feat(acl): connection level ip/geo blocking

- fixed access log logic - implement acl at connection level - acl logging - ip/cidr blocking - geoblocking with MaxMind database
2026-04-20 23:41:23 +02:00 · 2025-04-25 10:47:52 +08:00
parent e513db62b0
commit b427ff1f88
32 changed files with 1359 additions and 193 deletions
--- a/internal/logging/accesslog/fields_test.go
+++ b/internal/logging/accesslog/fields_test.go
@@ -10,7 +10,7 @@ import (
 // Cookie header should be removed,
 // stored in JSONLogEntry.Cookies instead.
 func TestAccessLoggerJSONKeepHeaders(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Headers.Default = FieldModeKeep
 	entry := getJSONEntry(t, config)
 	for k, v := range req.Header {
@@ -29,7 +29,7 @@ func TestAccessLoggerJSONKeepHeaders(t *testing.T) {
 }

 func TestAccessLoggerJSONDropHeaders(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Headers.Default = FieldModeDrop
 	entry := getJSONEntry(t, config)
 	for k := range req.Header {
@@ -46,7 +46,7 @@ func TestAccessLoggerJSONDropHeaders(t *testing.T) {
 }

 func TestAccessLoggerJSONRedactHeaders(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Headers.Default = FieldModeRedact
 	entry := getJSONEntry(t, config)
 	for k := range req.Header {
@@ -57,7 +57,7 @@ func TestAccessLoggerJSONRedactHeaders(t *testing.T) {
 }

 func TestAccessLoggerJSONKeepCookies(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Headers.Default = FieldModeKeep
 	config.Fields.Cookies.Default = FieldModeKeep
 	entry := getJSONEntry(t, config)
@@ -67,7 +67,7 @@ func TestAccessLoggerJSONKeepCookies(t *testing.T) {
 }

 func TestAccessLoggerJSONRedactCookies(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Headers.Default = FieldModeKeep
 	config.Fields.Cookies.Default = FieldModeRedact
 	entry := getJSONEntry(t, config)
@@ -77,7 +77,7 @@ func TestAccessLoggerJSONRedactCookies(t *testing.T) {
 }

 func TestAccessLoggerJSONDropQuery(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Query.Default = FieldModeDrop
 	entry := getJSONEntry(t, config)
 	expect.Equal(t, entry.Query["foo"], nil)
@@ -85,7 +85,7 @@ func TestAccessLoggerJSONDropQuery(t *testing.T) {
 }

 func TestAccessLoggerJSONRedactQuery(t *testing.T) {
-	config := DefaultConfig()
+	config := DefaultRequestLoggerConfig()
 	config.Fields.Query.Default = FieldModeRedact
 	entry := getJSONEntry(t, config)
 	expect.Equal(t, entry.Query["foo"], []string{RedactedValue})