starred/godoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-13 20:49:54 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

fix(entrypoint): log global inbound mTLS errors instead of panicking

Browse Source 
When resolveInboundMTLSProfileForRoute fails for the global profile, emit a
zerolog error and continue without applying that pool. Apply inbound mTLS from
the global profile only when err is nil and pool is non-nil.

Add yaml struct tags to InboundMTLSProfile alongside json for YAML config
loading.

Clarify no-op stub methods in inbound_mtls_validation_test with comments.
This commit is contained in:
yusing
2026-04-13 17:14:58 +08:00
parent 2a6ad90b72
commit b082d6dc77
3 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/config/inbound_mtls_validation_test.go
View File

@@ -80,14 +80,15 @@ func (s *stubState) AutoCertProvider() server.CertProvider { return nil }
func (s *stubState) LoadOrStoreProvider(string, types.RouteProvider) (types.RouteProvider, bool) {
return nil, false
}
func (s *stubState) DeleteProvider(string) {}
func (s *stubState) DeleteProvider(string) { /* no-op: test stub */ }
func (s *stubState) IterProviders() iter.Seq2[string, types.RouteProvider] {
// no-op: returns empty iterator
return func(func(string, types.RouteProvider) bool) {}
}
func (s *stubState) NumProviders() int { return 0 }
func (s *stubState) StartProviders() error { return nil }
func (s *stubState) FlushTmpLog() {}
func (s *stubState) StartAPIServers() {}
func (s *stubState) StartMetrics() {}
func (s *stubState) NumProviders() int { return 0 } // no-op: test stub
func (s *stubState) StartProviders() error { return nil } // no-op: test stub
func (s *stubState) FlushTmpLog() { /* no-op: test stub */ }
func (s *stubState) StartAPIServers() { /* no-op: test stub */ }
func (s *stubState) StartMetrics() { /* no-op: test stub */ }
var _ config.State = (*stubState)(nil)

5
internal/entrypoint/inbound_mtls.go
View File

@@ -7,6 +7,7 @@ import (
"fmt"
"os"
"github.com/rs/zerolog/log"
"github.com/yusing/godoxy/internal/types"
gperr "github.com/yusing/goutils/errs"
)
@@ -88,9 +89,9 @@ func (srv *httpServer) mutateServerTLSConfig(base *tls.Config) *tls.Config {
}
pool, err := srv.resolveInboundMTLSProfileForRoute(nil)
if err != nil {
panic(err)
log.Err(err).Msg("inbound mTLS: failed to resolve global profile, falling back to per-route mTLS")
}
if pool != nil {
if pool != nil && err == nil {
return applyInboundMTLSProfile(base, pool)
}

4
internal/types/inbound_mtls.go
View File

@@ -3,8 +3,8 @@ package types
import "errors"
type InboundMTLSProfile struct {
UseSystemCAs bool `json:"use_system_cas,omitempty"`
CAFiles []string `json:"ca_files,omitempty" validate:"omitempty,dive,filepath"`
UseSystemCAs bool `json:"use_system_cas,omitempty" yaml:"use_system_cas,omitempty"`
CAFiles []string `json:"ca_files,omitempty" yaml:"ca_files,omitempty" validate:"omitempty,dive,filepath"`
}
func (cfg InboundMTLSProfile) Validate() error {