2020-03-20 05:46:22 +08:00
|
|
|
// Copyright 2015 Matthew Holt and The Caddy Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package caddyhttp
|
|
|
|
|
|
|
|
import (
|
2020-08-01 05:06:30 +08:00
|
|
|
"crypto/x509/pkix"
|
2020-03-20 05:46:22 +08:00
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"reflect"
|
|
|
|
"regexp"
|
|
|
|
"strings"
|
2020-05-22 08:19:01 +08:00
|
|
|
"time"
|
2020-03-20 05:46:22 +08:00
|
|
|
|
|
|
|
"github.com/caddyserver/caddy/v2"
|
|
|
|
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
|
|
|
"github.com/google/cel-go/cel"
|
|
|
|
"github.com/google/cel-go/checker/decls"
|
|
|
|
"github.com/google/cel-go/common/types"
|
|
|
|
"github.com/google/cel-go/common/types/ref"
|
|
|
|
"github.com/google/cel-go/common/types/traits"
|
2020-03-20 22:53:40 +08:00
|
|
|
"github.com/google/cel-go/ext"
|
2020-03-20 05:46:22 +08:00
|
|
|
"github.com/google/cel-go/interpreter/functions"
|
2022-06-09 06:42:24 +08:00
|
|
|
"go.uber.org/zap"
|
2020-03-20 05:46:22 +08:00
|
|
|
exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
|
2020-07-01 01:53:29 +08:00
|
|
|
"google.golang.org/protobuf/proto"
|
2020-03-20 05:46:22 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
caddy.RegisterModule(MatchExpression{})
|
|
|
|
}
|
|
|
|
|
|
|
|
// MatchExpression matches requests by evaluating a
|
|
|
|
// [CEL](https://github.com/google/cel-spec) expression.
|
|
|
|
// This enables complex logic to be expressed using a comfortable,
|
2020-05-14 01:11:31 +08:00
|
|
|
// familiar syntax. Please refer to
|
|
|
|
// [the standard definitions of CEL functions and operators](https://github.com/google/cel-spec/blob/master/doc/langdef.md#standard-definitions).
|
2020-03-20 05:46:22 +08:00
|
|
|
//
|
2020-04-11 23:01:40 +08:00
|
|
|
// This matcher's JSON interface is actually a string, not a struct.
|
|
|
|
// The generated docs are not correct because this type has custom
|
|
|
|
// marshaling logic.
|
|
|
|
//
|
2020-03-20 05:46:22 +08:00
|
|
|
// COMPATIBILITY NOTE: This module is still experimental and is not
|
|
|
|
// subject to Caddy's compatibility guarantee.
|
|
|
|
type MatchExpression struct {
|
|
|
|
// The CEL expression to evaluate. Any Caddy placeholders
|
|
|
|
// will be expanded and situated into proper CEL function
|
|
|
|
// calls before evaluating.
|
|
|
|
Expr string
|
|
|
|
|
|
|
|
expandedExpr string
|
|
|
|
prg cel.Program
|
2020-04-09 00:44:36 +08:00
|
|
|
ta ref.TypeAdapter
|
2022-06-09 06:42:24 +08:00
|
|
|
|
|
|
|
log *zap.Logger
|
2020-03-20 05:46:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// CaddyModule returns the Caddy module information.
|
|
|
|
func (MatchExpression) CaddyModule() caddy.ModuleInfo {
|
|
|
|
return caddy.ModuleInfo{
|
|
|
|
ID: "http.matchers.expression",
|
|
|
|
New: func() caddy.Module { return new(MatchExpression) },
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// MarshalJSON marshals m's expression.
|
|
|
|
func (m MatchExpression) MarshalJSON() ([]byte, error) {
|
|
|
|
return json.Marshal(m.Expr)
|
|
|
|
}
|
|
|
|
|
|
|
|
// UnmarshalJSON unmarshals m's expression.
|
|
|
|
func (m *MatchExpression) UnmarshalJSON(data []byte) error {
|
|
|
|
return json.Unmarshal(data, &m.Expr)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provision sets ups m.
|
2022-06-09 06:42:24 +08:00
|
|
|
func (m *MatchExpression) Provision(ctx caddy.Context) error {
|
|
|
|
m.log = ctx.Logger(m)
|
|
|
|
|
2020-03-20 05:46:22 +08:00
|
|
|
// replace placeholders with a function call - this is just some
|
|
|
|
// light (and possibly naïve) syntactic sugar
|
|
|
|
m.expandedExpr = placeholderRegexp.ReplaceAllString(m.Expr, placeholderExpansion)
|
|
|
|
|
2020-04-09 00:44:36 +08:00
|
|
|
// our type adapter expands CEL's standard type support
|
|
|
|
m.ta = celTypeAdapter{}
|
|
|
|
|
2020-03-20 05:46:22 +08:00
|
|
|
// create the CEL environment
|
|
|
|
env, err := cel.NewEnv(
|
|
|
|
cel.Declarations(
|
2020-05-25 11:59:38 +08:00
|
|
|
decls.NewVar("request", httpRequestObjectType),
|
2020-03-20 05:46:22 +08:00
|
|
|
decls.NewFunction(placeholderFuncName,
|
|
|
|
decls.NewOverload(placeholderFuncName+"_httpRequest_string",
|
|
|
|
[]*exprpb.Type{httpRequestObjectType, decls.String},
|
2020-03-31 01:49:53 +08:00
|
|
|
decls.Any)),
|
2020-03-20 05:46:22 +08:00
|
|
|
),
|
2020-04-09 00:44:36 +08:00
|
|
|
cel.CustomTypeAdapter(m.ta),
|
2020-03-20 22:53:40 +08:00
|
|
|
ext.Strings(),
|
2020-03-20 05:46:22 +08:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("setting up CEL environment: %v", err)
|
|
|
|
}
|
|
|
|
|
2020-04-09 05:39:23 +08:00
|
|
|
// parse and type-check the expression
|
|
|
|
checked, issues := env.Compile(m.expandedExpr)
|
2020-03-20 05:46:22 +08:00
|
|
|
if issues != nil && issues.Err() != nil {
|
2020-04-09 05:39:23 +08:00
|
|
|
return fmt.Errorf("compiling CEL program: %s", issues.Err())
|
2020-03-20 05:46:22 +08:00
|
|
|
}
|
|
|
|
|
2020-04-09 05:39:23 +08:00
|
|
|
// request matching is a boolean operation, so we don't really know
|
|
|
|
// what to do if the expression returns a non-boolean type
|
|
|
|
if !proto.Equal(checked.ResultType(), decls.Bool) {
|
|
|
|
return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType())
|
2020-03-20 05:46:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// compile the "program"
|
|
|
|
m.prg, err = env.Program(checked,
|
|
|
|
cel.Functions(
|
|
|
|
&functions.Overload{
|
|
|
|
Operator: placeholderFuncName,
|
2020-04-09 00:44:36 +08:00
|
|
|
Binary: m.caddyPlaceholderFunc,
|
2020-03-20 05:46:22 +08:00
|
|
|
},
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("compiling CEL program: %s", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Match returns true if r matches m.
|
|
|
|
func (m MatchExpression) Match(r *http.Request) bool {
|
2022-06-09 06:42:24 +08:00
|
|
|
out, _, err := m.prg.Eval(map[string]interface{}{
|
2020-03-20 05:46:22 +08:00
|
|
|
"request": celHTTPRequest{r},
|
|
|
|
})
|
2022-06-09 06:42:24 +08:00
|
|
|
if err != nil {
|
|
|
|
m.log.Error("evaluating expression", zap.Error(err))
|
|
|
|
return false
|
|
|
|
}
|
2020-03-20 05:46:22 +08:00
|
|
|
if outBool, ok := out.Value().(bool); ok {
|
|
|
|
return outBool
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
|
|
|
|
func (m *MatchExpression) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|
|
|
for d.Next() {
|
2022-03-19 05:08:23 +08:00
|
|
|
if d.CountRemainingArgs() > 1 {
|
|
|
|
m.Expr = strings.Join(d.RemainingArgsRaw(), " ")
|
|
|
|
} else {
|
|
|
|
m.Expr = d.Val()
|
|
|
|
}
|
2020-03-20 05:46:22 +08:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-04-09 00:44:36 +08:00
|
|
|
// caddyPlaceholderFunc implements the custom CEL function that accesses the
|
|
|
|
// Replacer on a request and gets values from it.
|
|
|
|
func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val {
|
|
|
|
celReq, ok := lhs.(celHTTPRequest)
|
|
|
|
if !ok {
|
|
|
|
return types.NewErr(
|
|
|
|
"invalid request of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)",
|
|
|
|
lhs.Type())
|
|
|
|
}
|
|
|
|
phStr, ok := rhs.(types.String)
|
|
|
|
if !ok {
|
|
|
|
return types.NewErr(
|
|
|
|
"invalid placeholder variable name of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)",
|
|
|
|
rhs.Type())
|
|
|
|
}
|
|
|
|
|
|
|
|
repl := celReq.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
|
|
|
val, _ := repl.Get(string(phStr))
|
|
|
|
|
|
|
|
return m.ta.NativeToValue(val)
|
|
|
|
}
|
|
|
|
|
2020-03-20 05:46:22 +08:00
|
|
|
// httpRequestCELType is the type representation of a native HTTP request.
|
|
|
|
var httpRequestCELType = types.NewTypeValue("http.Request", traits.ReceiverType)
|
|
|
|
|
|
|
|
// cellHTTPRequest wraps an http.Request with
|
|
|
|
// methods to satisfy the ref.Val interface.
|
2020-04-09 00:44:36 +08:00
|
|
|
type celHTTPRequest struct{ *http.Request }
|
2020-03-20 05:46:22 +08:00
|
|
|
|
|
|
|
func (cr celHTTPRequest) ConvertToNative(typeDesc reflect.Type) (interface{}, error) {
|
|
|
|
return cr.Request, nil
|
|
|
|
}
|
|
|
|
func (celHTTPRequest) ConvertToType(typeVal ref.Type) ref.Val {
|
|
|
|
panic("not implemented")
|
|
|
|
}
|
|
|
|
func (cr celHTTPRequest) Equal(other ref.Val) ref.Val {
|
|
|
|
if o, ok := other.Value().(celHTTPRequest); ok {
|
|
|
|
return types.Bool(o.Request == cr.Request)
|
|
|
|
}
|
|
|
|
return types.ValOrErr(other, "%v is not comparable type", other)
|
|
|
|
}
|
|
|
|
func (celHTTPRequest) Type() ref.Type { return httpRequestCELType }
|
|
|
|
func (cr celHTTPRequest) Value() interface{} { return cr }
|
|
|
|
|
2020-08-01 05:06:30 +08:00
|
|
|
var pkixNameCELType = types.NewTypeValue("pkix.Name", traits.ReceiverType)
|
|
|
|
|
|
|
|
// celPkixName wraps an pkix.Name with
|
|
|
|
// methods to satisfy the ref.Val interface.
|
|
|
|
type celPkixName struct{ *pkix.Name }
|
|
|
|
|
|
|
|
func (pn celPkixName) ConvertToNative(typeDesc reflect.Type) (interface{}, error) {
|
|
|
|
return pn.Name, nil
|
|
|
|
}
|
|
|
|
func (celPkixName) ConvertToType(typeVal ref.Type) ref.Val {
|
|
|
|
panic("not implemented")
|
|
|
|
}
|
|
|
|
func (pn celPkixName) Equal(other ref.Val) ref.Val {
|
|
|
|
if o, ok := other.Value().(string); ok {
|
|
|
|
return types.Bool(pn.Name.String() == o)
|
|
|
|
}
|
|
|
|
return types.ValOrErr(other, "%v is not comparable type", other)
|
|
|
|
}
|
|
|
|
func (celPkixName) Type() ref.Type { return pkixNameCELType }
|
|
|
|
func (pn celPkixName) Value() interface{} { return pn }
|
|
|
|
|
2020-04-09 00:44:36 +08:00
|
|
|
// celTypeAdapter can adapt our custom types to a CEL value.
|
|
|
|
type celTypeAdapter struct{}
|
2020-03-20 05:46:22 +08:00
|
|
|
|
2020-04-09 00:44:36 +08:00
|
|
|
func (celTypeAdapter) NativeToValue(value interface{}) ref.Val {
|
|
|
|
switch v := value.(type) {
|
|
|
|
case celHTTPRequest:
|
|
|
|
return v
|
2020-08-01 05:06:30 +08:00
|
|
|
case pkix.Name:
|
|
|
|
return celPkixName{&v}
|
2020-05-22 08:19:01 +08:00
|
|
|
case time.Time:
|
2021-06-04 02:18:25 +08:00
|
|
|
return types.Timestamp{Time: v}
|
2020-04-09 00:44:36 +08:00
|
|
|
case error:
|
|
|
|
types.NewErr(v.Error())
|
2020-03-20 05:46:22 +08:00
|
|
|
}
|
|
|
|
return types.DefaultTypeAdapter.NativeToValue(value)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Variables used for replacing Caddy placeholders in CEL
|
|
|
|
// expressions with a proper CEL function call; this is
|
|
|
|
// just for syntactic sugar.
|
|
|
|
var (
|
|
|
|
placeholderRegexp = regexp.MustCompile(`{([\w.-]+)}`)
|
|
|
|
placeholderExpansion = `caddyPlaceholder(request, "${1}")`
|
|
|
|
)
|
|
|
|
|
|
|
|
var httpRequestObjectType = decls.NewObjectType("http.Request")
|
|
|
|
|
|
|
|
// The name of the CEL function which accesses Replacer values.
|
|
|
|
const placeholderFuncName = "caddyPlaceholder"
|
|
|
|
|
|
|
|
// Interface guards
|
|
|
|
var (
|
|
|
|
_ caddy.Provisioner = (*MatchExpression)(nil)
|
|
|
|
_ RequestMatcher = (*MatchExpression)(nil)
|
|
|
|
_ caddyfile.Unmarshaler = (*MatchExpression)(nil)
|
|
|
|
_ json.Marshaler = (*MatchExpression)(nil)
|
|
|
|
_ json.Unmarshaler = (*MatchExpression)(nil)
|
|
|
|
)
|