caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, aix) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, darwin) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, illumos) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, linux) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, solaris) (push) Waiting to run
Cross-Build / build (~1.23.0, 1.23, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run

* caddyhttp: Allow matching Transfer-Encoding

* Log transfer_encoding on the request

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
This commit is contained in:
Francis Lavoie 2024-12-20 13:16:34 -05:00 committed by GitHub
parent ed1c594cdb
commit c216cf551d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 8 deletions

View File

@ -51,6 +51,9 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error {
Header: r.Header, Header: r.Header,
ShouldLogCredentials: r.ShouldLogCredentials, ShouldLogCredentials: r.ShouldLogCredentials,
}) })
if r.TransferEncoding != nil {
enc.AddArray("transfer_encoding", LoggableStringArray(r.TransferEncoding))
}
if r.TLS != nil { if r.TLS != nil {
enc.AddObject("tls", LoggableTLSConnState(*r.TLS)) enc.AddObject("tls", LoggableTLSConnState(*r.TLS))
} }

View File

@ -978,7 +978,7 @@ func (m MatchHeader) Match(r *http.Request) bool {
// MatchWithError returns true if r matches m. // MatchWithError returns true if r matches m.
func (m MatchHeader) MatchWithError(r *http.Request) (bool, error) { func (m MatchHeader) MatchWithError(r *http.Request) (bool, error) {
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
return matchHeaders(r.Header, http.Header(m), r.Host, repl), nil return matchHeaders(r.Header, http.Header(m), r.Host, r.TransferEncoding, repl), nil
} }
// CELLibrary produces options that expose this matcher for use in CEL // CELLibrary produces options that expose this matcher for use in CEL
@ -1004,22 +1004,26 @@ func (MatchHeader) CELLibrary(_ caddy.Context) (cel.Library, error) {
} }
// getHeaderFieldVals returns the field values for the given fieldName from input. // getHeaderFieldVals returns the field values for the given fieldName from input.
// The host parameter should be obtained from the http.Request.Host field since // The host parameter should be obtained from the http.Request.Host field, and the
// net/http removes it from the header map. // transferEncoding from http.Request.TransferEncoding, since net/http removes them
func getHeaderFieldVals(input http.Header, fieldName, host string) []string { // from the header map.
func getHeaderFieldVals(input http.Header, fieldName, host string, transferEncoding []string) []string {
fieldName = textproto.CanonicalMIMEHeaderKey(fieldName) fieldName = textproto.CanonicalMIMEHeaderKey(fieldName)
if fieldName == "Host" && host != "" { if fieldName == "Host" && host != "" {
return []string{host} return []string{host}
} }
if fieldName == "Transfer-Encoding" && input[fieldName] == nil {
return transferEncoding
}
return input[fieldName] return input[fieldName]
} }
// matchHeaders returns true if input matches the criteria in against without regex. // matchHeaders returns true if input matches the criteria in against without regex.
// The host parameter should be obtained from the http.Request.Host field since // The host parameter should be obtained from the http.Request.Host field since
// net/http removes it from the header map. // net/http removes it from the header map.
func matchHeaders(input, against http.Header, host string, repl *caddy.Replacer) bool { func matchHeaders(input, against http.Header, host string, transferEncoding []string, repl *caddy.Replacer) bool {
for field, allowedFieldVals := range against { for field, allowedFieldVals := range against {
actualFieldVals := getHeaderFieldVals(input, field, host) actualFieldVals := getHeaderFieldVals(input, field, host, transferEncoding)
if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil { if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil {
// a non-nil but empty list of allowed values means // a non-nil but empty list of allowed values means
// match if the header field exists at all // match if the header field exists at all
@ -1119,7 +1123,7 @@ func (m MatchHeaderRE) Match(r *http.Request) bool {
// MatchWithError returns true if r matches m. // MatchWithError returns true if r matches m.
func (m MatchHeaderRE) MatchWithError(r *http.Request) (bool, error) { func (m MatchHeaderRE) MatchWithError(r *http.Request) (bool, error) {
for field, rm := range m { for field, rm := range m {
actualFieldVals := getHeaderFieldVals(r.Header, field, r.Host) actualFieldVals := getHeaderFieldVals(r.Header, field, r.Host, r.TransferEncoding)
match := false match := false
fieldVal: fieldVal:
for _, actualFieldVal := range actualFieldVals { for _, actualFieldVal := range actualFieldVals {

View File

@ -41,7 +41,7 @@ func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool {
if !rm.matchStatusCode(statusCode) { if !rm.matchStatusCode(statusCode) {
return false return false
} }
return matchHeaders(hdr, rm.Headers, "", nil) return matchHeaders(hdr, rm.Headers, "", []string{}, nil)
} }
func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { func (rm ResponseMatcher) matchStatusCode(statusCode int) bool {