caddy-keydb-codebreaker/guardian_extension.go

148 lines
4.8 KiB
Go
Raw Permalink Normal View History

2024-08-14 13:11:08 -07:00
package guardianextension
import (
"fmt"
"html"
"net/http"
"sync"
"github.com/caddyserver/caddy/v2"
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
)
const authTokenHeader = "X-GuardianInternal-Token"
// init registers the GuardianCacheHandler module with Caddy and registers the "guardiancache" directive
// for use in the Caddyfile configuration.
func init() {
caddy.RegisterModule((*GuardianCacheHandler)(nil))
httpcaddyfile.RegisterHandlerDirective("guardiancache", parseCaddyfile)
}
// GuardianCacheHandler is a Caddy module that provides a cache handler for the Guardian application.
// It manages a cache of data stored in a JSON file, and validates access tokens.
// The mutex is necessary because maps are not thread-safe for concurrent read (and/or write) operations in Go.
type GuardianCacheHandler struct {
DataFile string `json:"data_file"`
validTokens map[string]bool
data map[string]string
mutex sync.RWMutex
}
// CaddyModule returns module information for use by Caddy.
func (handler *GuardianCacheHandler) CaddyModule() caddy.ModuleInfo {
return caddy.ModuleInfo{
ID: "http.handlers.guardiancache",
New: func() caddy.Module { return new(GuardianCacheHandler) },
}
}
// Provision initializes the GuardianCacheHandler by loading data from a JSON file and setting up valid tokens.
func (handler *GuardianCacheHandler) Provision(ctx caddy.Context) error {
handler.validTokens = map[string]bool{
"token1": true,
"token2": true,
"token3": true,
}
errorResponsesOnce.Do(initErrorResponses)
// Load data from file
if err := handler.LoadData(); err != nil {
return fmt.Errorf("failed to load data: %v", err)
}
return nil
}
// validateAuthToken checks if the auth token is valid. If the token is valid, it returns the escaped token.
// If the token is invalid, it sends an error response and returns an empty string which returns nil in the calling ServeHTTP method.
func (handler *GuardianCacheHandler) validateAuthToken(authToken string) (string, error) {
if authToken == "" {
return "", ErrNoAuthToken
}
if len(authToken) > 256 {
return "", ErrUnauthorized
}
escapedAuthToken := html.EscapeString(authToken)
// TODO: Temporary - this isn't how validity will be checked
if !handler.validTokens[escapedAuthToken] {
return "", ErrUnauthorized
}
return escapedAuthToken, nil
}
// ServeHTTP is the HTTP handler for the GuardianCacheHandler module. It retrieves a value from the loaded JSON data
// based on the "q" query parameter provided in the request. If the q parameter is missing, it returns
// a 400 Bad Request error. If the value is not found in the loaded JSON data, it returns a 404 Not Found error.
// If there is an error interacting with the loaded JSON data, it returns a 500 Internal Server Error.
func (handler *GuardianCacheHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request, next caddyhttp.Handler) error {
// Step 1: Get authentication token from the request header and validate it
_, err := handler.validateAuthToken(request.Header.Get(authTokenHeader))
if err != nil {
sendJSONError(writer, err)
return nil
}
question := request.URL.Query().Get("q")
if question == "" {
sendJSONError(writer, ErrIncompleteReq)
return nil
}
if len(question) > 256 {
sendJSONError(writer, ErrConnFailed)
return nil
}
hashedQuestion := questionHash(question)
handler.mutex.RLock()
val, exists := handler.data[hashedQuestion]
handler.mutex.RUnlock()
if !exists {
sendJSONError(writer, ErrConnFailed)
return nil
}
fmt.Fprintln(writer, val)
return nil
}
// UnmarshalCaddyfile parses the Caddyfile configuration for the GuardianCacheHandler module.
// It sets the path to the JSON data file for the GuardianCacheHandler.
// The parameter "data_file" specifies the location of the JSON file to be loaded.
func (handler *GuardianCacheHandler) UnmarshalCaddyfile(dispenser *caddyfile.Dispenser) error {
for dispenser.Next() {
for dispenser.NextBlock(0) {
switch dispenser.Val() {
case "filepath":
if !dispenser.Args(&handler.DataFile) {
return dispenser.ArgErr()
}
default:
return dispenser.Errf("unrecognized parameter: %s", dispenser.Val())
}
}
}
return nil
}
// The GuardianCacheHandler type implements several interfaces that allow it to be used as a Caddy module:
// - caddy.Provisioner: Allows the module to be provisioned and configured.
// - caddyhttp.MiddlewareHandler: Allows the module to be used as HTTP middleware.
// - caddyfile.Unmarshaler: Allows the module to be configured from a Caddyfile.
var (
_ caddy.Provisioner = (*GuardianCacheHandler)(nil)
_ caddyhttp.MiddlewareHandler = (*GuardianCacheHandler)(nil)
_ caddyfile.Unmarshaler = (*GuardianCacheHandler)(nil)
)