/rpxy-lib/src/handler/handler_main.rs
@ -19,6 +19,8 @@ use std::{env, net::SocketAddr, sync::Arc};
 use tokio::{io::copy_bidirectional, time::timeout};

 #[derive(Clone, Builder)]
+/// HTTP message handler for requests from clients and responses from backend applications,
+/// responsible to manipulate and forward messages to upstream backends and downstream clients.
 pub struct HttpMessageHandler<T, U>
 where
  T: Connect + Clone + Sync + Send + 'static,
@ -33,11 +35,13 @@ where
  T: Connect + Clone + Sync + Send + 'static,
  U: CryptoSource + Clone,
 {
+  /// Return with an arbitrary status code of error and log message
  fn return_with_error_log(&self, status_code: StatusCode, log_data: &mut MessageLog) -> Result<Response<Body>> {
    log_data.status_code(&status_code).output();
    http_error(status_code)
  }

+  /// Handle incoming request message from a client
  pub async fn handle_request(
    self,
    mut req: Request<Body>,
@ -65,13 +69,15 @@ where
      }
    }
    // Find backend application for given server_name, and drop if incoming request is invalid as request.
-    let backend = if let Some(be) = self.globals.backends.apps.get(&server_name) {
-      be
-    } else if let Some(default_server_name) = &self.globals.backends.default_server_name_bytes {
+    let backend = match self.globals.backends.apps.get(&server_name) {
+      Some(be) => be,
+      None => {
+        let Some(default_server_name) = &self.globals.backends.default_server_name_bytes else {
+          return self.return_with_error_log(StatusCode::SERVICE_UNAVAILABLE, &mut log_data);
+        };
        debug!("Serving by default app");
        self.globals.backends.apps.get(default_server_name).unwrap()
-    } else {
-      return self.return_with_error_log(StatusCode::SERVICE_UNAVAILABLE, &mut log_data);
+      }
    };

    // Redirect to https if !tls_enabled and redirect_to_https is true
@ -84,9 +90,8 @@ where
    // Find reverse proxy for given path and choose one of upstream host
    // Longest prefix match
    let path = req.uri().path();
-    let upstream_group = match backend.reverse_proxy.get(path) {
-      Some(ug) => ug,
-      None => return self.return_with_error_log(StatusCode::NOT_FOUND, &mut log_data),
+    let Some(upstream_group) = backend.reverse_proxy.get(path) else {
+      return self.return_with_error_log(StatusCode::NOT_FOUND, &mut log_data)
    };

    // Upgrade in request header
@ -113,19 +118,17 @@ where
    log_data.upstream(req.uri());
    //////

-    // Forward request to
+    // Forward request to a chosen backend
    let mut res_backend = {
-      match timeout(self.globals.proxy_config.upstream_timeout, self.forwarder.request(req)).await {
-        Err(_) => {
+      let Ok(result) = timeout(self.globals.proxy_config.upstream_timeout, self.forwarder.request(req)).await else {
        return self.return_with_error_log(StatusCode::GATEWAY_TIMEOUT, &mut log_data);
-        }
-        Ok(x) => match x {
+      };
+      match result {
        Ok(res) => res,
        Err(e) => {
          error!("Failed to get response from backend: {}", e);
          return self.return_with_error_log(StatusCode::SERVICE_UNAVAILABLE, &mut log_data);
        }
-        },
      }
    };

@ -141,22 +144,32 @@ where

    if res_backend.status() != StatusCode::SWITCHING_PROTOCOLS {
      // Generate response to client
-      if self.generate_response_forwarded(&mut res_backend, backend).is_ok() {
-        log_data.status_code(&res_backend.status()).output();
-        return Ok(res_backend);
-      } else {
+      if self.generate_response_forwarded(&mut res_backend, backend).is_err() {
        return self.return_with_error_log(StatusCode::INTERNAL_SERVER_ERROR, &mut log_data);
      }
+      log_data.status_code(&res_backend.status()).output();
+      return Ok(res_backend);
    }

    // Handle StatusCode::SWITCHING_PROTOCOLS in response
    let upgrade_in_response = extract_upgrade(res_backend.headers());
-    if if let (Some(u_req), Some(u_res)) = (upgrade_in_request.as_ref(), upgrade_in_response.as_ref()) {
+    let should_upgrade = if let (Some(u_req), Some(u_res)) = (upgrade_in_request.as_ref(), upgrade_in_response.as_ref())
+    {
      u_req.to_ascii_lowercase() == u_res.to_ascii_lowercase()
    } else {
      false
-    } {
-      if let Some(request_upgraded) = request_upgraded {
+    };
+    if !should_upgrade {
+      error!(
+        "Backend tried to switch to protocol {:?} when {:?} was requested",
+        upgrade_in_response, upgrade_in_request
+      );
+      return self.return_with_error_log(StatusCode::INTERNAL_SERVER_ERROR, &mut log_data);
+    }
+    let Some(request_upgraded) = request_upgraded else {
+      error!("Request does not have an upgrade extension");
+      return self.return_with_error_log(StatusCode::BAD_REQUEST, &mut log_data);
+    };
    let Some(onupgrade) = res_backend.extensions_mut().remove::<hyper::upgrade::OnUpgrade>() else {
      error!("Response does not have an upgrade extension");
      return self.return_with_error_log(StatusCode::INTERNAL_SERVER_ERROR, &mut log_data);
@ -181,22 +194,13 @@ where
    });
    log_data.status_code(&res_backend.status()).output();
    Ok(res_backend)
-      } else {
-        error!("Request does not have an upgrade extension");
-        self.return_with_error_log(StatusCode::BAD_REQUEST, &mut log_data)
-      }
-    } else {
-      error!(
-        "Backend tried to switch to protocol {:?} when {:?} was requested",
-        upgrade_in_response, upgrade_in_request
-      );
-      self.return_with_error_log(StatusCode::INTERNAL_SERVER_ERROR, &mut log_data)
-    }
  }

  ////////////////////////////////////////////////////
  // Functions to generate messages
+  ////////////////////////////////////////////////////

+  /// Manipulate a response message sent from a backend application to forward downstream to a client.
  fn generate_response_forwarded<B>(&self, response: &mut Response<B>, chosen_backend: &Backend<U>) -> Result<()>
  where
    B: core::fmt::Debug,
@ -208,7 +212,8 @@ where

    #[cfg(feature = "http3")]
    {
-      // TODO: Workaround for avoid h3 for client authentication
+      // Manipulate ALT_SVC allowing h3 in response message only when mutual TLS is not enabled
+      // TODO: This is a workaround for avoiding a client authentication in HTTP/3
      if self.globals.proxy_config.http3
        && chosen_backend
          .crypto_source
@ -241,6 +246,7 @@ where
  }

  #[allow(clippy::too_many_arguments)]
+  /// Manipulate a request message sent from a client to forward upstream to a backend application
  fn generate_request_forwarded<B>(
    &self,
    client_addr: &SocketAddr,
--- a/rpxy-lib/src/handler/mod.rs
+++ b/rpxy-lib/src/handler/mod.rs
@ -9,6 +9,7 @@ pub use handler_main::{HttpMessageHandler, HttpMessageHandlerBuilder, HttpMessag

 #[allow(dead_code)]
 #[derive(Debug)]
+/// Context object to handle sticky cookies at HTTP message handler
 struct HandlerContext {
  #[cfg(feature = "sticky-cookie")]
  context_lb: Option<LbContext>,
--- a/rpxy-lib/src/handler/utils_headers.rs
+++ b/rpxy-lib/src/handler/utils_headers.rs
@ -8,7 +8,7 @@ use hyper::{
  header::{self, HeaderMap, HeaderName, HeaderValue},
  Uri,
 };
-use std::net::SocketAddr;
+use std::{borrow::Cow, net::SocketAddr};

 ////////////////////////////////////////////////////
 // Functions to manipulate headers
@ -83,6 +83,7 @@ pub(super) fn set_sticky_cookie_lb_context(headers: &mut HeaderMap, context_from
  Ok(())
 }

+/// Apply options to request header, which are specified in the configuration
 pub(super) fn apply_upstream_options_to_header(
  headers: &mut HeaderMap,
  _client_addr: &SocketAddr,
@ -113,7 +114,7 @@ pub(super) fn apply_upstream_options_to_header(
  Ok(())
 }

-// https://datatracker.ietf.org/doc/html/rfc9110
+/// Append header entry with comma according to [RFC9110](https://datatracker.ietf.org/doc/html/rfc9110)
 pub(super) fn append_header_entry_with_comma(headers: &mut HeaderMap, key: &str, value: &str) -> Result<()> {
  match headers.entry(HeaderName::from_bytes(key.as_bytes())?) {
    header::Entry::Vacant(entry) => {
@ -132,10 +133,11 @@ pub(super) fn append_header_entry_with_comma(headers: &mut HeaderMap, key: &str,
  Ok(())
 }

+/// Add header entry if not exist
 pub(super) fn add_header_entry_if_not_exist(
  headers: &mut HeaderMap,
-  key: impl Into<std::borrow::Cow<'static, str>>,
-  value: impl Into<std::borrow::Cow<'static, str>>,
+  key: impl Into<Cow<'static, str>>,
+  value: impl Into<Cow<'static, str>>,
 ) -> Result<()> {
  match headers.entry(HeaderName::from_bytes(key.into().as_bytes())?) {
    header::Entry::Vacant(entry) => {
@ -147,10 +149,11 @@ pub(super) fn add_header_entry_if_not_exist(
  Ok(())
 }

+/// Overwrite header entry if exist
 pub(super) fn add_header_entry_overwrite_if_exist(
  headers: &mut HeaderMap,
-  key: impl Into<std::borrow::Cow<'static, str>>,
-  value: impl Into<std::borrow::Cow<'static, str>>,
+  key: impl Into<Cow<'static, str>>,
+  value: impl Into<Cow<'static, str>>,
 ) -> Result<()> {
  match headers.entry(HeaderName::from_bytes(key.into().as_bytes())?) {
    header::Entry::Vacant(entry) => {
@ -164,11 +167,10 @@ pub(super) fn add_header_entry_overwrite_if_exist(
  Ok(())
 }

+/// Align cookie values in single line
+/// Sometimes violates [RFC6265](https://www.rfc-editor.org/rfc/rfc6265#section-5.4) (for http/1.1).
+/// This is allowed in RFC7540 (for http/2) as mentioned [here](https://stackoverflow.com/questions/4843556/in-http-specification-what-is-the-string-that-separates-cookies).
 pub(super) fn make_cookie_single_line(headers: &mut HeaderMap) -> Result<()> {
-  // Sometimes violates RFC6265 (for http/1.1).
-  // https://www.rfc-editor.org/rfc/rfc6265#section-5.4
-  // This is allowed in RFC7540 (for http/2).
-  // https://stackoverflow.com/questions/4843556/in-http-specification-what-is-the-string-that-separates-cookies
  let cookies = headers
    .iter()
    .filter(|(k, _)| **k == hyper::header::COOKIE)
@ -182,6 +184,7 @@ pub(super) fn make_cookie_single_line(headers: &mut HeaderMap) -> Result<()> {
  Ok(())
 }

+/// Add forwarding headers like `x-forwarded-for`.
 pub(super) fn add_forwarding_header(
  headers: &mut HeaderMap,
  client_addr: &SocketAddr,
@ -219,6 +222,7 @@ pub(super) fn add_forwarding_header(
  Ok(())
 }

+/// Remove connection header
 pub(super) fn remove_connection_header(headers: &mut HeaderMap) {
  if let Some(values) = headers.get(header::CONNECTION) {
    if let Ok(v) = values.clone().to_str() {
@ -231,6 +235,7 @@ pub(super) fn remove_connection_header(headers: &mut HeaderMap) {
  }
 }

+/// Hop header values which are removed at proxy
 const HOP_HEADERS: &[&str] = &[
  "connection",
  "te",
@ -243,12 +248,14 @@ const HOP_HEADERS: &[&str] = &[
  "upgrade",
 ];

+/// Remove hop headers
 pub(super) fn remove_hop_header(headers: &mut HeaderMap) {
  HOP_HEADERS.iter().for_each(|key| {
    headers.remove(*key);
  });
 }

+/// Extract upgrade header value if exist
 pub(super) fn extract_upgrade(headers: &HeaderMap) -> Option<String> {
  if let Some(c) = headers.get(header::CONNECTION) {
    if c
--- a/rpxy-lib/src/handler/utils_request.rs
+++ b/rpxy-lib/src/handler/utils_request.rs
@ -7,6 +7,7 @@ use hyper::{header, Request};
 ////////////////////////////////////////////////////
 // Functions to manipulate request line

+/// Apply upstream options in request line, specified in the configuration
 pub(super) fn apply_upstream_options_to_request_line<B>(req: &mut Request<B>, upstream: &UpstreamGroup) -> Result<()> {
  for opt in upstream.opts.iter() {
    match opt {
@ -19,10 +20,12 @@ pub(super) fn apply_upstream_options_to_request_line<B>(req: &mut Request<B>, up
  Ok(())
 }

+/// Trait defining parser of hostname
 pub trait ParseHost {
  fn parse_host(&self) -> Result<&[u8]>;
 }
 impl<B> ParseHost for Request<B> {
+  /// Extract hostname from either the request HOST header or request line
  fn parse_host(&self) -> Result<&[u8]> {
    let headers_host = self.headers().get(header::HOST);
    let uri_host = self.uri().host();
--- a/rpxy-lib/src/handler/utils_synth_response.rs
+++ b/rpxy-lib/src/handler/utils_synth_response.rs
@ -5,11 +5,13 @@ use hyper::{Body, Request, Response, StatusCode, Uri};
 ////////////////////////////////////////////////////
 // Functions to create response (error or redirect)

+/// Generate a synthetic response  message of a certain error status code
 pub(super) fn http_error(status_code: StatusCode) -> Result<Response<Body>> {
  let response = Response::builder().status(status_code).body(Body::empty())?;
  Ok(response)
 }

+/// Generate synthetic response message of a redirection to https host with 301
 pub(super) fn secure_redirection<B>(
  server_name: &str,
  tls_port: Option<u16>,