Skip to content

Commit

Permalink
lb/ConditionConfig: add variables $peer_subject, $peer_issuer_subject
Browse files Browse the repository at this point in the history
  • Loading branch information
MaxKellermann committed Oct 29, 2024
1 parent 27e263e commit fa6aa2a
Show file tree
Hide file tree
Showing 8 changed files with 34 additions and 20 deletions.
2 changes: 1 addition & 1 deletion debian/changelog
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
cm4all-beng-proxy (18.6) unstable; urgency=low

*
* lb: add variables $peer_subject, $peer_issuer_subject

--

Expand Down
2 changes: 2 additions & 0 deletions doc/lb.rst
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,8 @@ another branch.
The following “variables” are available:

- ``$remote_address``: the client address.
- ``$peer_subject``, ``$peer_issuer_subject``: the subject of the
(issuer of the) client certificate (see :ref:`ssl_verify`).
- ``$request_method``: the HTTP request method (``GET``, ``POST``,
...)
- ``$request_uri``: the HTTP request URI
Expand Down
16 changes: 8 additions & 8 deletions src/lb/Branch.hxx
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ public:
return config;
}

template<typename R>
template<typename C, typename R>
[[gnu::pure]]
bool MatchRequest(const R &request) const noexcept {
return config.condition.MatchRequest(request);
bool MatchRequest(const C &connection, const R &request) const noexcept {
return config.condition.MatchRequest(connection, request);
}

const LbGoto &GetDestination() const noexcept {
Expand All @@ -50,13 +50,13 @@ public:
return config;
}

template<typename R>
template<typename C, typename R>
[[gnu::pure]]
const LbGoto &FindRequestLeaf(const R &request) const noexcept {
const LbGoto &FindRequestLeaf(const C &connection, const R &request) const noexcept {
for (const auto &i : conditions)
if (i.MatchRequest(request))
return i.GetDestination().FindRequestLeaf(request);
if (i.MatchRequest(connection, request))
return i.GetDestination().FindRequestLeaf(connection, request);

return fallback.FindRequestLeaf(request);
return fallback.FindRequestLeaf(connection, request);
}
};
18 changes: 13 additions & 5 deletions src/lb/ConditionConfig.hxx
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
struct LbAttributeReference {
enum class Type {
REMOTE_ADDRESS,
PEER_SUBJECT,
PEER_ISSUER_SUBJECT,
METHOD,
URI,
HEADER,
Expand All @@ -34,14 +36,20 @@ struct LbAttributeReference {
return type == Type::REMOTE_ADDRESS;
}

template<typename R>
template<typename C, typename R>
[[gnu::pure]]
const char *GetRequestAttribute(const R &request) const noexcept {
const char *GetRequestAttribute(const C &connection, const R &request) const noexcept {
switch (type) {
case Type::REMOTE_ADDRESS:
/* unreachable - handled as a special case */
break;

case Type::PEER_SUBJECT:
return connection.GetPeerSubject();

case Type::PEER_ISSUER_SUBJECT:
return connection.GetPeerIssuerSubject();

case Type::METHOD:
return http_method_to_string(request.method);

Expand Down Expand Up @@ -90,13 +98,13 @@ struct LbConditionConfig {
return std::visit(MatchHelper{s}, value) ^ negate;
}

template<typename R>
template<typename C, typename R>
[[gnu::pure]]
bool MatchRequest(const R &request) const noexcept {
bool MatchRequest(const C &connection, const R &request) const noexcept {
if (attribute_reference.type == LbAttributeReference::Type::REMOTE_ADDRESS)
return MatchAddress(request.remote_address);

const char *s = attribute_reference.GetRequestAttribute(request);
const char *s = attribute_reference.GetRequestAttribute(connection, request);
if (s == nullptr)
s = "";

Expand Down
4 changes: 4 additions & 0 deletions src/lb/ConfigParser.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -794,6 +794,10 @@ ParseAttributeReference(const char *p)
return LbAttributeReference::Type::URI;
} else if (StringIsEqual(p, "remote_address")) {
return LbAttributeReference::Type::REMOTE_ADDRESS;
} else if (StringIsEqual(p, "peer_subject")) {
return LbAttributeReference::Type::PEER_SUBJECT;
} else if (StringIsEqual(p, "peer_issuer_subject")) {
return LbAttributeReference::Type::PEER_ISSUER_SUBJECT;
} else if (auto header = StringAfterPrefix(p, "http_")) {
LbAttributeReference a(LbAttributeReference::Type::HEADER, header);
if (a.name.empty())
Expand Down
4 changes: 2 additions & 2 deletions src/lb/Goto.hxx
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ struct LbGoto {
return destination.index() != 0;
}

template<typename R>
template<typename C, typename R>
[[gnu::pure]]
const LbGoto &FindRequestLeaf(const R &request) const noexcept;
const LbGoto &FindRequestLeaf(const C &connection, const R &request) const noexcept;
};
6 changes: 3 additions & 3 deletions src/lb/Goto.txx
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
#include "Goto.hxx"
#include "Branch.hxx"

template<typename R>
template<typename C, typename R>
const LbGoto &
LbGoto::FindRequestLeaf(const R &request) const noexcept
LbGoto::FindRequestLeaf(const C &connection, const R &request) const noexcept
{
if (auto *branch = std::get_if<LbBranch *>(&destination))
return (*branch)->FindRequestLeaf(request);
return (*branch)->FindRequestLeaf(connection, request);

return *this;
}
2 changes: 1 addition & 1 deletion src/lb/HttpConnection.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ LbHttpConnection::HandleHttpRequest(const LbGoto &destination,
const StopwatchPtr &parent_stopwatch,
CancellablePointer &cancel_ptr) noexcept
{
const auto &goto_ = destination.FindRequestLeaf(request);
const auto &goto_ = destination.FindRequestLeaf(*this, request);

std::visit([&](const auto &value){
using T = std::decay_t<decltype(value)>;
Expand Down

0 comments on commit fa6aa2a

Please sign in to comment.