From b082d6dc77f1a076fa985c8abe870f9520c43bb6 Mon Sep 17 00:00:00 2001 From: yusing Date: Mon, 13 Apr 2026 17:14:58 +0800 Subject: [PATCH] fix(entrypoint): log global inbound mTLS errors instead of panicking When resolveInboundMTLSProfileForRoute fails for the global profile, emit a zerolog error and continue without applying that pool. Apply inbound mTLS from the global profile only when err is nil and pool is non-nil. Add yaml struct tags to InboundMTLSProfile alongside json for YAML config loading. Clarify no-op stub methods in inbound_mtls_validation_test with comments. --- internal/config/inbound_mtls_validation_test.go | 13 +++++++------ internal/entrypoint/inbound_mtls.go | 5 +++-- internal/types/inbound_mtls.go | 4 ++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/internal/config/inbound_mtls_validation_test.go b/internal/config/inbound_mtls_validation_test.go index 1be42872..e218b994 100644 --- a/internal/config/inbound_mtls_validation_test.go +++ b/internal/config/inbound_mtls_validation_test.go @@ -80,14 +80,15 @@ func (s *stubState) AutoCertProvider() server.CertProvider { return nil } func (s *stubState) LoadOrStoreProvider(string, types.RouteProvider) (types.RouteProvider, bool) { return nil, false } -func (s *stubState) DeleteProvider(string) {} +func (s *stubState) DeleteProvider(string) { /* no-op: test stub */ } func (s *stubState) IterProviders() iter.Seq2[string, types.RouteProvider] { + // no-op: returns empty iterator return func(func(string, types.RouteProvider) bool) {} } -func (s *stubState) NumProviders() int { return 0 } -func (s *stubState) StartProviders() error { return nil } -func (s *stubState) FlushTmpLog() {} -func (s *stubState) StartAPIServers() {} -func (s *stubState) StartMetrics() {} +func (s *stubState) NumProviders() int { return 0 } // no-op: test stub +func (s *stubState) StartProviders() error { return nil } // no-op: test stub +func (s *stubState) FlushTmpLog() { /* no-op: test stub */ } +func (s *stubState) StartAPIServers() { /* no-op: test stub */ } +func (s *stubState) StartMetrics() { /* no-op: test stub */ } var _ config.State = (*stubState)(nil) diff --git a/internal/entrypoint/inbound_mtls.go b/internal/entrypoint/inbound_mtls.go index 2f91e1ba..ecfd0c6b 100644 --- a/internal/entrypoint/inbound_mtls.go +++ b/internal/entrypoint/inbound_mtls.go @@ -7,6 +7,7 @@ import ( "fmt" "os" + "github.com/rs/zerolog/log" "github.com/yusing/godoxy/internal/types" gperr "github.com/yusing/goutils/errs" ) @@ -88,9 +89,9 @@ func (srv *httpServer) mutateServerTLSConfig(base *tls.Config) *tls.Config { } pool, err := srv.resolveInboundMTLSProfileForRoute(nil) if err != nil { - panic(err) + log.Err(err).Msg("inbound mTLS: failed to resolve global profile, falling back to per-route mTLS") } - if pool != nil { + if pool != nil && err == nil { return applyInboundMTLSProfile(base, pool) } diff --git a/internal/types/inbound_mtls.go b/internal/types/inbound_mtls.go index bb179cdd..9340d414 100644 --- a/internal/types/inbound_mtls.go +++ b/internal/types/inbound_mtls.go @@ -3,8 +3,8 @@ package types import "errors" type InboundMTLSProfile struct { - UseSystemCAs bool `json:"use_system_cas,omitempty"` - CAFiles []string `json:"ca_files,omitempty" validate:"omitempty,dive,filepath"` + UseSystemCAs bool `json:"use_system_cas,omitempty" yaml:"use_system_cas,omitempty"` + CAFiles []string `json:"ca_files,omitempty" yaml:"ca_files,omitempty" validate:"omitempty,dive,filepath"` } func (cfg InboundMTLSProfile) Validate() error {