fix(Makefile): exclude specific directories from gomod_paths search

Send early HTTP 100 Continue response before processing to avoid
timeouts, and propagate request context through the verification flow
for proper cancellation handling.

.github/workflows/docker-image-compat.yml

@@ -0,0 +1,20 @@
+name: Docker Image CI (compat)
+
+on:
+  push:
+    branches:
+      - compat
+
+jobs:
+  build-compat:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy
+      tag: latest-compat
+      target: main
+  build-compat-agent:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy-agent
+      tag: latest-compat
+      target: agent

.github/workflows/docker-image-nightly.yml

@@ -8,6 +8,7 @@ on:
       - "**" # matches every branch
       - "!dependabot/*"
       - "!main" # excludes main
+      - "!compat" # excludes compat branch
 
 jobs:
   build-nightly:

.gitignore

@@ -14,30 +14,34 @@ data/
 debug/
 
 logs/
+log/
 
 .vscode/settings.json
 
+go.work.sum
+
 !cmd/**/
 !internal/**/
 
 todo.md
 
 .*.swp
+.aider*
 mtrace.json
 .env
 *.env
+.cursorrules
 .cursor/
+.windsurfrules
 test.Dockerfile
 
+node_modules/
+tsconfig.tsbuildinfo
+
 !agent.compose.yml
 !agent/pkg/**
 dev-data/
 
 RELEASE_NOTES.md
 CLAUDE.md
-.kilocode/**
-
-!.trunk/configs
-
-# minified files
-**/*-min.*
+.kilocode/**

.golangci.yml

@@ -47,7 +47,6 @@ linters:
     errcheck:
       exclude-functions:
         - fmt.Fprintln
-        - (*gin.Context).Error # gin context error handler
     forbidigo:
       forbid:
         - pattern: ^print(ln)?$
@@ -56,15 +55,21 @@ linters:
       statements: 120
     gocyclo:
       min-complexity: 14
-    godoclint:
-      ignore: internal/api/v1/.+
     godox:
       keywords:
         - FIXME
+    gomoddirectives:
+      replace-allow-list:
+        - github.com/abbot/go-http-auth
+        - github.com/gorilla/mux
+        - github.com/mailgun/minheap
+        - github.com/mailgun/multibuf
+        - github.com/jaguilar/vt100
+        - github.com/cucumber/godog
+        - github.com/http-wasm/http-wasm-host-go
     govet:
       disable:
         - shadow
-        - fieldalignment
       enable-all: true
     misspell:
       locale: US
@@ -101,7 +106,8 @@ linters:
       checks:
         - all
         - -SA1019
-        - -QF1008 # keep embedded field selector for clarity
+      dot-import-whitelist:
+        - github.com/yusing/godoxy/internal/utils/testing
     tagalign:
       align: false
       sort: true
@@ -129,8 +135,9 @@ linters:
       - legacy
       - std-error-handling
     paths:
+      - third_party$
+      - builtin$
       - examples$
-      - internal/api/v1/.+
 formatters:
   enable:
     - gofmt
@@ -139,7 +146,6 @@ formatters:
   exclusions:
     generated: lax
     paths:
+      - third_party$
+      - builtin$
       - examples$
-      - internal/api/v1/.+
-run:
-  tests: false

.trunk/configs/.markdownlint.yaml

@@ -1,2 +0,0 @@
-# Prettier friendly markdownlint config (all formatting rules disabled)
-extends: markdownlint/style/prettier

.trunk/configs/.yamllint.yaml

@@ -1,7 +0,0 @@
-rules:
-  quoted-strings:
-    required: only-when-needed
-    extra-allowed: ["{|}"]
-  key-duplicates: {}
-  octal-values:
-    forbid-implicit-octal: true

.trunk/trunk.yaml

@@ -7,45 +7,36 @@ cli:
 plugins:
   sources:
     - id: trunk
-      ref: v1.7.4
+      ref: v1.7.2
       uri: https://github.com/trunk-io/plugins
 # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
 runtimes:
   enabled:
     - node@22.16.0
     - python@3.10.8
-    - go@1.26.0
+    - go@1.24.3
 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
 lint:
   disabled:
-    - bandit
-    - black
-    - isort
-    - ruff
+    - markdownlint
+    - yamllint
   enabled:
-    - yamllint@1.38.0
-    - markdownlint@0.47.0
-    - checkov@3.2.501
-    - golangci-lint2@2.9.0
+    - checkov@3.2.471
+    - golangci-lint2@2.5.0
     - hadolint@2.14.0
-    - actionlint@1.7.10
+    - actionlint@1.7.7
     - git-diff-check
     - gofmt@1.20.4
-    - osv-scanner@2.3.3
-    - oxipng@10.1.0
-    - prettier@3.8.1
+    - osv-scanner@2.2.2
+    - oxipng@9.1.5
+    - prettier@3.6.2
     - shellcheck@0.11.0
     - shfmt@3.6.0
-    - trufflehog@3.93.3
-  ignore:
-    - linters: [ALL]
-      paths:
-        - internal/api/v1/docs/**
-
+    - trufflehog@3.90.8
 actions:
   disabled:
     - trunk-announce
-  enabled:
-    - trunk-upgrade-available
     - trunk-check-pre-push
     - trunk-fmt-pre-commit
+  enabled:
+    - trunk-upgrade-available

CODE_OF_CONDUCT.md

@@ -1,128 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
-
-Examples of unacceptable behavior include:
-
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-yusing@6uo.me.
-All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series
-of actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or
-permanent ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within
-the community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
-
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.

Dockerfile

@@ -1,11 +1,10 @@
 # Stage 1: deps
-FROM golang:1.26.0-alpine AS deps
+FROM golang:1.25.6-alpine AS deps
 HEALTHCHECK NONE
 
 # package version does not matter
-# libgcc and libstdc++ are needed for bun
 # trunk-ignore(hadolint/DL3018)
-RUN apk add --no-cache tzdata make libcap-setcap libgcc libstdc++
+RUN apk add --no-cache tzdata make libcap-setcap
 
 ENV GOPATH=/root/go
 ENV GOCACHE=/root/.cache/go-build
@@ -18,10 +17,6 @@ COPY internal/gopsutil/go.mod internal/gopsutil/go.sum ./internal/gopsutil/
 COPY internal/go-proxmox/go.mod internal/go-proxmox/go.sum ./internal/go-proxmox/
 COPY go.mod go.sum ./
 
-# for minify-js
-COPY --from=oven/bun:1.3.9-alpine /usr/local/bin/bun /usr/local/bin/bun
-COPY --from=oven/bun:1.3.9-alpine /usr/local/bin/bunx /usr/local/bin/bunx
-
 # remove godoxy stuff from go.mod first
 RUN --mount=type=cache,target=/root/.cache/go-build \
   --mount=type=cache,target=/root/go/pkg/mod \

Makefile

@@ -1,5 +1,5 @@
 shell := /bin/sh
-export VERSION ?= $(shell git describe --tags --abbrev=0 2>/dev/null)
+export VERSION ?= $(shell git describe --tags --abbrev=0)
 export BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 export BUILD_DATE ?= $(shell date -u +'%Y%m%d-%H%M')
 export GOOS = linux
@@ -117,27 +117,12 @@ mod-tidy:
 		cd ${PWD}/$$path && go mod tidy; \
 	done
 
-minify-js:
-	@if [ "${agent}" = "1" ]; then \
-		echo "minify-js: skipped for agent"; \
-	elif [ "${socket-proxy}" = "1" ]; then \
-		echo "minify-js: skipped for socket-proxy"; \
-	else \
-		for file in $$(find internal/ -name '*.js' | grep -v -- '-min\.js$$'); do \
-			ext="$${file##*.}"; \
-			base="$${file%.*}"; \
-			min_file="$${base}-min.$$ext"; \
-			echo "minifying $$file -> $$min_file"; \
-			bunx --bun uglify-js $$file --compress --mangle --output $$min_file; \
-		done \
-	fi
-
-build: minify-js
+build:
 	mkdir -p $(shell dirname ${BIN_PATH})
 	go build -C ${PWD} ${BUILD_FLAGS} -o ${BIN_PATH} ./cmd
 	${POST_BUILD}
 
-run: minify-js
+run:
 	cd ${PWD} && [ -f .env ] && godotenv -f .env go run ${BUILD_FLAGS} ./cmd
 
 dev:
@@ -147,12 +132,16 @@ dev-build: build
 	docker compose -f dev.compose.yml up -t 0 -d app --force-recreate
 
 benchmark:
-	@TARGETS="$(TARGET)"; \
-	if [ -z "$$TARGETS" ]; then TARGETS="godoxy traefik caddy nginx"; fi; \
-	trap 'docker compose -f dev.compose.yml down $$TARGETS' EXIT; \
-	docker compose -f dev.compose.yml up -d --force-recreate $$TARGETS; \
-	sleep 1; \
-	./scripts/benchmark.sh
+	@if [ -z "$(TARGET)" ]; then \
+		docker compose -f dev.compose.yml up -d --force-recreate godoxy traefik caddy nginx; \
+	else \
+		docker compose -f dev.compose.yml up -d --force-recreate $(TARGET); \
+	fi
+	sleep 1
+	@./scripts/benchmark.sh
+
+dev-run: build
+	cd dev-data && ${BIN_PATH}
 
 rapid-crash:
 	docker run --restart=always --name test_crash -p 80 debian:bookworm-slim /bin/cat &&\
@@ -186,7 +175,8 @@ gen-swagger-markdown: gen-swagger
 gen-api-types: gen-swagger
 	# --disable-throw-on-error
 	bunx --bun swagger-typescript-api generate --sort-types --generate-union-enums --axios --add-readonly --route-types \
-		 --responses -o ${WEBUI_DIR}/src/lib -n api.ts -p internal/api/v1/docs/swagger.json
+		 --responses -o ${WEBUI_DIR}/lib -n api.ts -p internal/api/v1/docs/swagger.json
+	bunx --bun prettier --config ${WEBUI_DIR}/.prettierrc --write ${WEBUI_DIR}/lib/api.ts
 
 .PHONY: update-wiki
 update-wiki:

agent/cmd/main.go

@@ -19,6 +19,7 @@ import (
 	"github.com/yusing/godoxy/agent/pkg/handler"
 	"github.com/yusing/godoxy/internal/metrics/systeminfo"
 	socketproxy "github.com/yusing/godoxy/socketproxy/pkg"
+	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/task"
 	"github.com/yusing/goutils/version"
@@ -71,7 +72,7 @@ Tips:
 	// - Otherwise: route to HTTPS API handler
 	tcpListener, err := net.ListenTCP("tcp", &net.TCPAddr{Port: env.AgentPort})
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed to listen on port")
+		gperr.LogFatal("failed to listen on port", err)
 	}
 
 	caCertPool := x509.NewCertPool()
@@ -147,7 +148,7 @@ Tips:
 		log.Info().Msgf("%s socket listening on: %s", runtime, socketproxy.ListenAddr)
 		l, err := net.Listen("tcp", socketproxy.ListenAddr)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed to listen on port")
+			gperr.LogFatal("failed to listen on port", err)
 		}
 		errLog := log.Logger.With().Str("level", "error").Str("component", "socketproxy").Logger()
 		srv := http.Server{
@@ -157,15 +158,10 @@ Tips:
 			},
 			ErrorLog: stdlog.New(&errLog, "", 0),
 		}
-		go func() {
-			err := srv.Serve(l)
-			if err != nil && !errors.Is(err, http.ErrServerClosed) {
-				log.Error().Err(err).Msg("socket proxy server stopped with error")
-			}
-		}()
+		srv.Serve(l)
 	}
 
-	systeminfo.Poller.Start(t)
+	systeminfo.Poller.Start()
 
 	task.WaitExit(3)
 }

agent/go.mod

@@ -1,11 +1,6 @@
 module github.com/yusing/godoxy/agent
 
-go 1.26.0
-
-exclude (
-	github.com/moby/moby/api v1.53.0 // allow older daemon versions
-	github.com/moby/moby/client v0.2.2 // allow older daemon versions
-)
+go 1.25.6
 
 replace (
 	github.com/shirou/gopsutil/v4 => ../internal/gopsutil
@@ -19,15 +14,16 @@ replace (
 
 exclude github.com/containerd/nerdctl/mod/tigron v0.0.0
 
+exclude github.com/yusing/godoxy/internal/utils v0.0.0-20250927032450-e2aeef3a863f
+
 require (
-	github.com/bytedance/sonic v1.15.0
 	github.com/gin-gonic/gin v1.11.0
 	github.com/gorilla/websocket v1.5.3
-	github.com/pion/dtls/v3 v3.1.2
+	github.com/pion/dtls/v3 v3.0.10
 	github.com/pion/transport/v3 v3.1.1
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.11.1
-	github.com/yusing/godoxy v0.25.3
+	github.com/yusing/godoxy v0.25.2
 	github.com/yusing/godoxy/socketproxy v0.0.0-00010101000000-000000000000
 	github.com/yusing/goutils v0.7.0
 )
@@ -36,6 +32,7 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
 	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
@@ -43,12 +40,13 @@ require (
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v29.2.1+incompatible // indirect
+	github.com/docker/cli v29.2.0+incompatible // indirect
+	github.com/docker/docker v28.5.2+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -60,15 +58,16 @@ require (
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect
-	github.com/klauspost/compress v1.18.4 // indirect
+	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/moby/api v1.52.0 // indirect
-	github.com/moby/moby/client v0.2.1 // indirect
+	github.com/moby/moby/api v1.53.0 // indirect
+	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -76,12 +75,13 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/puzpuzpuz/xsync/v4 v4.4.0 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.59.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.26.1 // indirect
+	github.com/shirou/gopsutil/v4 v4.25.12 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
@@ -90,20 +90,22 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.69.0 // indirect
 	github.com/yusing/ds v0.4.1 // indirect
-	github.com/yusing/gointernals v0.2.0 // indirect
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260211095624-f5a276d5c58b // indirect
-	github.com/yusing/goutils/http/websocket v0.0.0-20260211095624-f5a276d5c58b // indirect
+	github.com/yusing/gointernals v0.1.16 // indirect
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468 // indirect
+	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
-	golang.org/x/arch v0.24.0 // indirect
-	golang.org/x/crypto v0.48.0 // indirect
-	golang.org/x/net v0.50.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
-	golang.org/x/text v0.34.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

agent/go.sum

@@ -1,3 +1,5 @@
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
@@ -24,6 +26,8 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
 github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -37,8 +41,10 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
-github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
+github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -49,8 +55,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
-github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
@@ -95,12 +101,14 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
-github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
-github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -128,15 +136,21 @@ github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
 github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
-github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
-github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
+github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
+github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
+github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -145,16 +159,17 @@ github.com/oschwald/maxminddb-golang v1.13.1 h1:G3wwjdN9JmIK2o/ermkHM+98oX5fS+k5
 github.com/oschwald/maxminddb-golang v1.13.1/go.mod h1:K4pgV9N/GcK694KSTmVSDTODk4IsCNThNdTmnaBZ/F8=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
-github.com/pion/dtls/v3 v3.1.2 h1:gqEdOUXLtCGW+afsBLO0LtDD8GnuBBjEy6HRtyofZTc=
-github.com/pion/dtls/v3 v3.1.2/go.mod h1:Hw/igcX4pdY69z1Hgv5x7wJFrUkdgHwAn/Q/uo7YHRo=
+github.com/pion/dtls/v3 v3.0.10 h1:k9ekkq1kaZoxnNEbyLKI8DI37j/Nbk1HWmMuywpQJgg=
+github.com/pion/dtls/v3 v3.0.10/go.mod h1:YEmmBYIoBsY3jmG56dsziTv/Lca9y4Om83370CXfqJ8=
 github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
 github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
 github.com/pion/transport/v3 v3.1.1 h1:Tr684+fnnKlhPceU+ICdrw6KKkTms+5qHMgw6bIkYOM=
 github.com/pion/transport/v3 v3.1.1/go.mod h1:+c2eewC5WJQHiAA46fkMMzoYZSuGzA/7E2FPrOYHctQ=
 github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
-github.com/pires/go-proxyproto v0.11.0 h1:gUQpS85X/VJMdUsYyEgyn59uLJvGqPhJV5YvG68wXH4=
-github.com/pires/go-proxyproto v0.11.0/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
+github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN0s1U=
+github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
@@ -174,10 +189,10 @@ github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
 github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
-github.com/samber/slog-common v0.20.0 h1:WaLnm/aCvBJSk5nR5aXZTFBaV0B47A+AEaEOiZDeUnc=
-github.com/samber/slog-common v0.20.0/go.mod h1:+Ozat1jgnnE59UAlmNX1IF3IByHsODnnwf9jUcBZ+m8=
-github.com/samber/slog-zerolog/v2 v2.9.1 h1:RMOq8XqzfuGx1X0TEIlS9OXbbFmqLY2/wJppghz66YY=
-github.com/samber/slog-zerolog/v2 v2.9.1/go.mod h1:DQYYve14WgCRN/XnKeHl4266jXK0DgYkYXkfZ4Fp98k=
+github.com/samber/slog-common v0.19.0 h1:fNcZb8B2uOLooeYwFpAlKjkQTUafdjfqKcwcC89G9YI=
+github.com/samber/slog-common v0.19.0/go.mod h1:dTz+YOU76aH007YUU0DffsXNsGFQRQllPQh9XyNoA3M=
+github.com/samber/slog-zerolog/v2 v2.9.0 h1:6LkOabJmZdNLaUWkTC3IVVA+dq7b/V0FM6lz6/7+THI=
+github.com/samber/slog-zerolog/v2 v2.9.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
 github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
 github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
@@ -210,38 +225,44 @@ github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZ
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yusing/ds v0.4.1 h1:syMCh7hO6Yw8xfcFkEaln3W+lVeWB/U/meYv6Wf2/Ig=
 github.com/yusing/ds v0.4.1/go.mod h1:XhKV4l7cZwBbbl7lRzNC9zX27zvCM0frIwiuD40ULRk=
-github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtSVvg=
-github.com/yusing/gointernals v0.2.0/go.mod h1:xGzNbPGMm5Z8kG0t4JYISMscw+gMQlgghkLxlgRZv5Y=
+github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
+github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
-go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
+go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
 go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
-golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
-golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
-golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
-golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -250,14 +271,20 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
+google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
+google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -268,5 +295,3 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
-pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

agent/pkg/agent/config.go

@@ -216,7 +216,7 @@ func (cfg *AgentConfig) InitWithCerts(ctx context.Context, ca, crt, key []byte)
 	cfg.l = log.With().Str("agent", cfg.Name).Logger()
 
 	if err := streamUnsupportedErrs.Error(); err != nil {
-		cfg.l.Warn().Err(err).Msg("agent has limited/no stream tunneling support, TCP and UDP routes via agent will not work")
+		gperr.LogWarn("agent has limited/no stream tunneling support, TCP and UDP routes via agent will not work", err, &cfg.l)
 	}
 
 	if serverVersion.IsNewerThanMajor(cfg.Version) {

agent/pkg/agent/stream/tests/server_flow_test.go

@@ -102,7 +102,6 @@ func TestUDPServer_RejectInvalidClient(t *testing.T) {
 
 	srv := startUDPServer(t, certs)
 
-
 	// Try to connect with a client cert from a different CA
 	_, err = stream.NewUDPClient(srv.Addr.String(), dstAddr, certs.CaCert, invalidClientCert)
 	require.Error(t, err, "expected error when connecting with client cert from different CA")

agent/pkg/agentproxy/config.go

@@ -2,11 +2,11 @@ package agentproxy
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"net/http"
 	"strconv"
 	"time"
 
-	"github.com/bytedance/sonic"
 	route "github.com/yusing/godoxy/internal/route/types"
 )
 
@@ -53,7 +53,7 @@ func proxyConfigFromHeaders(h http.Header) (cfg Config, err error) {
 		return cfg, err
 	}
 
-	err = sonic.Unmarshal(cfgJSON, &cfg)
+	err = json.Unmarshal(cfgJSON, &cfg)
 	return cfg, err
 }
 
@@ -67,7 +67,7 @@ func (cfg *Config) SetAgentProxyConfigHeadersLegacy(h http.Header) {
 func (cfg *Config) SetAgentProxyConfigHeaders(h http.Header) {
 	h.Set(HeaderXProxyHost, cfg.Host)
 	h.Set(HeaderXProxyScheme, string(cfg.Scheme))
-	cfgJSON, _ := sonic.Marshal(cfg.HTTPConfig)
+	cfgJSON, _ := json.Marshal(cfg.HTTPConfig)
 	cfgBase64 := base64.StdEncoding.EncodeToString(cfgJSON)
 	h.Set(HeaderXProxyConfig, cfgBase64)
 }

agent/pkg/handler/check_health.go

@@ -1,6 +1,7 @@
 package handler
 
 import (
+	"encoding/json"
 	"net"
 	"net/http"
 	"net/url"
@@ -8,7 +9,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bytedance/sonic"
 	healthcheck "github.com/yusing/godoxy/internal/health/check"
 	"github.com/yusing/godoxy/internal/types"
 )
@@ -73,7 +73,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	sonic.ConfigDefault.NewEncoder(w).Encode(result)
+	json.NewEncoder(w).Encode(result)
 }
 
 func parseMsOrDefault(msStr string) time.Duration {

agent/pkg/handler/handler.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
+	"encoding/json"
 	"net/http"
 
-	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -51,7 +51,7 @@ func NewAgentHandler() http.Handler {
 			Runtime: env.Runtime,
 		}
 		w.Header().Set("Content-Type", "application/json")
-		sonic.ConfigDefault.NewEncoder(w).Encode(agentInfo)
+		json.NewEncoder(w).Encode(agentInfo)
 	})
 	mux.HandleEndpoint("GET", agent.EndpointHealth, CheckHealth)
 	mux.HandleEndpoint("GET", agent.EndpointSystemInfo, metricsHandler.ServeHTTP)

cmd/bench_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.26.0-alpine AS builder
+FROM golang:1.25.6-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/bench_server/go.mod

@@ -1,3 +1,3 @@
 module github.com/yusing/godoxy/cmd/bench_server
 
-go 1.26.0
+go 1.25.6

cmd/debug_page.go

@@ -181,6 +181,7 @@ func newApiHandler(debugMux *debugMux) *gin.Engine {
 		registerGinRoute(v1, "GET", "Route favicon", "/favicon", apiV1.FavIcon)
 		registerGinRoute(v1, "GET", "Route health", "/health", apiV1.Health)
 		registerGinRoute(v1, "GET", "List icons", "/icons", apiV1.Icons)
+		registerGinRoute(v1, "POST", "Config reload", "/reload", apiV1.Reload)
 		registerGinRoute(v1, "GET", "Route stats", "/stats", apiV1.Stats)
 
 		route := v1.Group("/route")

cmd/h2c_test_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.26.0-alpine AS builder
+FROM golang:1.25.6-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/h2c_test_server/go.mod

@@ -1,7 +1,7 @@
 module github.com/yusing/godoxy/cmd/h2c_test_server
 
-go 1.26.0
+go 1.25.6
 
-require golang.org/x/net v0.50.0
+require golang.org/x/net v0.49.0
 
-require golang.org/x/text v0.34.0 // indirect
+require golang.org/x/text v0.33.0 // indirect

cmd/h2c_test_server/go.sum

@@ -1,4 +1,4 @@
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=

cmd/main.go

@@ -1,12 +1,12 @@
 package main
 
 import (
-	"errors"
 	"os"
 	"sync"
 	"time"
 
 	"github.com/rs/zerolog/log"
+	"github.com/yusing/godoxy/internal/api"
 	"github.com/yusing/godoxy/internal/auth"
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/config"
@@ -14,8 +14,12 @@ import (
 	iconlist "github.com/yusing/godoxy/internal/homepage/icons/list"
 	"github.com/yusing/godoxy/internal/logging"
 	"github.com/yusing/godoxy/internal/logging/memlogger"
+	"github.com/yusing/godoxy/internal/metrics/systeminfo"
+	"github.com/yusing/godoxy/internal/metrics/uptime"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
 	"github.com/yusing/godoxy/internal/route/rules"
+	gperr "github.com/yusing/goutils/errs"
+	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/task"
 	"github.com/yusing/goutils/version"
 )
@@ -47,6 +51,7 @@ func main() {
 	parallel(
 		dnsproviders.InitProviders,
 		iconlist.InitCache,
+		systeminfo.Poller.Start,
 		middleware.LoadComposeFiles,
 	)
 
@@ -61,19 +66,35 @@ func main() {
 
 	err := config.Load()
 	if err != nil {
-		if criticalErr, ok := errors.AsType[config.CriticalError](err); ok {
-			log.Fatal().Err(criticalErr).Msg("critical error in config")
-		}
-		log.Warn().Err(err).Msg("errors in config")
+		gperr.LogWarn("errors in config", err)
 	}
 
+	config.StartProxyServers()
+
 	if err := auth.Initialize(); err != nil {
 		log.Fatal().Err(err).Msg("failed to initialize authentication")
 	}
 	rules.InitAuthHandler(auth.AuthOrProceed)
 
+	// API Handler needs to start after auth is initialized.
+	server.StartServer(task.RootTask("api_server", false), server.Options{
+		Name:     "api",
+		HTTPAddr: common.APIHTTPAddr,
+		Handler:  api.NewHandler(true),
+	})
+
+	// Local API Handler is used for unauthenticated access.
+	if common.LocalAPIHTTPAddr != "" {
+		server.StartServer(task.RootTask("local_api_server", false), server.Options{
+			Name:     "local_api",
+			HTTPAddr: common.LocalAPIHTTPAddr,
+			Handler:  api.NewHandler(false),
+		})
+	}
+
 	listenDebugServer()
 
+	uptime.Poller.Start()
 	config.WatchChanges()
 
 	close(done)

compose.example.yml

@@ -31,8 +31,8 @@ services:
     user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000}
     read_only: true
     tmpfs:
-      - /tmp:rw
-      - /app/node_modules/.cache:rw
+      - /app/.next/cache # next image caching
+
       # for lite variant, do not change uid/gid
       # - /var/cache/nginx:uid=101,gid=101
       # - /run:uid=101,gid=101

go.mod

@@ -1,11 +1,6 @@
 module github.com/yusing/godoxy
 
-go 1.26.0
-
-exclude (
-	github.com/moby/moby/api v1.53.0 // allow older daemon versions
-	github.com/moby/moby/client v0.2.2 // allow older daemon versions
-)
+go 1.25.6
 
 replace (
 	github.com/coreos/go-oidc/v3 => ./internal/go-oidc
@@ -19,9 +14,12 @@ replace (
 	github.com/yusing/goutils/server => ./goutils/server
 )
 
+exclude github.com/luthermonson/go-proxmox v0.3.0
+
 require (
 	github.com/PuerkitoBio/goquery v1.11.0 // parsing HTML for extract fav icon; modify_html middleware
 	github.com/coreos/go-oidc/v3 v3.17.0 // oidc authentication
+	github.com/docker/docker v28.5.2+incompatible // docker daemon
 	github.com/fsnotify/fsnotify v1.9.0 // file watcher
 	github.com/gin-gonic/gin v1.11.0 // api server
 	github.com/go-acme/lego/v4 v4.31.0 // acme client
@@ -30,40 +28,38 @@ require (
 	github.com/gorilla/websocket v1.5.3 // websocket for API and agent
 	github.com/gotify/server/v2 v2.8.0 // reference the Message struct for json response
 	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
-	github.com/pires/go-proxyproto v0.11.0 // proxy protocol support
+	github.com/pires/go-proxyproto v0.9.2 // proxy protocol support
 	github.com/puzpuzpuz/xsync/v4 v4.4.0 // lock free map for concurrent operations
 	github.com/rs/zerolog v1.34.0 // logging
 	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
-	golang.org/x/crypto v0.48.0 // encrypting password with bcrypt
-	golang.org/x/net v0.50.0 // HTTP header utilities
-	golang.org/x/oauth2 v0.35.0 // oauth2 authentication
+	golang.org/x/crypto v0.47.0 // encrypting password with bcrypt
+	golang.org/x/net v0.49.0 // HTTP header utilities
+	golang.org/x/oauth2 v0.34.0 // oauth2 authentication
 	golang.org/x/sync v0.19.0 // errgroup and singleflight for concurrent operations
 	golang.org/x/time v0.14.0 // time utilities
 )
 
 require (
 	github.com/bytedance/gopkg v0.1.3 // xxhash64 for fast hash
-	github.com/bytedance/sonic v1.15.0 // fast json parsing
-	github.com/docker/cli v29.2.1+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
+	github.com/bytedance/sonic v1.15.0 // indirect; fast json parsing
+	github.com/docker/cli v29.2.0+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
 	github.com/goccy/go-yaml v1.19.2 // yaml parsing for different config files
-	github.com/golang-jwt/jwt/v5 v5.3.1 // jwt authentication
-	github.com/luthermonson/go-proxmox v0.3.2 // proxmox API client
-	github.com/moby/moby/api v1.52.0 // docker API
-	github.com/moby/moby/client v0.2.1 // docker client
-	github.com/oschwald/maxminddb-golang v1.13.1 // maxminddb for geoip database
+	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/luthermonson/go-proxmox v0.3.2
+	github.com/oschwald/maxminddb-golang v1.13.1
 	github.com/quic-go/quic-go v0.59.0 // http3 support
-	github.com/shirou/gopsutil/v4 v4.26.1 // system information
+	github.com/shirou/gopsutil/v4 v4.25.12 // system information
 	github.com/spf13/afero v1.15.0 // afero for file system operations
 	github.com/stretchr/testify v1.11.1 // testing framework
 	github.com/valyala/fasthttp v1.69.0 // fast http for health check
 	github.com/yusing/ds v0.4.1 // data structures and algorithms
-	github.com/yusing/godoxy/agent v0.0.0-20260211033321-22f03488e998
-	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260211033321-22f03488e998
-	github.com/yusing/gointernals v0.2.0
+	github.com/yusing/godoxy/agent v0.0.0-20260129101716-0f13004ad6ba
+	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260129101716-0f13004ad6ba
+	github.com/yusing/gointernals v0.1.16
 	github.com/yusing/goutils v0.7.0
-	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260211095624-f5a276d5c58b
-	github.com/yusing/goutils/http/websocket v0.0.0-20260211095624-f5a276d5c58b
-	github.com/yusing/goutils/server v0.0.0-20260211095624-f5a276d5c58b
+	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468
+	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468
+	github.com/yusing/goutils/server v0.0.0-20260129081554-24e52ede7468
 )
 
 require (
@@ -89,7 +85,7 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ebitengine/purego v0.9.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -98,8 +94,8 @@ require (
 	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.12 // indirect
-	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jinzhu/copier v0.4.0 // indirect
@@ -121,36 +117,39 @@ require (
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/samber/lo v1.52.0 // indirect
-	github.com/samber/slog-common v0.20.0 // indirect
-	github.com/samber/slog-zerolog/v2 v2.9.1 // indirect
+	github.com/samber/slog-common v0.19.0 // indirect
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/atomic v1.11.0
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
-	golang.org/x/text v0.34.0 // indirect
-	golang.org/x/tools v0.42.0 // indirect
-	google.golang.org/api v0.266.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect
-	google.golang.org/grpc v1.79.1 // indirect
+	golang.org/x/mod v0.32.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/tools v0.41.0 // indirect
+	google.golang.org/api v0.263.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/grpc v1.78.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
+require github.com/moby/moby/api v1.53.0
+
 require (
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
@@ -160,6 +159,7 @@ require (
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
@@ -169,28 +169,33 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
-	github.com/klauspost/compress v1.18.4 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
+	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
-	github.com/linode/linodego v1.65.0 // indirect
+	github.com/linode/linodego v1.64.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
+	github.com/moby/sys/atomicwriter v0.1.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
-	github.com/pion/dtls/v3 v3.1.2 // indirect
+	github.com/pion/dtls/v3 v3.0.10 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/pquerna/otp v1.5.0 // indirect
+	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
-	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/vultr/govultr/v3 v3.27.0 // indirect
+	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	golang.org/x/arch v0.24.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	golang.org/x/arch v0.23.0 // indirect
 )

go.sum

@@ -23,6 +23,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
@@ -65,6 +67,8 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -76,8 +80,10 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
-github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
-github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
+github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -94,8 +100,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
-github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
@@ -151,14 +157,16 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.12 h1:Fg+zsqzYEs1ZnvmcztTYxhgCBsx3eEhEwQ1W/lHq/sQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.12/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
-github.com/googleapis/gax-go/v2 v2.17.0 h1:RksgfBpxqff0EZkDWYuz9q/uWsTVz+kf43LsZ1J6SMc=
-github.com/googleapis/gax-go/v2 v2.17.0/go.mod h1:mzaqghpQp4JDh3HvADwrat+6M3MOIDp5YKHhb9PAgDY=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11 h1:vAe81Msw+8tKUxi2Dqh/NZMz7475yUvmRIkXr4oN2ao=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11/go.mod h1:RFV7MUdlb7AgEq2v7FmMCfeSMCllAzWxFgRdusoGks8=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
@@ -177,8 +185,8 @@ github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
-github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
@@ -191,8 +199,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.65.0 h1:SdsuGD8VSsPWeShXpE7ihl5vec+fD3MgwhnfYC/rj7k=
-github.com/linode/linodego v1.65.0/go.mod h1:tOFiTErdjkbVnV+4S0+NmIE9dqqZUEM2HsJaGu8wMh8=
+github.com/linode/linodego v1.64.0 h1:If6pULIwHuQytgogtpQaBdVLX7z2TTHUF5u1tj2TPiY=
+github.com/linode/linodego v1.64.0/go.mod h1:GoiwLVuLdBQcAebxAVKVL3mMYUgJZR/puOUSla04xBE=
 github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=
 github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
 github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
@@ -214,23 +222,29 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
-github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
-github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
+github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
+github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
+github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
+github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
+github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1 h1:3oOIAQ9Fd2qTKTS/VlWmvKyBPKKhXBcCXjRZqOUypI4=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1 h1:2H75475moAv1hVVYlOk815KfqeiFCiQ7ovqn3OnN6FY=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1/go.mod h1:9HGOXiiQxcsG+4amgdr4xBIMq6IchdLW/nQDyZz07IE=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 h1:eMzyN+jGJbxG4ut278uwIsUo9XacXc711lFjhKnaUso=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 h1:t34IpOa+8NfmjkU8bdWtYrLrmr346/FGhu8FlpJDQok=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0/go.mod h1:p95/OxVsdx71I2Qrck1GtIS87sRxcTRKXzUi5nWm9NY=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -245,16 +259,17 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
 github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pion/dtls/v3 v3.1.2 h1:gqEdOUXLtCGW+afsBLO0LtDD8GnuBBjEy6HRtyofZTc=
-github.com/pion/dtls/v3 v3.1.2/go.mod h1:Hw/igcX4pdY69z1Hgv5x7wJFrUkdgHwAn/Q/uo7YHRo=
+github.com/pion/dtls/v3 v3.0.10 h1:k9ekkq1kaZoxnNEbyLKI8DI37j/Nbk1HWmMuywpQJgg=
+github.com/pion/dtls/v3 v3.0.10/go.mod h1:YEmmBYIoBsY3jmG56dsziTv/Lca9y4Om83370CXfqJ8=
 github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
 github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
 github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
-github.com/pires/go-proxyproto v0.11.0 h1:gUQpS85X/VJMdUsYyEgyn59uLJvGqPhJV5YvG68wXH4=
-github.com/pires/go-proxyproto v0.11.0/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
+github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN0s1U=
+github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
@@ -278,10 +293,10 @@ github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
 github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
-github.com/samber/slog-common v0.20.0 h1:WaLnm/aCvBJSk5nR5aXZTFBaV0B47A+AEaEOiZDeUnc=
-github.com/samber/slog-common v0.20.0/go.mod h1:+Ozat1jgnnE59UAlmNX1IF3IByHsODnnwf9jUcBZ+m8=
-github.com/samber/slog-zerolog/v2 v2.9.1 h1:RMOq8XqzfuGx1X0TEIlS9OXbbFmqLY2/wJppghz66YY=
-github.com/samber/slog-zerolog/v2 v2.9.1/go.mod h1:DQYYve14WgCRN/XnKeHl4266jXK0DgYkYXkfZ4Fp98k=
+github.com/samber/slog-common v0.19.0 h1:fNcZb8B2uOLooeYwFpAlKjkQTUafdjfqKcwcC89G9YI=
+github.com/samber/slog-common v0.19.0/go.mod h1:dTz+YOU76aH007YUU0DffsXNsGFQRQllPQh9XyNoA3M=
+github.com/samber/slog-zerolog/v2 v2.9.0 h1:6LkOabJmZdNLaUWkTC3IVVA+dq7b/V0FM6lz6/7+THI=
+github.com/samber/slog-zerolog/v2 v2.9.0/go.mod h1:gnQW9VnCfM34v2pRMUIGMsZOVbYLqY/v0Wxu6atSVGc=
 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 h1:ObX9hZmK+VmijreZO/8x9pQ8/P/ToHD/bdSb4Eg4tUo=
 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36/go.mod h1:LEsDu4BubxK7/cWhtlQWfuxwL4rf/2UEpxXz1o1EMtM=
 github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
@@ -312,16 +327,16 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
 github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
-github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
-github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
+github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZyVI=
 github.com/valyala/fasthttp v1.69.0/go.mod h1:4wA4PfAraPlAsJ5jMSqCE2ug5tqUPwKXxVj8oNECGcw=
 github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
 github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
-github.com/vultr/govultr/v3 v3.27.0 h1:J8etMyu/Jh5+idMsu2YZpOWmDXXHeW4VZnkYXmJYHx8=
-github.com/vultr/govultr/v3 v3.27.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
+github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
+github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
@@ -329,49 +344,55 @@ github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfS
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusing/ds v0.4.1 h1:syMCh7hO6Yw8xfcFkEaln3W+lVeWB/U/meYv6Wf2/Ig=
 github.com/yusing/ds v0.4.1/go.mod h1:XhKV4l7cZwBbbl7lRzNC9zX27zvCM0frIwiuD40ULRk=
-github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtSVvg=
-github.com/yusing/gointernals v0.2.0/go.mod h1:xGzNbPGMm5Z8kG0t4JYISMscw+gMQlgghkLxlgRZv5Y=
+github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
+github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
-go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
+go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
 go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
-golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -381,10 +402,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
-golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
-golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -400,6 +421,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -412,8 +434,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -432,8 +454,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -442,21 +464,21 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.266.0 h1:hco+oNCf9y7DmLeAtHJi/uBAY7n/7XC9mZPxu1ROiyk=
-google.golang.org/api v0.266.0/go.mod h1:Jzc0+ZfLnyvXma3UtaTl023TdhZu6OMBP9tJ+0EmFD0=
-google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 h1:VQZ/yAbAtjkHgH80teYd2em3xtIkkHd7ZhqfH2N9CsM=
-google.golang.org/genproto v0.0.0-20260128011058-8636f8732409/go.mod h1:rxKD3IEILWEu3P44seeNOAwZN4SaoKaQ/2eTg4mM6EM=
-google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=
-google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY=
-google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/api v0.263.0 h1:UFs7qn8gInIdtk1ZA6eXRXp5JDAnS4x9VRsRVCeKdbk=
+google.golang.org/api v0.263.0/go.mod h1:fAU1xtNNisHgOF5JooAs8rRaTkl2rT3uaoNGo9NS3R8=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
+google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
+google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -472,5 +494,3 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
-pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

internal/acl/README.md

@@ -54,13 +54,13 @@ type Matchers []Matcher
 ### Exported functions and methods
 
 ```go
-func (c *Config) Validate() error
+func (c *Config) Validate() gperr.Error
 ```
 
 Validates configuration and sets defaults. Must be called before `Start`.
 
 ```go
-func (c *Config) Start(parent task.Parent) error
+func (c *Config) Start(parent task.Parent) gperr.Error
 ```
 
 Initializes the ACL, starts the logger and notification goroutines.
@@ -169,14 +169,14 @@ Configuration is loaded from `config/config.yml` under the `acl` key.
 
 ```yaml
 acl:
-  default: "allow" # "allow" or "deny"
-  allow_local: true # Allow private/loopback IPs
+  default: "allow"              # "allow" or "deny"
+  allow_local: true             # Allow private/loopback IPs
   log:
-    log_allowed: false # Log allowed connections
+    log_allowed: false          # Log allowed connections
   notify:
-    to: ["gotify"] # Notification providers
-    interval: "1m" # Notification interval
-    include_allowed: false # Include allowed in notifications
+    to: ["gotify"]              # Notification providers
+    interval: "1m"              # Notification interval
+    include_allowed: false      # Include allowed in notifications
 ```
 
 ### Hot-reloading

internal/acl/config.go

@@ -14,7 +14,6 @@ import (
 	"github.com/yusing/godoxy/internal/maxmind"
 	"github.com/yusing/godoxy/internal/notif"
 	gperr "github.com/yusing/goutils/errs"
-	aclevents "github.com/yusing/goutils/events/acl"
 	strutils "github.com/yusing/goutils/strings"
 	"github.com/yusing/goutils/task"
 )
@@ -67,16 +66,16 @@ type config struct {
 type checkCache struct {
 	*maxmind.IPInfo
 	allow   bool
-	reason  string
 	created time.Time
 }
 
 type ipLog struct {
 	info    *maxmind.IPInfo
 	allowed bool
-	reason  string
 }
 
+type ContextKey struct{}
+
 const cacheTTL = 1 * time.Minute
 
 func (c *checkCache) Expired() bool {
@@ -90,7 +89,7 @@ const (
 	ACLDeny  = "deny"
 )
 
-func (c *Config) Validate() error {
+func (c *Config) Validate() gperr.Error {
 	switch c.Default {
 	case "", ACLAllow:
 		c.defaultAllow = true
@@ -134,10 +133,7 @@ func (c *Config) Valid() bool {
 	return c != nil && c.valErr == nil
 }
 
-func (c *Config) Start(parent task.Parent) error {
-	if c.valErr != nil {
-		return c.valErr
-	}
+func (c *Config) Start(parent task.Parent) gperr.Error {
 	if c.Log != nil {
 		logger, err := accesslog.NewAccessLogger(parent, c.Log)
 		if err != nil {
@@ -145,6 +141,9 @@ func (c *Config) Start(parent task.Parent) error {
 		}
 		c.logger = logger
 	}
+	if c.valErr != nil {
+		return c.valErr
+	}
 
 	if c.needLogOrNotify() {
 		c.logNotifyCh = make(chan ipLog, 100)
@@ -171,14 +170,13 @@ func (c *Config) Start(parent task.Parent) error {
 	return nil
 }
 
-func (c *Config) cacheRecord(info *maxmind.IPInfo, allow bool, reason string) {
+func (c *Config) cacheRecord(info *maxmind.IPInfo, allow bool) {
 	if common.ForceResolveCountry && info.City == nil {
 		maxmind.LookupCity(info)
 	}
 	c.ipCache.Store(info.Str, &checkCache{
 		IPInfo:  info,
 		allow:   allow,
-		reason:  reason,
 		created: time.Now(),
 	})
 }
@@ -215,26 +213,23 @@ func (c *Config) logNotifyLoop(parent task.Parent) {
 		select {
 		case <-parent.Context().Done():
 			return
-		case req := <-c.logNotifyCh:
+		case log := <-c.logNotifyCh:
 			if c.logger != nil {
-				if !req.allowed || c.logAllowed {
-					c.logger.LogACL(req.info, !req.allowed, req.reason)
+				if !log.allowed || c.logAllowed {
+					c.logger.LogACL(log.info, !log.allowed)
 				}
 			}
 			if c.needNotify() {
-				if req.allowed {
+				if log.allowed {
 					if c.notifyAllowed {
-						c.allowedCount[req.info.Str]++
+						c.allowedCount[log.info.Str]++
 						c.totalAllowedCount++
 					}
 				} else {
-					c.blockedCount[req.info.Str]++
+					c.blockedCount[log.info.Str]++
 					c.totalBlockedCount++
 				}
 			}
-			if !req.allowed {
-				aclevents.Blocked(req.info.Str, req.reason)
-			}
 		case <-c.notifyTicker.C: // will never tick when notify is disabled
 			total := len(c.allowedCount) + len(c.blockedCount)
 			if total == 0 {
@@ -266,9 +261,9 @@ func (c *Config) logNotifyLoop(parent task.Parent) {
 }
 
 // log and notify if needed
-func (c *Config) logAndNotify(info *maxmind.IPInfo, allowed bool, reason string) {
+func (c *Config) logAndNotify(info *maxmind.IPInfo, allowed bool) {
 	if c.logNotifyCh != nil {
-		c.logNotifyCh <- ipLog{info: info, allowed: allowed, reason: reason}
+		c.logNotifyCh <- ipLog{info: info, allowed: allowed}
 	}
 }
 
@@ -283,36 +278,30 @@ func (c *Config) IPAllowed(ip net.IP) bool {
 	}
 
 	if c.allowLocal && ip.IsPrivate() {
-		c.logAndNotify(&maxmind.IPInfo{IP: ip, Str: ip.String()}, true, "allowed by allow_local rule")
+		c.logAndNotify(&maxmind.IPInfo{IP: ip, Str: ip.String()}, true)
 		return true
 	}
 
 	ipStr := ip.String()
 	record, ok := c.ipCache.Load(ipStr)
 	if ok && !record.Expired() {
-		c.logAndNotify(record.IPInfo, record.allow, record.reason)
+		c.logAndNotify(record.IPInfo, record.allow)
 		return record.allow
 	}
 
 	ipAndStr := &maxmind.IPInfo{IP: ip, Str: ipStr}
-	if index := c.Deny.MatchedIndex(ipAndStr); index != -1 {
-		reason := "blocked by deny rule: " + c.Deny[index].raw
-		c.logAndNotify(ipAndStr, false, reason)
-		c.cacheRecord(ipAndStr, false, reason)
+	if c.Deny.Match(ipAndStr) {
+		c.logAndNotify(ipAndStr, false)
+		c.cacheRecord(ipAndStr, false)
 		return false
 	}
-	if index := c.Allow.MatchedIndex(ipAndStr); index != -1 {
-		reason := "allowed by allow rule: " + c.Allow[index].raw
-		c.logAndNotify(ipAndStr, true, reason)
-		c.cacheRecord(ipAndStr, true, reason)
+	if c.Allow.Match(ipAndStr) {
+		c.logAndNotify(ipAndStr, true)
+		c.cacheRecord(ipAndStr, true)
 		return true
 	}
 
-	reason := "denied by default"
-	if c.defaultAllow {
-		reason = "allowed by default"
-	}
-	c.logAndNotify(ipAndStr, c.defaultAllow, reason)
-	c.cacheRecord(ipAndStr, c.defaultAllow, reason)
+	c.logAndNotify(ipAndStr, c.defaultAllow)
+	c.cacheRecord(ipAndStr, c.defaultAllow)
 	return c.defaultAllow
 }

internal/acl/matcher.go

@@ -2,7 +2,6 @@ package acl
 
 import (
 	"bytes"
-	"errors"
 	"net"
 	"strings"
 
@@ -39,9 +38,9 @@ var errMatcherFormat = gperr.Multiline().AddLines(
 )
 
 var (
-	errSyntax      = errors.New("syntax error")
-	errInvalidIP   = errors.New("invalid IP")
-	errInvalidCIDR = errors.New("invalid CIDR")
+	errSyntax      = gperr.New("syntax error")
+	errInvalidIP   = gperr.New("invalid IP")
+	errInvalidCIDR = gperr.New("invalid CIDR")
 )
 
 func (matcher *Matcher) Parse(s string) error {
@@ -83,15 +82,6 @@ func (matchers Matchers) Match(ip *maxmind.IPInfo) bool {
 	return false
 }
 
-func (matchers Matchers) MatchedIndex(ip *maxmind.IPInfo) int {
-	for i, m := range matchers {
-		if m.match(ip) {
-			return i
-		}
-	}
-	return -1
-}
-
 func (matchers Matchers) MarshalText() ([]byte, error) {
 	if len(matchers) == 0 {
 		return []byte("[]"), nil

internal/acl/tcp_listener.go

@@ -5,8 +5,6 @@ import (
 	"io"
 	"net"
 	"time"
-
-	"github.com/rs/zerolog/log"
 )
 
 type TCPListener struct {
@@ -46,7 +44,6 @@ func (s *TCPListener) Accept() (net.Conn, error) {
 	}
 	addr, ok := c.RemoteAddr().(*net.TCPAddr)
 	if !ok {
-		log.Error().Msgf("unexpected remote address type: %T, addr: %s", c.RemoteAddr(), c.RemoteAddr().String())
 		// Not a TCPAddr, drop
 		c.Close()
 		return noConn{}, nil

internal/acl/types/acl.go

@@ -1,9 +0,0 @@
-package acl
-
-import "net"
-
-type ACL interface {
-	IPAllowed(ip net.IP) bool
-	WrapTCP(l net.Listener) net.Listener
-	WrapUDP(l net.PacketConn) net.PacketConn
-}

internal/acl/types/context.go

@@ -1,16 +0,0 @@
-package acl
-
-import "context"
-
-type ContextKey struct{}
-
-func SetCtx(ctx interface{ SetValue(any, any) }, acl ACL) {
-	ctx.SetValue(ContextKey{}, acl)
-}
-
-func FromCtx(ctx context.Context) ACL {
-	if acl, ok := ctx.Value(ContextKey{}).(ACL); ok {
-		return acl
-	}
-	return nil
-}

internal/acl/udp_listener.go

@@ -4,8 +4,6 @@ import (
 	"errors"
 	"net"
 	"time"
-
-	"github.com/rs/zerolog/log"
 )
 
 type UDPListener struct {
@@ -35,7 +33,6 @@ func (s *UDPListener) ReadFrom(p []byte) (int, net.Addr, error) {
 		}
 		udpAddr, ok := addr.(*net.UDPAddr)
 		if !ok {
-			log.Error().Msgf("unexpected remote address type: %T, addr: %s", addr, addr.String())
 			// Not a UDPAddr, drop
 			continue
 		}
@@ -55,7 +52,6 @@ func (s *UDPListener) WriteTo(p []byte, addr net.Addr) (int, error) {
 		}
 		udpAddr, ok := addr.(*net.UDPAddr)
 		if !ok {
-			log.Error().Msgf("unexpected remote address type: %T, addr: %s", addr, addr.String())
 			// Not a UDPAddr, drop
 			continue
 		}

internal/agentpool/http_requests.go

@@ -2,12 +2,12 @@ package agentpool
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"time"
 
-	"github.com/bytedance/sonic"
 	"github.com/gorilla/websocket"
 	"github.com/valyala/fasthttp"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -63,7 +63,7 @@ func (cfg *Agent) DoHealthCheck(timeout time.Duration, query string) (ret Health
 		ret.Detail = fmt.Sprintf("HTTP %d %s", status, resp.Body())
 		return ret, nil
 	} else {
-		err = sonic.Unmarshal(resp.Body(), &ret)
+		err = json.Unmarshal(resp.Body(), &ret)
 		if err != nil {
 			return ret, err
 		}

internal/api/handler.go

@@ -2,10 +2,8 @@ package api
 
 import (
 	"net/http"
-	"reflect"
 
 	"github.com/gin-gonic/gin"
-	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog/log"
 	apiV1 "github.com/yusing/godoxy/internal/api/v1"
@@ -21,23 +19,22 @@ import (
 	"github.com/yusing/godoxy/internal/auth"
 	"github.com/yusing/godoxy/internal/common"
 	apitypes "github.com/yusing/goutils/apitypes"
+	gperr "github.com/yusing/goutils/errs"
 )
 
-// NewHandler creates a new Gin engine for the API.
-//
 // @title           GoDoxy API
 // @version         1.0
 // @description     GoDoxy API
 // @termsOfService  https://github.com/yusing/godoxy/blob/main/LICENSE
-//
+
 // @contact.name   Yusing
 // @contact.url    https://github.com/yusing/godoxy/issues
-//
+
 // @license.name  MIT
 // @license.url   https://github.com/yusing/godoxy/blob/main/LICENSE
-//
+
 // @BasePath  /api/v1
-//
+
 // @externalDocs.description  GoDoxy Docs
 // @externalDocs.url          https://docs.godoxy.dev
 func NewHandler(requireAuth bool) *gin.Engine {
@@ -49,8 +46,6 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	r.Use(ErrorLoggingMiddleware())
 	r.Use(NoCache())
 
-	log.Debug().Msg("gin codec json.API: " + reflect.TypeOf(json.API).Name())
-
 	r.GET("/api/v1/version", apiV1.Version)
 
 	if auth.IsEnabled() && requireAuth {
@@ -77,8 +72,8 @@ func NewHandler(requireAuth bool) *gin.Engine {
 		v1.GET("/favicon", apiV1.FavIcon)
 		v1.GET("/health", apiV1.Health)
 		v1.GET("/icons", apiV1.Icons)
+		v1.POST("/reload", apiV1.Reload)
 		v1.GET("/stats", apiV1.Stats)
-		v1.GET("/events", apiV1.Events)
 
 		route := v1.Group("/route")
 		{
@@ -205,8 +200,9 @@ func ErrorHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		c.Next()
 		if len(c.Errors) > 0 {
+			logger := log.With().Str("uri", c.Request.RequestURI).Logger()
 			for _, err := range c.Errors {
-				log.Err(err.Err).Str("uri", c.Request.RequestURI).Msg("Internal error")
+				gperr.LogError("Internal error", err.Err, &logger)
 			}
 			if !c.IsWebsocket() {
 				c.JSON(http.StatusInternalServerError, apitypes.Error("Internal server error"))

internal/api/v1/agent/verify.go

@@ -2,7 +2,6 @@ package agentapi
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"net/http"
 	"os"
@@ -14,6 +13,7 @@ import (
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/route/provider"
 	apitypes "github.com/yusing/goutils/apitypes"
+	gperr "github.com/yusing/goutils/errs"
 )
 
 type VerifyNewAgentRequest struct {
@@ -84,9 +84,9 @@ func Verify(c *gin.Context) {
 	c.JSON(http.StatusOK, apitypes.Success(fmt.Sprintf("Added %d routes", nRoutesAdded)))
 }
 
-var errAgentAlreadyExists = errors.New("agent already exists")
+var errAgentAlreadyExists = gperr.New("agent already exists")
 
-func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client agent.PEMPair, containerRuntime agent.ContainerRuntime) (int, error) {
+func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client agent.PEMPair, containerRuntime agent.ContainerRuntime) (int, gperr.Error) {
 	var agentCfg agent.AgentConfig
 	agentCfg.Addr = host
 	agentCfg.Runtime = containerRuntime
@@ -105,12 +105,12 @@ func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client a
 
 	err := agentCfg.InitWithCerts(ctx, ca.Cert, client.Cert, client.Key)
 	if err != nil {
-		return 0, fmt.Errorf("failed to initialize agent config: %w", err)
+		return 0, gperr.Wrap(err, "failed to initialize agent config")
 	}
 
 	provider := provider.NewAgentProvider(&agentCfg)
 	if _, loaded := cfgState.LoadOrStoreProvider(provider.String(), provider); loaded {
-		return 0, fmt.Errorf("provider %s already exists", provider.String())
+		return 0, gperr.Errorf("provider %s already exists", provider.String())
 	}
 
 	// agent must be added before loading routes
@@ -122,7 +122,7 @@ func verifyNewAgent(ctx context.Context, host string, ca agent.PEMPair, client a
 	if err != nil {
 		cfgState.DeleteProvider(provider.String())
 		agentpool.Remove(&agentCfg)
-		return 0, fmt.Errorf("failed to load routes: %w", err)
+		return 0, gperr.Wrap(err, "failed to load routes")
 	}
 
 	return provider.NumRoutes(), nil

internal/api/v1/cert/info.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/yusing/godoxy/internal/autocert"
-	autocertctx "github.com/yusing/godoxy/internal/autocert/types"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
@@ -22,7 +21,7 @@ import (
 // @Failure		500	{object}	apitypes.ErrorResponse "Internal server error"
 // @Router		/cert/info [get]
 func Info(c *gin.Context) {
-	provider := autocertctx.FromCtx(c.Request.Context())
+	provider := autocert.ActiveProvider.Load()
 	if provider == nil {
 		c.JSON(http.StatusNotFound, apitypes.Error("autocert is not enabled"))
 		return

internal/api/v1/cert/renew.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
-	autocertctx "github.com/yusing/godoxy/internal/autocert/types"
+	"github.com/yusing/godoxy/internal/autocert"
 	"github.com/yusing/godoxy/internal/logging/memlogger"
 	apitypes "github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/websocket"
@@ -23,8 +23,8 @@ import (
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/cert/renew [get]
 func Renew(c *gin.Context) {
-	provider := autocertctx.FromCtx(c.Request.Context())
-	if provider == nil {
+	autocert := autocert.ActiveProvider.Load()
+	if autocert == nil {
 		c.JSON(http.StatusNotFound, apitypes.Error("autocert is not enabled"))
 		return
 	}
@@ -59,7 +59,7 @@ func Renew(c *gin.Context) {
 	}()
 
 	// renewal happens in background
-	ok := provider.ForceExpiryAll()
+	ok := autocert.ForceExpiryAll()
 	if !ok {
 		log.Error().Msg("cert renewal already in progress")
 		time.Sleep(1 * time.Second) // wait for the log above to be sent
@@ -67,5 +67,5 @@ func Renew(c *gin.Context) {
 	}
 	log.Info().Msg("cert force renewal requested")
 
-	provider.WaitRenewalDone(manager.Context())
+	autocert.WaitRenewalDone(manager.Context())
 }

internal/api/v1/docker/container.go

@@ -4,7 +4,6 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -43,22 +42,22 @@ func GetContainer(c *gin.Context) {
 
 	defer dockerClient.Close()
 
-	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id, client.ContainerInspectOptions{})
+	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to inspect container"))
 		return
 	}
 
 	var state ContainerState
-	if cont.Container.State != nil {
-		state = cont.Container.State.Status
+	if cont.State != nil {
+		state = cont.State.Status
 	}
 
 	c.JSON(http.StatusOK, &Container{
 		Server: dockerCfg.URL,
-		Name:   cont.Container.Name,
-		ID:     cont.Container.ID,
-		Image:  cont.Container.Image,
+		Name:   cont.Name,
+		ID:     cont.ID,
+		Image:  cont.Image,
 		State:  state,
 	})
 }

internal/api/v1/docker/containers.go

@@ -4,10 +4,8 @@ import (
 	"context"
 	"sort"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/api/types/container"
-	"github.com/moby/moby/client"
-	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
 
 	_ "github.com/yusing/goutils/apitypes"
@@ -37,18 +35,18 @@ func Containers(c *gin.Context) {
 	serveHTTP[Container](c, GetContainers)
 }
 
-func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Container, error) {
+func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Container, gperr.Error) {
 	errs := gperr.NewBuilder("failed to get containers")
 	containers := make([]Container, 0)
-	for name, dockerClient := range dockerClients {
-		conts, err := dockerClient.ContainerList(ctx, client.ContainerListOptions{All: true})
+	for server, dockerClient := range dockerClients {
+		conts, err := dockerClient.ContainerList(ctx, container.ListOptions{All: true})
 		if err != nil {
-			errs.AddSubject(err, name)
+			errs.Add(err)
 			continue
 		}
-		for _, cont := range conts.Items {
+		for _, cont := range conts {
 			containers = append(containers, Container{
-				Server: name,
+				Server: server,
 				Name:   cont.Names[0],
 				ID:     cont.ID,
 				Image:  cont.Image,
@@ -60,10 +58,11 @@ func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Containe
 		return containers[i].Name < containers[j].Name
 	})
 	if err := errs.Error(); err != nil {
-		if len(containers) > 0 {
-			log.Err(err).Msg("failed to get containers from some servers")
-			return containers, nil
+		gperr.LogError("failed to get containers", err)
+		if len(containers) == 0 {
+			return nil, err
 		}
+		return containers, nil
 	}
-	return containers, errs.Error()
+	return containers, nil
 }

internal/api/v1/docker/info.go

@@ -4,9 +4,8 @@ import (
 	"context"
 	"sort"
 
+	dockerSystem "github.com/docker/docker/api/types/system"
 	"github.com/gin-gonic/gin"
-	dockerSystem "github.com/moby/moby/api/types/system"
-	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 
@@ -59,19 +58,19 @@ func Info(c *gin.Context) {
 	serveHTTP[dockerInfo](c, GetDockerInfo)
 }
 
-func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerInfo, error) {
+func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerInfo, gperr.Error) {
 	errs := gperr.NewBuilder("failed to get docker info")
 	dockerInfos := make([]dockerInfo, len(dockerClients))
 
 	i := 0
 	for name, dockerClient := range dockerClients {
-		info, err := dockerClient.Info(ctx, client.InfoOptions{})
+		info, err := dockerClient.Info(ctx)
 		if err != nil {
-			errs.AddSubject(err, name)
+			errs.Add(err)
 			continue
 		}
-		info.Info.Name = name
-		dockerInfos[i] = toDockerInfo(info.Info)
+		info.Name = name
+		dockerInfos[i] = toDockerInfo(info)
 		i++
 	}
 

internal/api/v1/docker/logs.go

@@ -7,9 +7,9 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/api/pkg/stdcopy"
-	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -73,7 +73,7 @@ func Logs(c *gin.Context) {
 	}
 	defer dockerClient.Close()
 
-	opts := client.ContainerLogsOptions{
+	opts := container.LogsOptions{
 		ShowStdout: queryParams.Stdout,
 		ShowStderr: queryParams.Stderr,
 		Since:      queryParams.Since,

internal/api/v1/docker/restart.go

@@ -4,23 +4,17 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
-type RestartRequest struct {
-	ID string `json:"id" binding:"required"`
-	client.ContainerRestartOptions
-}
-
 // @x-id				"restart"
 // @BasePath		/api/v1
 // @Summary		Restart container
 // @Description	Restart container by container id
 // @Tags			docker
 // @Produce		json
-// @Param			request	body	RestartRequest	true	"Request"
+// @Param			request	body		StopRequest	true	"Request"
 // @Success		200	{object}  apitypes.SuccessResponse
 // @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -28,7 +22,7 @@ type RestartRequest struct {
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/docker/restart [post]
 func Restart(c *gin.Context) {
-	var req RestartRequest
+	var req StopRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
 		return
@@ -48,7 +42,7 @@ func Restart(c *gin.Context) {
 
 	defer client.Close()
 
-	_, err = client.ContainerRestart(c.Request.Context(), req.ID, req.ContainerRestartOptions)
+	err = client.ContainerRestart(c.Request.Context(), req.ID, req.StopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
 		return

internal/api/v1/docker/start.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StartRequest struct {
 	ID string `json:"id" binding:"required"`
-	client.ContainerStartOptions
+	container.StartOptions
 }
 
 // @x-id				"start"
@@ -48,7 +48,7 @@ func Start(c *gin.Context) {
 
 	defer client.Close()
 
-	_, err = client.ContainerStart(c.Request.Context(), req.ID, req.ContainerStartOptions)
+	err = client.ContainerStart(c.Request.Context(), req.ID, req.StartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to start container"))
 		return

internal/api/v1/docker/stats.go

@@ -8,9 +8,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/moby/moby/api/types/container"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/types"
 	apitypes "github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/httpheaders"
@@ -44,7 +43,7 @@ func Stats(c *gin.Context) {
 	dockerCfg, ok := docker.GetDockerCfgByContainerID(id)
 	if !ok {
 		var route types.Route
-		route, ok = entrypoint.FromCtx(c.Request.Context()).GetRoute(id)
+		route, ok = routes.GetIncludeExcluded(id)
 		if ok {
 			cont := route.ContainerInfo()
 			if cont == nil {
@@ -68,7 +67,7 @@ func Stats(c *gin.Context) {
 	defer dockerClient.Close()
 
 	if httpheaders.IsWebsocket(c.Request.Header) {
-		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: true})
+		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, true)
 		if err != nil {
 			c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 			return
@@ -102,7 +101,7 @@ func Stats(c *gin.Context) {
 		}
 	}
 
-	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: false})
+	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, false)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 		return

internal/api/v1/docker/stop.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StopRequest struct {
 	ID string `json:"id" binding:"required"`
-	client.ContainerStopOptions
+	container.StopOptions
 }
 
 // @x-id				"stop"
@@ -48,7 +48,7 @@ func Stop(c *gin.Context) {
 
 	defer client.Close()
 
-	_, err = client.ContainerStop(c.Request.Context(), req.ID, req.ContainerStopOptions)
+	err = client.ContainerStop(c.Request.Context(), req.ID, req.StopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
 		return

internal/api/v1/docker/utils.go

@@ -8,6 +8,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
+	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
 )
@@ -38,7 +39,7 @@ func handleResult[V any, T ResultType[V]](c *gin.Context, errs error, result T)
 	c.JSON(http.StatusOK, result)
 }
 
-func serveHTTP[V any, T ResultType[V]](c *gin.Context, getResult func(ctx context.Context, dockerClients DockerClients) (T, error)) {
+func serveHTTP[V any, T ResultType[V]](c *gin.Context, getResult func(ctx context.Context, dockerClients DockerClients) (T, gperr.Error)) {
 	dockerClients := docker.Clients()
 	defer closeAllClients(dockerClients)
 

internal/api/v1/docs/swagger.json

@@ -837,45 +837,6 @@
         "operationId": "stop"
       }
     },
-    "/events": {
-      "get": {
-        "consumes": [
-          "application/json"
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "v1"
-        ],
-        "summary": "Get events history",
-        "responses": {
-          "200": {
-            "description": "OK",
-            "schema": {
-              "type": "array",
-              "items": {
-                "$ref": "#/definitions/Event"
-              }
-            }
-          },
-          "403": {
-            "description": "Forbidden: unauthorized",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
-          },
-          "500": {
-            "description": "Internal Server Error: internal error",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
-          }
-        },
-        "x-id": "events",
-        "operationId": "events"
-      }
-    },
     "/favicon": {
       "get": {
         "description": "Get favicon",
@@ -1258,12 +1219,6 @@
             "schema": {
               "$ref": "#/definitions/ErrorResponse"
             }
-          },
-          "500": {
-            "description": "Internal Server Error",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
           }
         },
         "x-id": "categories",
@@ -1382,12 +1337,6 @@
             "schema": {
               "$ref": "#/definitions/ErrorResponse"
             }
-          },
-          "500": {
-            "description": "Internal Server Error",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
           }
         },
         "x-id": "items",
@@ -2871,6 +2820,43 @@
         "operationId": "tail"
       }
     },
+    "/reload": {
+      "post": {
+        "description": "Reload config",
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "v1"
+        ],
+        "summary": "Reload config",
+        "responses": {
+          "200": {
+            "description": "OK",
+            "schema": {
+              "$ref": "#/definitions/SuccessResponse"
+            }
+          },
+          "403": {
+            "description": "Forbidden",
+            "schema": {
+              "$ref": "#/definitions/ErrorResponse"
+            }
+          },
+          "500": {
+            "description": "Internal Server Error",
+            "schema": {
+              "$ref": "#/definitions/ErrorResponse"
+            }
+          }
+        },
+        "x-id": "reload",
+        "operationId": "reload"
+      }
+    },
     "/route/by_provider": {
       "get": {
         "description": "List routes by provider",
@@ -3824,42 +3810,6 @@
       "x-nullable": false,
       "x-omitempty": false
     },
-    "Event": {
-      "type": "object",
-      "properties": {
-        "action": {
-          "type": "string",
-          "x-nullable": false,
-          "x-omitempty": false
-        },
-        "category": {
-          "type": "string",
-          "x-nullable": false,
-          "x-omitempty": false
-        },
-        "data": {
-          "x-nullable": false,
-          "x-omitempty": false
-        },
-        "level": {
-          "$ref": "#/definitions/events.Level",
-          "x-nullable": false,
-          "x-omitempty": false
-        },
-        "timestamp": {
-          "type": "string",
-          "x-nullable": false,
-          "x-omitempty": false
-        },
-        "uuid": {
-          "type": "string",
-          "x-nullable": false,
-          "x-omitempty": false
-        }
-      },
-      "x-nullable": false,
-      "x-omitempty": false
-    },
     "FileType": {
       "type": "string",
       "enum": [
@@ -4029,6 +3979,7 @@
       "type": "object",
       "properties": {
         "latency": {
+          "description": "latency in microseconds",
           "type": "number",
           "x-nullable": false,
           "x-omitempty": false
@@ -4047,6 +3998,7 @@
           "x-omitempty": false
         },
         "uptime": {
+          "description": "uptime in milliseconds",
           "type": "number",
           "x-nullable": false,
           "x-omitempty": false
@@ -4122,7 +4074,7 @@
     "HealthMap": {
       "type": "object",
       "additionalProperties": {
-        "$ref": "#/definitions/HealthInfoWithoutDetail"
+        "$ref": "#/definitions/HealthStatusString"
       },
       "x-nullable": false,
       "x-omitempty": false
@@ -5107,7 +5059,6 @@
           "x-omitempty": false
         },
         "validationError": {
-          "description": "we need the structured error, not the plain string",
           "x-nullable": false,
           "x-omitempty": false
         }
@@ -5143,7 +5094,6 @@
       "type": "object",
       "properties": {
         "executionError": {
-          "description": "we need the structured error, not the plain string",
           "x-nullable": false,
           "x-omitempty": false
         },
@@ -5379,6 +5329,7 @@
           "x-omitempty": false
         },
         "bind": {
+          "description": "for TCP and UDP routes, bind address to listen on",
           "type": "string",
           "x-nullable": true
         },
@@ -6740,23 +6691,6 @@
       "x-nullable": false,
       "x-omitempty": false
     },
-    "events.Level": {
-      "type": "string",
-      "enum": [
-        "debug",
-        "info",
-        "warn",
-        "error"
-      ],
-      "x-enum-varnames": [
-        "LevelDebug",
-        "LevelInfo",
-        "LevelWarn",
-        "LevelError"
-      ],
-      "x-nullable": false,
-      "x-omitempty": false
-    },
     "icons.Source": {
       "type": "string",
       "enum": [

internal/api/v1/docs/swagger.yaml

@@ -295,20 +295,6 @@ definitions:
       message:
         type: string
     type: object
-  Event:
-    properties:
-      action:
-        type: string
-      category:
-        type: string
-      data: {}
-      level:
-        $ref: '#/definitions/events.Level'
-      timestamp:
-        type: string
-      uuid:
-        type: string
-    type: object
   FileType:
     enum:
     - config
@@ -389,6 +375,7 @@ definitions:
   HealthInfoWithoutDetail:
     properties:
       latency:
+        description: latency in microseconds
         type: number
       status:
         enum:
@@ -400,6 +387,7 @@ definitions:
         - unknown
         type: string
       uptime:
+        description: uptime in milliseconds
         type: number
     type: object
   HealthJSON:
@@ -433,7 +421,7 @@ definitions:
     type: object
   HealthMap:
     additionalProperties:
-      $ref: '#/definitions/HealthInfoWithoutDetail'
+      $ref: '#/definitions/HealthStatusString'
     type: object
   HealthStatusString:
     enum:
@@ -894,8 +882,7 @@ definitions:
         type: string
       "on":
         type: string
-      validationError:
-        description: we need the structured error, not the plain string
+      validationError: {}
     type: object
   PlaygroundRequest:
     properties:
@@ -912,8 +899,7 @@ definitions:
     type: object
   PlaygroundResponse:
     properties:
-      executionError:
-        description: we need the structured error, not the plain string
+      executionError: {}
       finalRequest:
         $ref: '#/definitions/FinalRequest'
       finalResponse:
@@ -1021,6 +1007,7 @@ definitions:
       alias:
         type: string
       bind:
+        description: for TCP and UDP routes, bind address to listen on
         type: string
         x-nullable: true
       container:
@@ -1759,18 +1746,6 @@ definitions:
     required:
     - id
     type: object
-  events.Level:
-    enum:
-    - debug
-    - info
-    - warn
-    - error
-    type: string
-    x-enum-varnames:
-    - LevelDebug
-    - LevelInfo
-    - LevelWarn
-    - LevelError
   icons.Source:
     enum:
     - https://
@@ -2477,31 +2452,6 @@ paths:
       tags:
       - docker
       x-id: stop
-  /events:
-    get:
-      consumes:
-      - application/json
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: OK
-          schema:
-            items:
-              $ref: '#/definitions/Event'
-            type: array
-        "403":
-          description: 'Forbidden: unauthorized'
-          schema:
-            $ref: '#/definitions/ErrorResponse'
-        "500":
-          description: 'Internal Server Error: internal error'
-          schema:
-            $ref: '#/definitions/ErrorResponse'
-      summary: Get events history
-      tags:
-      - v1
-      x-id: events
   /favicon:
     get:
       consumes:
@@ -2757,10 +2707,6 @@ paths:
           description: Forbidden
           schema:
             $ref: '#/definitions/ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/ErrorResponse'
       summary: List homepage categories
       tags:
       - homepage
@@ -2838,10 +2784,6 @@ paths:
           description: Forbidden
           schema:
             $ref: '#/definitions/ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/ErrorResponse'
       summary: Homepage items
       tags:
       - homepage
@@ -3848,6 +3790,30 @@ paths:
       - proxmox
       - websocket
       x-id: tail
+  /reload:
+    post:
+      consumes:
+      - application/json
+      description: Reload config
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/SuccessResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/ErrorResponse'
+      summary: Reload config
+      tags:
+      - v1
+      x-id: reload
   /route/{which}:
     get:
       consumes:

internal/api/v1/events.go

@@ -1,44 +0,0 @@
-package v1
-
-import (
-	"context"
-	"errors"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	apitypes "github.com/yusing/goutils/apitypes"
-	"github.com/yusing/goutils/events"
-	"github.com/yusing/goutils/http/httpheaders"
-	"github.com/yusing/goutils/http/websocket"
-)
-
-// @x-id			"events"
-// @BasePath	/api/v1
-// @Summary		Get events history
-// @Tags			v1
-// @Accept		json
-// @Produce		json
-// @Success		200		{array}		events.Event
-// @Failure		403		{object}	apitypes.ErrorResponse "Forbidden: unauthorized"
-// @Failure		500		{object}	apitypes.ErrorResponse "Internal Server Error: internal error"
-// @Router			/events [get]
-func Events(c *gin.Context) {
-	if !httpheaders.IsWebsocket(c.Request.Header) {
-		c.JSON(http.StatusOK, events.Global.Get())
-		return
-	}
-
-	manager, err := websocket.NewManagerWithUpgrade(c)
-	if err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to upgrade to websocket"))
-		return
-	}
-	defer manager.Close()
-
-	writer := manager.NewWriter(websocket.TextMessage)
-	err = events.Global.ListenJSON(c.Request.Context(), writer)
-	if err != nil && !errors.Is(err, context.Canceled) {
-		c.Error(apitypes.InternalServerError(err, "failed to listen to events"))
-		return
-	}
-}

internal/api/v1/favicon.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage/icons"
 	iconfetch "github.com/yusing/godoxy/internal/homepage/icons/fetch"
+	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 
 	_ "unsafe"
@@ -73,11 +73,7 @@ func FavIcon(c *gin.Context) {
 //go:linkname GetFavIconFromAlias v1.GetFavIconFromAlias
 func GetFavIconFromAlias(ctx context.Context, alias string, variant icons.Variant) (iconfetch.Result, error) {
 	// try with route.Icon
-	ep := entrypoint.FromCtx(ctx)
-	if ep == nil { // impossible, but just in case
-		return iconfetch.FetchResultWithErrorf(http.StatusInternalServerError, "entrypoint not initialized")
-	}
-	r, ok := ep.HTTPRoutes().Get(alias)
+	r, ok := routes.HTTP.Get(alias)
 	if !ok {
 		return iconfetch.FetchResultWithErrorf(http.StatusNotFound, "route not found")
 	}

internal/api/v1/file/validate.go

@@ -51,7 +51,7 @@ func Validate(c *gin.Context) {
 	c.JSON(http.StatusOK, apitypes.Success("file validated"))
 }
 
-func validateFile(fileType FileType, content []byte) error {
+func validateFile(fileType FileType, content []byte) gperr.Error {
 	switch fileType {
 	case FileTypeConfig:
 		return config.Validate(content)

internal/api/v1/health.go

@@ -5,14 +5,12 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
-	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/apitypes"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
-)
 
-type HealthMap = map[string]types.HealthInfoWithoutDetail // @name HealthMap
+	_ "github.com/yusing/goutils/apitypes"
+)
 
 // @x-id				"health"
 // @BasePath		/api/v1
@@ -21,21 +19,16 @@ type HealthMap = map[string]types.HealthInfoWithoutDetail // @name HealthMap
 // @Tags			v1,websocket
 // @Accept			json
 // @Produce		json
-// @Success		200	{object}	HealthMap "Health info by route name"
+// @Success		200	{object}	routes.HealthMap "Health info by route name"
 // @Failure		403	{object}	apitypes.ErrorResponse
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/health [get]
 func Health(c *gin.Context) {
-	ep := entrypoint.FromCtx(c.Request.Context())
-	if ep == nil { // impossible, but just in case
-		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
-		return
-	}
 	if httpheaders.IsWebsocket(c.Request.Header) {
 		websocket.PeriodicWrite(c, 1*time.Second, func() (any, error) {
-			return ep.GetHealthInfoWithoutDetail(), nil
+			return routes.GetHealthInfoSimple(), nil
 		})
 	} else {
-		c.JSON(http.StatusOK, ep.GetHealthInfoWithoutDetail())
+		c.JSON(http.StatusOK, routes.GetHealthInfoSimple())
 	}
 }

internal/api/v1/homepage/categories.go

@@ -4,10 +4,10 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage"
+	"github.com/yusing/godoxy/internal/route/routes"
 
-	apitypes "github.com/yusing/goutils/apitypes"
+	_ "github.com/yusing/goutils/apitypes"
 )
 
 // @x-id				"categories"
@@ -19,23 +19,17 @@ import (
 // @Produce		json
 // @Success		200	{array}		string
 // @Failure		403	{object}	apitypes.ErrorResponse
-// @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/homepage/categories [get]
 func Categories(c *gin.Context) {
-	ep := entrypoint.FromCtx(c.Request.Context())
-	if ep == nil { // impossible, but just in case
-		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
-		return
-	}
-	c.JSON(http.StatusOK, HomepageCategories(ep))
+	c.JSON(http.StatusOK, HomepageCategories())
 }
 
-func HomepageCategories(ep entrypoint.Entrypoint) []string {
+func HomepageCategories() []string {
 	check := make(map[string]struct{})
 	categories := make([]string, 0)
 	categories = append(categories, homepage.CategoryAll)
 	categories = append(categories, homepage.CategoryFavorites)
-	for _, r := range ep.HTTPRoutes().Iter {
+	for _, r := range routes.HTTP.Iter {
 		item := r.HomepageItem()
 		if item.Category == "" {
 			continue

internal/api/v1/homepage/items.go

@@ -10,8 +10,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/lithammer/fuzzysearch/fuzzy"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage"
+	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
@@ -36,7 +36,6 @@ type HomepageItemsRequest struct {
 // @Success		200			{object}	homepage.Homepage
 // @Failure		400			{object}	apitypes.ErrorResponse
 // @Failure		403			{object}	apitypes.ErrorResponse
-// @Failure		500			{object}	apitypes.ErrorResponse
 // @Router			/homepage/items [get]
 func Items(c *gin.Context) {
 	var request HomepageItemsRequest
@@ -54,35 +53,29 @@ func Items(c *gin.Context) {
 		hostname = host
 	}
 
-	ep := entrypoint.FromCtx(c.Request.Context())
-	if ep == nil {
-		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not found in context", nil))
-		return
-	}
-
 	if httpheaders.IsWebsocket(c.Request.Header) {
 		websocket.PeriodicWrite(c, 2*time.Second, func() (any, error) {
-			return HomepageItems(ep, proto, hostname, &request), nil
+			return HomepageItems(proto, hostname, &request), nil
 		})
 	} else {
-		c.JSON(http.StatusOK, HomepageItems(ep, proto, hostname, &request))
+		c.JSON(http.StatusOK, HomepageItems(proto, hostname, &request))
 	}
 }
 
-func HomepageItems(ep entrypoint.Entrypoint, proto, hostname string, request *HomepageItemsRequest) homepage.Homepage {
+func HomepageItems(proto, hostname string, request *HomepageItemsRequest) homepage.Homepage {
 	switch proto {
 	case "http", "https":
 	default:
 		proto = "http"
 	}
 
-	hp := homepage.NewHomepageMap(ep.HTTPRoutes().Size())
+	hp := homepage.NewHomepageMap(routes.HTTP.Size())
 
 	if strings.Count(hostname, ".") > 1 {
 		_, hostname, _ = strings.Cut(hostname, ".") // remove the subdomain
 	}
 
-	for _, r := range ep.HTTPRoutes().Iter {
+	for _, r := range routes.HTTP.Iter {
 		if request.Provider != "" && r.ProviderName() != request.Provider {
 			continue
 		}

internal/api/v1/metrics/all_system_info.go

@@ -7,7 +7,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -113,7 +112,7 @@ func AllSystemInfo(c *gin.Context) {
 			data, err := systeminfo.Poller.GetRespData(req.Period, query)
 			if err != nil {
 				numErrs.Add(1)
-				return gperr.PrependSubject(err, "Main server")
+				return gperr.PrependSubject("Main server", err)
 			}
 			select {
 			case <-manager.Done():
@@ -133,7 +132,7 @@ func AllSystemInfo(c *gin.Context) {
 				data, err := getAgentSystemInfoWithRetry(manager.Context(), a, queryEncoded)
 				if err != nil {
 					numErrs.Add(1)
-					return gperr.PrependSubject(err, "Agent "+a.Name)
+					return gperr.PrependSubject("Agent "+a.Name, err)
 				}
 				select {
 				case <-manager.Done():
@@ -170,7 +169,7 @@ func AllSystemInfo(c *gin.Context) {
 					c.Error(apitypes.InternalServerError(err, "failed to get all system info"))
 					return
 				}
-				log.Warn().Err(err).Msg("failed to get some system info")
+				gperr.LogWarn("failed to get some system info", err)
 			}
 		}
 	}
@@ -237,7 +236,7 @@ func marshalSystemInfo(ws *websocket.Manager, agentName string, systemInfo any)
 		defer bufFromPool.release(bufFromPool.RawMessage)
 	}
 
-	err := sonic.ConfigDefault.NewEncoder(buf).Encode(map[string]any{
+	err := json.NewEncoder(buf).Encode(map[string]any{
 		agentName: systemInfo,
 	})
 	if err != nil {

internal/api/v1/proxmox/common.go

@@ -2,5 +2,5 @@ package proxmoxapi
 
 type ActionRequest struct {
 	Node string `uri:"node" binding:"required"`
-	VMID uint64 `uri:"vmid" binding:"required"`
+	VMID int    `uri:"vmid" binding:"required"`
 } //	@name	ProxmoxVMActionRequest

internal/api/v1/proxmox/stats.go

@@ -11,7 +11,10 @@ import (
 	"github.com/yusing/goutils/http/websocket"
 )
 
-type StatsRequest ActionRequest
+type StatsRequest struct {
+	Node string `uri:"node" binding:"required"`
+	VMID int    `uri:"vmid" binding:"required"`
+}
 
 // @x-id			"nodeStats"
 // @BasePath	/api/v1

internal/api/v1/reload.go

@@ -0,0 +1,28 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/yusing/godoxy/internal/config"
+	apitypes "github.com/yusing/goutils/apitypes"
+)
+
+// @x-id				"reload"
+// @BasePath		/api/v1
+// @Summary		Reload config
+// @Description	Reload config
+// @Tags			v1
+// @Accept			json
+// @Produce		json
+// @Success		200	{object}	apitypes.SuccessResponse
+// @Failure		403	{object}	apitypes.ErrorResponse
+// @Failure		500	{object}	apitypes.ErrorResponse
+// @Router			/reload [post]
+func Reload(c *gin.Context) {
+	if err := config.Reload(); err != nil {
+		c.Error(apitypes.InternalServerError(err, "failed to reload config"))
+		return
+	}
+	c.JSON(http.StatusOK, apitypes.Success("config reloaded"))
+}

internal/api/v1/route/by_provider.go

@@ -4,10 +4,10 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
+	"github.com/yusing/godoxy/internal/route/routes"
 
-	apitypes "github.com/yusing/goutils/apitypes"
+	_ "github.com/yusing/goutils/apitypes"
 )
 
 type RoutesByProvider map[string][]route.Route
@@ -24,10 +24,5 @@ type RoutesByProvider map[string][]route.Route
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/route/by_provider [get]
 func ByProvider(c *gin.Context) {
-	ep := entrypoint.FromCtx(c.Request.Context())
-	if ep == nil { // impossible, but just in case
-		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
-		return
-	}
-	c.JSON(http.StatusOK, ep.RoutesByProvider())
+	c.JSON(http.StatusOK, routes.ByProvider())
 }

internal/api/v1/route/playground.go

@@ -1,7 +1,6 @@
 package routeApi
 
 import (
-	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -55,16 +54,16 @@ type PlaygroundResponse struct {
 	MatchedRules   []string      `json:"matchedRules"`
 	FinalRequest   FinalRequest  `json:"finalRequest"`
 	FinalResponse  FinalResponse `json:"finalResponse"`
-	ExecutionError error         `json:"executionError,omitempty"` // we need the structured error, not the plain string
+	ExecutionError gperr.Error   `json:"executionError,omitempty"`
 	UpstreamCalled bool          `json:"upstreamCalled"`
 } // @name PlaygroundResponse
 
 type ParsedRule struct {
-	Name            string `json:"name"`
-	On              string `json:"on"`
-	Do              string `json:"do"`
-	ValidationError error  `json:"validationError,omitempty"` // we need the structured error, not the plain string
-	IsResponseRule  bool   `json:"isResponseRule"`
+	Name            string      `json:"name"`
+	On              string      `json:"on"`
+	Do              string      `json:"do"`
+	ValidationError gperr.Error `json:"validationError,omitempty"`
+	IsResponseRule  bool        `json:"isResponseRule"`
 } // @name ParsedRule
 
 type FinalRequest struct {
@@ -139,7 +138,7 @@ func Playground(c *gin.Context) {
 	// Execute rules
 	matchedRules := []string{}
 	upstreamCalled := false
-	var executionError error
+	var executionError gperr.Error
 
 	// Variables to capture modified request state
 	var finalReqMethod, finalReqPath, finalReqHost string
@@ -245,22 +244,20 @@ func Playground(c *gin.Context) {
 	c.JSON(http.StatusOK, response)
 }
 
-func handlerWithRecover(w http.ResponseWriter, r *http.Request, h http.HandlerFunc, outErr *error) {
+func handlerWithRecover(w http.ResponseWriter, r *http.Request, h http.HandlerFunc, outErr *gperr.Error) {
 	defer func() {
 		if r := recover(); r != nil {
 			if outErr != nil {
-				*outErr = fmt.Errorf("panic during rule execution: %v", r)
+				*outErr = gperr.Errorf("panic during rule execution: %v", r)
 			}
 		}
 	}()
 	h(w, r)
 }
 
-func parseRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, error) {
-	parsedRules := make([]ParsedRule, 0, len(rawRules))
-	rulesList := make(rules.Rules, 0, len(rawRules))
-
-	var valErrs gperr.Builder
+func parseRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, gperr.Error) {
+	var parsedRules []ParsedRule
+	var rulesList rules.Rules
 
 	// Parse each rule individually to capture per-rule errors
 	for _, rawRule := range rawRules {
@@ -287,11 +284,7 @@ func parseRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, error) {
 
 		// Determine if valid
 		isValid := onErr == nil && doErr == nil
-		var validationErr error
-		if !isValid {
-			validationErr = gperr.Join(gperr.PrependSubject(onErr, "on"), gperr.PrependSubject(doErr, "do"))
-			valErrs.Add(validationErr)
-		}
+		validationErr := gperr.Join(gperr.PrependSubject("on", onErr), gperr.PrependSubject("do", doErr))
 
 		parsedRules = append(parsedRules, ParsedRule{
 			Name:            name,
@@ -307,7 +300,7 @@ func parseRules(rawRules []RawRule) ([]ParsedRule, rules.Rules, error) {
 		}
 	}
 
-	return parsedRules, rulesList, valErrs.Error()
+	return parsedRules, rulesList, nil
 }
 
 func createMockRequest(mock MockRequest) *http.Request {

internal/api/v1/route/playground_test.go

@@ -79,7 +79,7 @@ func TestPlayground(t *testing.T) {
 				if len(resp.MatchedRules) != 1 {
 					t.Errorf("expected 1 matched rule, got %d", len(resp.MatchedRules))
 				}
-				if resp.FinalResponse.StatusCode != http.StatusForbidden {
+				if resp.FinalResponse.StatusCode != 403 {
 					t.Errorf("expected status 403, got %d", resp.FinalResponse.StatusCode)
 				}
 				if resp.UpstreamCalled {
@@ -168,7 +168,7 @@ func TestPlayground(t *testing.T) {
 				if len(resp.MatchedRules) != 1 {
 					t.Errorf("expected 1 matched rule, got %d", len(resp.MatchedRules))
 				}
-				if resp.FinalResponse.StatusCode != http.StatusMethodNotAllowed {
+				if resp.FinalResponse.StatusCode != 405 {
 					t.Errorf("expected status 405, got %d", resp.FinalResponse.StatusCode)
 				}
 			},
@@ -179,7 +179,7 @@ func TestPlayground(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			// Create request
 			body, _ := json.Marshal(tt.request)
-			req := httptest.NewRequest(http.MethodPost, "/api/v1/route/playground", bytes.NewReader(body))
+			req := httptest.NewRequest("POST", "/api/v1/route/playground", bytes.NewReader(body))
 			req.Header.Set("Content-Type", "application/json")
 
 			// Create response recorder
@@ -214,7 +214,7 @@ func TestPlayground(t *testing.T) {
 func TestPlaygroundInvalidRequest(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 
-	req := httptest.NewRequest(http.MethodPost, "/api/v1/route/playground", bytes.NewReader([]byte(`{}`)))
+	req := httptest.NewRequest("POST", "/api/v1/route/playground", bytes.NewReader([]byte(`{}`)))
 	req.Header.Set("Content-Type", "application/json")
 
 	w := httptest.NewRecorder()

internal/api/v1/route/route.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
+	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
@@ -32,13 +32,7 @@ func Route(c *gin.Context) {
 		return
 	}
 
-	ep := entrypoint.FromCtx(c.Request.Context())
-	if ep == nil { // impossible, but just in case
-		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
-		return
-	}
-
-	route, ok := ep.GetRoute(request.Which)
+	route, ok := routes.GetIncludeExcluded(request.Which)
 	if ok {
 		c.JSON(http.StatusOK, route)
 		return

internal/api/v1/route/routes.go

@@ -6,8 +6,8 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
@@ -32,16 +32,14 @@ func Routes(c *gin.Context) {
 		return
 	}
 
-	ep := entrypoint.FromCtx(c.Request.Context())
-
 	provider := c.Query("provider")
 	if provider == "" {
-		c.JSON(http.StatusOK, slices.Collect(ep.IterRoutes))
+		c.JSON(http.StatusOK, slices.Collect(routes.IterAll))
 		return
 	}
 
-	rts := make([]types.Route, 0, ep.NumRoutes())
-	for r := range ep.IterRoutes {
+	rts := make([]types.Route, 0, routes.NumAllRoutes())
+	for r := range routes.IterAll {
 		if r.ProviderName() == provider {
 			rts = append(rts, r)
 		}
@@ -50,19 +48,17 @@ func Routes(c *gin.Context) {
 }
 
 func RoutesWS(c *gin.Context) {
-	ep := entrypoint.FromCtx(c.Request.Context())
-
 	provider := c.Query("provider")
 	if provider == "" {
 		websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-			return slices.Collect(ep.IterRoutes), nil
+			return slices.Collect(routes.IterAll), nil
 		})
 		return
 	}
 
 	websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-		rts := make([]types.Route, 0, ep.NumRoutes())
-		for r := range ep.IterRoutes {
+		rts := make([]types.Route, 0, routes.NumAllRoutes())
+		for r := range routes.IterAll {
 			if r.ProviderName() == provider {
 				rts = append(rts, r)
 			}

internal/auth/oauth_refresh.go

@@ -135,7 +135,7 @@ func (auth *OIDCProvider) setSessionTokenCookie(w http.ResponseWriter, r *http.R
 
 func (auth *OIDCProvider) parseSessionJWT(sessionJWT string) (claims *sessionClaims, valid bool, err error) {
 	claims = &sessionClaims{}
-	sessionToken, err := jwt.ParseWithClaims(sessionJWT, claims, func(t *jwt.Token) (any, error) {
+	sessionToken, err := jwt.ParseWithClaims(sessionJWT, claims, func(t *jwt.Token) (interface{}, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}

internal/auth/oidc.go

@@ -17,6 +17,7 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/utils"
+	gperr "github.com/yusing/goutils/errs"
 	httputils "github.com/yusing/goutils/http"
 	"golang.org/x/oauth2"
 	"golang.org/x/time/rate"
@@ -75,8 +76,8 @@ const (
 var (
 	errMissingIDToken = errors.New("missing id_token field from oauth token")
 
-	ErrMissingOAuthToken = errors.New("missing oauth token")
-	ErrInvalidOAuthToken = errors.New("invalid oauth token")
+	ErrMissingOAuthToken = gperr.New("missing oauth token")
+	ErrInvalidOAuthToken = gperr.New("invalid oauth token")
 )
 
 // generateState generates a random string for OIDC state.

internal/auth/userpass.go

@@ -1,20 +1,23 @@
 package auth
 
 import (
-	"errors"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
 
-	"github.com/bytedance/sonic"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/yusing/godoxy/internal/common"
+	gperr "github.com/yusing/goutils/errs"
 	httputils "github.com/yusing/goutils/http"
 	strutils "github.com/yusing/goutils/strings"
 	"golang.org/x/crypto/bcrypt"
 )
 
-var ErrInvalidUsername = errors.New("invalid username")
+var (
+	ErrInvalidUsername = gperr.New("invalid username")
+	ErrInvalidPassword = gperr.New("invalid password")
+)
 
 type (
 	UserPassAuth struct {
@@ -24,9 +27,8 @@ type (
 		tokenTTL time.Duration
 	}
 	UserPassClaims struct {
-		jwt.RegisteredClaims
-
 		Username string `json:"username"`
+		jwt.RegisteredClaims
 	}
 )
 
@@ -79,7 +81,7 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
 		return ErrMissingSessionToken
 	}
 	var claims UserPassClaims
-	token, err := jwt.ParseWithClaims(jwtCookie.Value, &claims, func(t *jwt.Token) (any, error) {
+	token, err := jwt.ParseWithClaims(jwtCookie.Value, &claims, func(t *jwt.Token) (interface{}, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}
@@ -92,9 +94,9 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
 	case !token.Valid:
 		return ErrInvalidSessionToken
 	case claims.Username != auth.username:
-		return fmt.Errorf("%w: %s", ErrUserNotAllowed, claims.Username)
+		return ErrUserNotAllowed.Subject(claims.Username)
 	case claims.ExpiresAt.Before(time.Now()):
-		return fmt.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
+		return gperr.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
 	}
 
 	return nil
@@ -107,7 +109,7 @@ type UserPassAuthCallbackRequest struct {
 
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	var creds UserPassAuthCallbackRequest
-	err := sonic.ConfigDefault.NewDecoder(r.Body).Decode(&creds)
+	err := json.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
 		http.Error(w, "invalid request", http.StatusBadRequest)
 		return
@@ -137,12 +139,11 @@ func (auth *UserPassAuth) LogoutHandler(w http.ResponseWriter, r *http.Request)
 }
 
 func (auth *UserPassAuth) validatePassword(user, pass string) error {
-	// always perform bcrypt comparison to avoid timing attacks
-	if err := bcrypt.CompareHashAndPassword(auth.pwdHash, []byte(pass)); err != nil {
-		return err
-	}
 	if user != auth.username {
-		return ErrInvalidUsername
+		return ErrInvalidUsername.Subject(user)
+	}
+	if err := bcrypt.CompareHashAndPassword(auth.pwdHash, []byte(pass)); err != nil {
+		return ErrInvalidPassword.With(err).Subject(pass)
 	}
 	return nil
 }

internal/auth/userpass_test.go

@@ -27,7 +27,7 @@ func TestUserPassValidateCredentials(t *testing.T) {
 	err := auth.validatePassword("username", "password")
 	expect.NoError(t, err)
 	err = auth.validatePassword("username", "wrong-password")
-	expect.ErrorIs(t, bcrypt.ErrMismatchedHashAndPassword, err)
+	expect.ErrorIs(t, ErrInvalidPassword, err)
 	err = auth.validatePassword("wrong-username", "password")
 	expect.ErrorIs(t, ErrInvalidUsername, err)
 }

internal/auth/utils.go

@@ -1,20 +1,20 @@
 package auth
 
 import (
-	"errors"
 	"net"
 	"net/http"
 	"strings"
 	"time"
 
 	"github.com/yusing/godoxy/internal/common"
+	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 )
 
 var (
-	ErrMissingSessionToken = errors.New("missing session token")
-	ErrInvalidSessionToken = errors.New("invalid session token")
-	ErrUserNotAllowed      = errors.New("user not allowed")
+	ErrMissingSessionToken = gperr.New("missing session token")
+	ErrInvalidSessionToken = gperr.New("invalid session token")
+	ErrUserNotAllowed      = gperr.New("user not allowed")
 )
 
 func IsFrontend(r *http.Request) bool {

internal/autocert/config.go

@@ -66,13 +66,13 @@ const (
 
 var domainOrWildcardRE = regexp.MustCompile(`^\*?([^.]+\.)+[^.]+$`)
 
-// Validate implements the serialization.CustomValidator interface.
-func (cfg *Config) Validate() error {
+// Validate implements the utils.CustomValidator interface.
+func (cfg *Config) Validate() gperr.Error {
 	seenPaths := make(map[string]int) // path -> provider idx (0 for main, 1+ for extras)
 	return cfg.validate(seenPaths)
 }
 
-func (cfg *ConfigExtra) Validate() error {
+func (cfg *ConfigExtra) Validate() gperr.Error {
 	return nil // done by main config's validate
 }
 
@@ -80,7 +80,7 @@ func (cfg *ConfigExtra) AsConfig() *Config {
 	return (*Config)(cfg)
 }
 
-func (cfg *Config) validate(seenPaths map[string]int) error {
+func (cfg *Config) validate(seenPaths map[string]int) gperr.Error {
 	if cfg.Provider == "" {
 		cfg.Provider = ProviderLocal
 	}
@@ -157,7 +157,7 @@ func (cfg *Config) validate(seenPaths map[string]int) error {
 			cfg.Extra[i].AsConfig().idx = i + 1
 			err := cfg.Extra[i].AsConfig().validate(seenPaths)
 			if err != nil {
-				b.AddSubjectf(err, "extra[%d]", i)
+				b.Add(err.Subjectf("extra[%d]", i))
 			}
 		}
 	}
@@ -179,10 +179,10 @@ func (cfg *Config) GetLegoConfig() (*User, *lego.Config, error) {
 			log.Info().Err(err).Msg("failed to load ACME private key, generating a now one")
 			privKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 			if err != nil {
-				return nil, nil, fmt.Errorf("generate ACME private key: %w", err)
+				return nil, nil, gperr.New("generate ACME private key").With(err)
 			}
 			if err = cfg.SaveACMEKey(privKey); err != nil {
-				return nil, nil, fmt.Errorf("save ACME private key: %w", err)
+				return nil, nil, gperr.New("save ACME private key").With(err)
 			}
 		}
 	}
@@ -206,7 +206,7 @@ func (cfg *Config) GetLegoConfig() (*User, *lego.Config, error) {
 	if len(cfg.CACerts) > 0 {
 		certPool, err := lego.CreateCertPool(cfg.CACerts, true)
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to create cert pool: %w", err)
+			return nil, nil, gperr.New("failed to create cert pool").With(err)
 		}
 		legoCfg.HTTPClient.Transport.(*http.Transport).TLSClientConfig.RootCAs = certPool
 	}

internal/autocert/provider.go

@@ -22,7 +22,6 @@ import (
 	"github.com/go-acme/lego/v4/registration"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
-	autocert "github.com/yusing/godoxy/internal/autocert/types"
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/notif"
 	gperr "github.com/yusing/goutils/errs"
@@ -57,6 +56,15 @@ type (
 
 	CertExpiries map[string]time.Time
 
+	CertInfo struct {
+		Subject        string   `json:"subject"`
+		Issuer         string   `json:"issuer"`
+		NotBefore      int64    `json:"not_before"`
+		NotAfter       int64    `json:"not_after"`
+		DNSNames       []string `json:"dns_names"`
+		EmailAddresses []string `json:"email_addresses"`
+	} // @name CertInfo
+
 	RenewMode uint8
 )
 
@@ -74,6 +82,9 @@ const (
 	renewModeIfNeeded
 )
 
+// could be nil
+var ActiveProvider atomic.Pointer[Provider]
+
 func NewProvider(cfg *Config, user *User, legoCfg *lego.Config) (*Provider, error) {
 	p := &Provider{
 		cfg:             cfg,
@@ -108,14 +119,14 @@ func (p *Provider) GetCert(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
 	return p.tlsCert, nil
 }
 
-func (p *Provider) GetCertInfos() ([]autocert.CertInfo, error) {
+func (p *Provider) GetCertInfos() ([]CertInfo, error) {
 	allProviders := p.allProviders()
-	certInfos := make([]autocert.CertInfo, 0, len(allProviders))
+	certInfos := make([]CertInfo, 0, len(allProviders))
 	for _, provider := range allProviders {
 		if provider.tlsCert == nil {
 			continue
 		}
-		certInfos = append(certInfos, autocert.CertInfo{
+		certInfos = append(certInfos, CertInfo{
 			Subject:        provider.tlsCert.Leaf.Subject.CommonName,
 			Issuer:         provider.tlsCert.Leaf.Issuer.CommonName,
 			NotBefore:      provider.tlsCert.Leaf.NotBefore.Unix(),
@@ -139,7 +150,7 @@ func (p *Provider) GetName() string {
 }
 
 func (p *Provider) fmtError(err error) error {
-	return gperr.PrependSubject(err, "provider: "+p.GetName())
+	return gperr.PrependSubject(fmt.Sprintf("provider: %s", p.GetName()), err)
 }
 
 func (p *Provider) GetCertPath() string {
@@ -205,7 +216,7 @@ func (p *Provider) ObtainCertIfNotExistsAll() error {
 	for _, provider := range p.allProviders() {
 		errs.Go(func() error {
 			if err := provider.obtainCertIfNotExists(); err != nil {
-				return gperr.PrependSubject(err, provider.GetName())
+				return fmt.Errorf("failed to obtain cert for %s: %w", provider.GetName(), err)
 			}
 			return nil
 		})
@@ -246,7 +257,7 @@ func (p *Provider) ObtainCertAll() error {
 	for _, provider := range p.allProviders() {
 		errs.Go(func() error {
 			if err := provider.obtainCertIfNotExists(); err != nil {
-				return gperr.PrependSubject(err, provider.GetName())
+				return fmt.Errorf("failed to obtain cert for %s: %w", provider.GetName(), err)
 			}
 			return nil
 		})
@@ -464,10 +475,10 @@ func (p *Provider) scheduleRenewal(parent task.Parent) {
 
 		renewed, err := p.renew(renewMode)
 		if err != nil {
-			log.Warn().Err(p.fmtError(err)).Msg("autocert: cert renew failed")
+			gperr.LogWarn("autocert: cert renew failed", p.fmtError(err))
 			notif.Notify(&notif.LogMessage{
 				Level: zerolog.ErrorLevel,
-				Title: "SSL certificate renewal failed for " + p.GetName(),
+				Title: fmt.Sprintf("SSL certificate renewal failed for %s", p.GetName()),
 				Body:  notif.MessageBody(err.Error()),
 			})
 			return
@@ -477,13 +488,13 @@ func (p *Provider) scheduleRenewal(parent task.Parent) {
 
 			notif.Notify(&notif.LogMessage{
 				Level: zerolog.InfoLevel,
-				Title: "SSL certificate renewed for " + p.GetName(),
+				Title: fmt.Sprintf("SSL certificate renewed for %s", p.GetName()),
 				Body:  notif.ListBody(p.cfg.Domains),
 			})
 
 			// Reset on success
 			if err := p.ClearLastFailure(); err != nil {
-				log.Warn().Err(p.fmtError(err)).Msg("autocert: failed to clear last failure")
+				gperr.LogWarn("autocert: failed to clear last failure", p.fmtError(err))
 			}
 			timer.Reset(time.Until(p.ShouldRenewOn()))
 		}

internal/autocert/providers.go

@@ -3,10 +3,11 @@ package autocert
 import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/yusing/godoxy/internal/serialization"
+	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 )
 
-type Generator func(map[string]strutils.Redacted) (challenge.Provider, error)
+type Generator func(map[string]strutils.Redacted) (challenge.Provider, gperr.Error)
 
 var Providers = make(map[string]Generator)
 
@@ -14,7 +15,7 @@ func DNSProvider[CT any, PT challenge.Provider](
 	defaultCfg func() *CT,
 	newProvider func(*CT) (PT, error),
 ) Generator {
-	return func(opt map[string]strutils.Redacted) (challenge.Provider, error) {
+	return func(opt map[string]strutils.Redacted) (challenge.Provider, gperr.Error) {
 		cfg := defaultCfg()
 		if len(opt) > 0 {
 			err := serialization.MapUnmarshalValidate(serialization.ToSerializedObject(opt), &cfg)
@@ -23,6 +24,6 @@ func DNSProvider[CT any, PT challenge.Provider](
 			}
 		}
 		p, pErr := newProvider(cfg)
-		return p, pErr
+		return p, gperr.Wrap(pErr)
 	}
 }

internal/autocert/setup.go

@@ -4,7 +4,7 @@ import (
 	gperr "github.com/yusing/goutils/errs"
 )
 
-func (p *Provider) setupExtraProviders() error {
+func (p *Provider) setupExtraProviders() gperr.Error {
 	p.sniMatcher = sniMatcher{}
 	if len(p.cfg.Extra) == 0 {
 		return nil

internal/autocert/types/cert_info.go

@@ -1,10 +0,0 @@
-package autocert
-
-type CertInfo struct {
-	Subject        string   `json:"subject"`
-	Issuer         string   `json:"issuer"`
-	NotBefore      int64    `json:"not_before"`
-	NotAfter       int64    `json:"not_after"`
-	DNSNames       []string `json:"dns_names"`
-	EmailAddresses []string `json:"email_addresses"`
-} // @name CertInfo

internal/autocert/types/context.go

@@ -1,16 +0,0 @@
-package autocert
-
-import "context"
-
-type ContextKey struct{}
-
-func SetCtx(ctx interface{ SetValue(key, value any) }, p Provider) {
-	ctx.SetValue(ContextKey{}, p)
-}
-
-func FromCtx(ctx context.Context) Provider {
-	if provider, ok := ctx.Value(ContextKey{}).(Provider); ok {
-		return provider
-	}
-	return nil
-}

internal/autocert/types/provider.go

@@ -1,17 +1,14 @@
 package autocert
 
 import (
-	"context"
 	"crypto/tls"
 
 	"github.com/yusing/goutils/task"
 )
 
 type Provider interface {
-	GetCert(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
-	GetCertInfos() ([]CertInfo, error)
-	ScheduleRenewalAll(parent task.Parent)
+	Setup() error
+	GetCert(*tls.ClientHelloInfo) (*tls.Certificate, error)
+	ScheduleRenewalAll(task.Parent)
 	ObtainCertAll() error
-	ForceExpiryAll() bool
-	WaitRenewalDone(ctx context.Context) bool
 }

internal/config/README.md

@@ -54,7 +54,7 @@ type State interface {
     Task() *task.Task
     Context() context.Context
     Value() *Config
-    Entrypoint() entrypoint.Entrypoint
+    EntrypointHandler() http.Handler
     ShortLinkMatcher() config.ShortLinkMatcher
     AutoCertProvider() server.CertProvider
     LoadOrStoreProvider(key string, value types.RouteProvider) (actual types.RouteProvider, loaded bool)
@@ -62,12 +62,6 @@ type State interface {
     IterProviders() iter.Seq2[string, types.RouteProvider]
     StartProviders() error
     NumProviders() int
-
-    // Lifecycle management
-    StartAPIServers()
-    StartMetrics()
-
-    FlushTmpLog()
 }
 ```
 
@@ -220,15 +214,12 @@ Configuration supports hot-reloading via editing `config/config.yml`.
 
 - `internal/acl` - Access control configuration
 - `internal/autocert` - SSL certificate management
-- `internal/entrypoint` - HTTP entrypoint setup (now via interface)
+- `internal/entrypoint` - HTTP entrypoint setup
 - `internal/route/provider` - Route providers (Docker, file, agent)
 - `internal/maxmind` - GeoIP configuration
 - `internal/notif` - Notification providers
 - `internal/proxmox` - LXC container management
 - `internal/homepage/types` - Dashboard configuration
-- `internal/api` - REST API servers
-- `internal/metrics/systeminfo` - System metrics polling
-- `internal/metrics/uptime` - Uptime tracking
 - `github.com/yusing/goutils/task` - Object lifecycle management
 
 ### External dependencies
@@ -321,8 +312,5 @@ for name, provider := range config.GetState().IterProviders() {
 
 ```go
 state := config.GetState()
-// Get entrypoint interface for route management
-ep := state.Entrypoint()
-// Add routes directly to entrypoint
-ep.AddRoute(route)
+http.Handle("/", state.EntrypointHandler())
 ```

internal/config/events.go

@@ -7,15 +7,14 @@ import (
 	"time"
 
 	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/notif"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/watcher"
-	watcherEvents "github.com/yusing/godoxy/internal/watcher/events"
+	"github.com/yusing/godoxy/internal/watcher/events"
 	gperr "github.com/yusing/goutils/errs"
-	"github.com/yusing/goutils/eventqueue"
-	"github.com/yusing/goutils/events"
+	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/strings/ansi"
 	"github.com/yusing/goutils/task"
 )
@@ -27,29 +26,29 @@ var (
 
 const configEventFlushInterval = 500 * time.Millisecond
 
-var (
-	errCfgRenameWarn = errors.New("config file renamed, not reloading; Make sure you rename it back before next time you start")
-	errCfgDeleteWarn = errors.New(`config file deleted, not reloading; You may run "ls-config" to show or dump the current config`)
+const (
+	cfgRenameWarn = `Config file renamed, not reloading.
+Make sure you rename it back before next time you start.`
+	cfgDeleteWarn = `Config file deleted, not reloading.
+You may run "ls-config" to show or dump the current config.`
 )
 
 func logNotifyError(action string, err error) {
-	log.Error().Err(err).Msg("config " + action + " error")
+	gperr.LogError("config "+action+" error", err)
 	notif.Notify(&notif.LogMessage{
 		Level: zerolog.ErrorLevel,
 		Title: fmt.Sprintf("Config %s error", action),
 		Body:  notif.ErrorBody(err),
 	})
-	events.Global.Add(events.NewEvent(events.LevelError, "config", action, err))
 }
 
 func logNotifyWarn(action string, err error) {
-	log.Warn().Err(err).Msg("config " + action + " warning")
+	gperr.LogWarn("config "+action+" error", err)
 	notif.Notify(&notif.LogMessage{
 		Level: zerolog.WarnLevel,
 		Title: fmt.Sprintf("Config %s warning", action),
 		Body:  notif.ErrorBody(err),
 	})
-	events.Global.Add(events.NewEvent(events.LevelWarn, "config", action, err))
 }
 
 func Load() error {
@@ -61,29 +60,20 @@ func Load() error {
 
 	cfgWatcher = watcher.NewConfigFileWatcher(common.ConfigFileName)
 
-	initErr := state.InitFromFile(common.ConfigPath)
-	if initErr != nil {
-		// if error is critical, notify and return it without starting providers
-		if criticalErr, ok := errors.AsType[CriticalError](initErr); ok {
-			logNotifyError("init", criticalErr.err)
-			return criticalErr
-		}
-	}
-
 	// disable pool logging temporary since we already have pretty logging
-	state.Entrypoint().DisablePoolsLog(true)
+	routes.HTTP.DisableLog(true)
+	routes.Stream.DisableLog(true)
+
 	defer func() {
-		state.Entrypoint().DisablePoolsLog(false)
+		routes.HTTP.DisableLog(false)
+		routes.Stream.DisableLog(false)
 	}()
 
+	initErr := state.InitFromFile(common.ConfigPath)
 	err := errors.Join(initErr, state.StartProviders())
 	if err != nil {
 		logNotifyError("init", err)
 	}
-
-	state.StartAPIServers()
-	state.StartMetrics()
-
 	SetState(state)
 
 	// flush temporary log
@@ -91,9 +81,7 @@ func Load() error {
 	return nil
 }
 
-func Reload() error {
-	events.Global.Add(events.NewEvent(events.LevelInfo, "config", "reload", nil))
-
+func Reload() gperr.Error {
 	// avoid race between config change and API reload request
 	reloadMu.Lock()
 	defer reloadMu.Unlock()
@@ -120,35 +108,32 @@ func Reload() error {
 		logNotifyError("start providers", err)
 		return nil // continue
 	}
-
-	newState.StartAPIServers()
-	newState.StartMetrics()
+	StartProxyServers()
 	return nil
 }
 
 func WatchChanges() {
-	opts := eventqueue.Options[watcherEvents.Event]{
-		FlushInterval: configEventFlushInterval,
-		OnFlush:       OnConfigChange,
-		OnError: func(err error) {
+	t := task.RootTask("config_watcher", true)
+	eventQueue := events.NewEventQueue(
+		t,
+		configEventFlushInterval,
+		OnConfigChange,
+		func(err gperr.Error) {
 			logNotifyError("reload", err)
 		},
-		Debug: common.IsDebug,
-	}
-	t := task.RootTask("config_watcher", true)
-	eventQueue := eventqueue.New(t, opts)
+	)
 	eventQueue.Start(cfgWatcher.Events(t.Context()))
 }
 
-func OnConfigChange(ev []watcherEvents.Event) {
+func OnConfigChange(ev []events.Event) {
 	// no matter how many events during the interval
 	// just reload once and check the last event
 	switch ev[len(ev)-1].Action {
-	case watcherEvents.ActionFileRenamed:
-		logNotifyWarn("rename", errCfgRenameWarn)
+	case events.ActionFileRenamed:
+		logNotifyWarn("rename", errors.New(cfgRenameWarn))
 		return
-	case watcherEvents.ActionFileDeleted:
-		logNotifyWarn("delete", errCfgDeleteWarn)
+	case events.ActionFileDeleted:
+		logNotifyWarn("delete", errors.New(cfgDeleteWarn))
 		return
 	}
 
@@ -157,3 +142,16 @@ func OnConfigChange(ev []watcherEvents.Event) {
 		panic(err)
 	}
 }
+
+func StartProxyServers() {
+	cfg := GetState()
+	server.StartServer(cfg.Task(), server.Options{
+		Name:                 "proxy",
+		CertProvider:         cfg.AutoCertProvider(),
+		HTTPAddr:             common.ProxyHTTPAddr,
+		HTTPSAddr:            common.ProxyHTTPSAddr,
+		Handler:              cfg.EntrypointHandler(),
+		ACL:                  cfg.Value().ACL,
+		SupportProxyProtocol: cfg.Value().Entrypoint.SupportProxyProtocol,
+	})
+}

internal/config/state.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io/fs"
 	"iter"
+	"net/http"
 	"os"
 	"strconv"
 	"strings"
@@ -17,21 +18,14 @@ import (
 	"github.com/goccy/go-yaml"
 	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
-	acl "github.com/yusing/godoxy/internal/acl/types"
+	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/agentpool"
-	"github.com/yusing/godoxy/internal/api"
 	"github.com/yusing/godoxy/internal/autocert"
-	autocertctx "github.com/yusing/godoxy/internal/autocert/types"
-	"github.com/yusing/godoxy/internal/common"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/entrypoint"
-	entrypointctx "github.com/yusing/godoxy/internal/entrypoint/types"
 	homepage "github.com/yusing/godoxy/internal/homepage/types"
 	"github.com/yusing/godoxy/internal/logging"
 	"github.com/yusing/godoxy/internal/maxmind"
-	"github.com/yusing/godoxy/internal/metrics/systeminfo"
-	"github.com/yusing/godoxy/internal/metrics/uptime"
 	"github.com/yusing/godoxy/internal/notif"
 	route "github.com/yusing/godoxy/internal/route/provider"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -46,7 +40,7 @@ type state struct {
 
 	providers        *xsync.Map[string, types.RouteProvider]
 	autocertProvider *autocert.Provider
-	entrypoint       *entrypoint.Entrypoint
+	entrypoint       entrypoint.Entrypoint
 
 	task *task.Task
 
@@ -56,25 +50,14 @@ type state struct {
 	tmpLog    zerolog.Logger
 }
 
-type CriticalError struct {
-	err error
-}
-
-func (e CriticalError) Error() string {
-	return e.err.Error()
-}
-
-func (e CriticalError) Unwrap() error {
-	return e.err
-}
-
 func NewState() config.State {
 	tmpLogBuf := bytes.NewBuffer(make([]byte, 0, 4096))
 	return &state{
-		providers: xsync.NewMap[string, types.RouteProvider](),
-		task:      task.RootTask("config", false),
-		tmpLogBuf: tmpLogBuf,
-		tmpLog:    logging.NewLoggerWithFixedLevel(zerolog.InfoLevel, tmpLogBuf),
+		providers:  xsync.NewMap[string, types.RouteProvider](),
+		entrypoint: entrypoint.NewEntrypoint(),
+		task:       task.RootTask("config", false),
+		tmpLogBuf:  tmpLogBuf,
+		tmpLog:     logging.NewLoggerWithFixedLevel(zerolog.InfoLevel, tmpLogBuf),
 	}
 }
 
@@ -90,7 +73,13 @@ func SetState(state config.State) {
 
 	cfg := state.Value()
 	config.ActiveState.Store(state)
+	entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
 	homepage.ActiveConfig.Store(&cfg.Homepage)
+	if autocertProvider := state.AutoCertProvider(); autocertProvider != nil {
+		autocert.ActiveProvider.Store(autocertProvider.(*autocert.Provider))
+	} else {
+		autocert.ActiveProvider.Store(nil)
+	}
 }
 
 func HasState() bool {
@@ -107,7 +96,7 @@ func (state *state) InitFromFile(filename string) error {
 		if errors.Is(err, fs.ErrNotExist) {
 			state.Config = config.DefaultConfig()
 		} else {
-			return CriticalError{err}
+			return err
 		}
 	}
 	return state.Init(data)
@@ -116,7 +105,7 @@ func (state *state) InitFromFile(filename string) error {
 func (state *state) Init(data []byte) error {
 	err := serialization.UnmarshalValidate(data, &state.Config, yaml.Unmarshal)
 	if err != nil {
-		return CriticalError{err}
+		return err
 	}
 
 	g := gperr.NewGroup("config load error")
@@ -128,9 +117,7 @@ func (state *state) Init(data []byte) error {
 	// these won't benefit from running on goroutines
 	errs.Add(state.initNotification())
 	errs.Add(state.initACL())
-	if err := state.initEntrypoint(); err != nil {
-		errs.Add(CriticalError{err})
-	}
+	errs.Add(state.initEntrypoint())
 	errs.Add(state.loadRouteProviders())
 	return errs.Error()
 }
@@ -147,8 +134,8 @@ func (state *state) Value() *config.Config {
 	return &state.Config
 }
 
-func (state *state) Entrypoint() entrypointctx.Entrypoint {
-	return state.entrypoint
+func (state *state) EntrypointHandler() http.Handler {
+	return &state.entrypoint
 }
 
 func (state *state) ShortLinkMatcher() config.ShortLinkMatcher {
@@ -199,39 +186,10 @@ func (state *state) NumProviders() int {
 }
 
 func (state *state) FlushTmpLog() {
-	_, _ = state.tmpLogBuf.WriteTo(os.Stdout)
+	state.tmpLogBuf.WriteTo(os.Stdout)
 	state.tmpLogBuf.Reset()
 }
 
-func (state *state) StartAPIServers() {
-	// API Handler needs to start after auth is initialized.
-	_, err := server.StartServer(state.task.Subtask("api_server", false), server.Options{
-		Name:     "api",
-		HTTPAddr: common.APIHTTPAddr,
-		Handler:  api.NewHandler(true),
-	})
-	if err != nil {
-		log.Err(err).Msg("failed to start API server")
-	}
-
-	// Local API Handler is used for unauthenticated access.
-	if common.LocalAPIHTTPAddr != "" {
-		_, err := server.StartServer(state.task.Subtask("local_api_server", false), server.Options{
-			Name:     "local_api",
-			HTTPAddr: common.LocalAPIHTTPAddr,
-			Handler:  api.NewHandler(false),
-		})
-		if err != nil {
-			log.Err(err).Msg("failed to start local API server")
-		}
-	}
-}
-
-func (state *state) StartMetrics() {
-	systeminfo.Poller.Start(state.task)
-	uptime.Poller.Start(state.task)
-}
-
 // initACL initializes the ACL.
 func (state *state) initACL() error {
 	if !state.ACL.Valid() {
@@ -241,7 +199,7 @@ func (state *state) initACL() error {
 	if err != nil {
 		return err
 	}
-	acl.SetCtx(state.task, state.ACL)
+	state.task.SetValue(acl.ContextKey{}, state.ACL)
 	return nil
 }
 
@@ -249,7 +207,6 @@ func (state *state) initEntrypoint() error {
 	epCfg := state.Config.Entrypoint
 	matchDomains := state.MatchDomains
 
-	state.entrypoint = entrypoint.NewEntrypoint(state.task, &epCfg)
 	state.entrypoint.SetFindRouteDomains(matchDomains)
 	state.entrypoint.SetNotFoundRules(epCfg.Rules.NotFound)
 
@@ -263,8 +220,6 @@ func (state *state) initEntrypoint() error {
 		}
 	}
 
-	entrypointctx.SetCtx(state.task, state.entrypoint)
-
 	errs := gperr.NewBuilder("entrypoint error")
 	errs.Add(state.entrypoint.SetMiddlewares(epCfg.Middlewares))
 	errs.Add(state.entrypoint.SetAccessLogger(state.task, epCfg.AccessLog))
@@ -341,7 +296,6 @@ func (state *state) initAutoCert() error {
 	p.PrintCertExpiriesAll()
 
 	state.autocertProvider = p
-	autocertctx.SetCtx(state.task, p)
 	return nil
 }
 
@@ -355,7 +309,7 @@ func (state *state) initProxmox() error {
 	for _, cfg := range proxmoxCfg {
 		errs.Go(func() error {
 			if err := cfg.Init(state.task.Context()); err != nil {
-				return gperr.PrependSubject(err, cfg.URL)
+				return err.Subject(cfg.URL)
 			}
 			return nil
 		})
@@ -379,7 +333,7 @@ func (state *state) loadRouteProviders() error {
 	for _, a := range providers.Agents {
 		agentErrs.Go(func() error {
 			if err := a.Init(state.task.Context()); err != nil {
-				return gperr.PrependSubject(err, a.String())
+				return gperr.PrependSubject(a.String(), err)
 			}
 			agentpool.Add(a)
 			return nil
@@ -397,7 +351,7 @@ func (state *state) loadRouteProviders() error {
 	for _, filename := range providers.Files {
 		p, err := route.NewFileProvider(filename)
 		if err != nil {
-			errs.Add(gperr.PrependSubject(err, filename))
+			errs.Add(gperr.PrependSubject(filename, err))
 			return err
 		}
 		registerProvider(p)
@@ -422,7 +376,7 @@ func (state *state) loadRouteProviders() error {
 	for _, p := range state.providers.Range {
 		loadErrs.Go(func() error {
 			if err := p.LoadRoutes(); err != nil {
-				return gperr.PrependSubject(err, p.String())
+				return err.Subject(p.String())
 			}
 			resultsMu.Lock()
 			results.Addf("%-"+strconv.Itoa(lenLongestName)+"s %d routes", p.String(), p.NumRoutes())

internal/config/types/config.go

@@ -8,13 +8,14 @@ import (
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/autocert"
-	"github.com/yusing/godoxy/internal/entrypoint"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	homepage "github.com/yusing/godoxy/internal/homepage/types"
 	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
 	"github.com/yusing/godoxy/internal/notif"
 	"github.com/yusing/godoxy/internal/proxmox"
 	"github.com/yusing/godoxy/internal/serialization"
 	"github.com/yusing/godoxy/internal/types"
+	gperr "github.com/yusing/goutils/errs"
 )
 
 type (
@@ -41,7 +42,7 @@ type (
 	}
 )
 
-func Validate(data []byte) error {
+func Validate(data []byte) gperr.Error {
 	var model Config
 	return serialization.UnmarshalValidate(data, &model, yaml.Unmarshal)
 }

internal/config/types/state.go

@@ -6,7 +6,6 @@ import (
 	"iter"
 	"net/http"
 
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/synk"
@@ -22,7 +21,7 @@ type State interface {
 
 	Value() *Config
 
-	Entrypoint() entrypoint.Entrypoint
+	EntrypointHandler() http.Handler
 	ShortLinkMatcher() ShortLinkMatcher
 	AutoCertProvider() server.CertProvider
 
@@ -33,9 +32,6 @@ type State interface {
 	StartProviders() error
 
 	FlushTmpLog()
-
-	StartAPIServers()
-	StartMetrics()
 }
 
 type ShortLinkMatcher interface {

internal/dnsproviders/go.mod

@@ -1,12 +1,12 @@
 module github.com/yusing/godoxy/internal/dnsproviders
 
-go 1.26.0
+go 1.25.6
 
 replace github.com/yusing/godoxy => ../..
 
 require (
 	github.com/go-acme/lego/v4 v4.31.0
-	github.com/yusing/godoxy v0.25.3
+	github.com/yusing/godoxy v0.25.2
 )
 
 require (
@@ -23,16 +23,12 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
-	github.com/bytedance/gopkg v0.1.3 // indirect
-	github.com/bytedance/sonic v1.15.0 // indirect
-	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -48,16 +44,15 @@ require (
 	github.com/google/go-querystring v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.12 // indirect
-	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/gotify/server/v2 v2.8.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
-	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/linode/linodego v1.65.0 // indirect
+	github.com/linode/linodego v1.64.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/maxatome/go-testdeep v1.14.0 // indirect
@@ -65,8 +60,8 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nrdcg/goacmedns v0.2.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
-	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1 // indirect
-	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1 // indirect
+	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 // indirect
+	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 // indirect
 	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -78,29 +73,27 @@ require (
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/vultr/govultr/v3 v3.27.0 // indirect
+	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
-	github.com/yusing/gointernals v0.2.0 // indirect
+	github.com/yusing/gointernals v0.1.16 // indirect
 	github.com/yusing/goutils v0.7.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/ratelimit v0.3.1 // indirect
-	golang.org/x/arch v0.24.0 // indirect
-	golang.org/x/crypto v0.48.0 // indirect
-	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/net v0.50.0 // indirect
-	golang.org/x/oauth2 v0.35.0 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/mod v0.32.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
-	golang.org/x/text v0.34.0 // indirect
-	golang.org/x/tools v0.42.0 // indirect
-	google.golang.org/api v0.266.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect
-	google.golang.org/grpc v1.79.1 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/tools v0.41.0 // indirect
+	google.golang.org/api v0.263.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/grpc v1.78.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

internal/dnsproviders/go.sum

@@ -37,18 +37,10 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
-github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
-github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
-github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
-github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
-github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
-github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -60,8 +52,8 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
-github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
+github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/go-acme/lego/v4 v4.31.0 h1:gd4oUYdfs83PR1/SflkNdit9xY1iul2I4EystnU8NXM=
 github.com/go-acme/lego/v4 v4.31.0/go.mod h1:m6zcfX/zcbMYDa8s6AnCMnoORWNP8Epnei+6NBCTUGs=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
@@ -103,10 +95,10 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.12 h1:Fg+zsqzYEs1ZnvmcztTYxhgCBsx3eEhEwQ1W/lHq/sQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.12/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg=
-github.com/googleapis/gax-go/v2 v2.17.0 h1:RksgfBpxqff0EZkDWYuz9q/uWsTVz+kf43LsZ1J6SMc=
-github.com/googleapis/gax-go/v2 v2.17.0/go.mod h1:mzaqghpQp4JDh3HvADwrat+6M3MOIDp5YKHhb9PAgDY=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11 h1:vAe81Msw+8tKUxi2Dqh/NZMz7475yUvmRIkXr4oN2ao=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11/go.mod h1:RFV7MUdlb7AgEq2v7FmMCfeSMCllAzWxFgRdusoGks8=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
@@ -119,8 +111,6 @@ github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2
 github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
-github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -131,8 +121,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/linode/linodego v1.65.0 h1:SdsuGD8VSsPWeShXpE7ihl5vec+fD3MgwhnfYC/rj7k=
-github.com/linode/linodego v1.65.0/go.mod h1:tOFiTErdjkbVnV+4S0+NmIE9dqqZUEM2HsJaGu8wMh8=
+github.com/linode/linodego v1.64.0 h1:If6pULIwHuQytgogtpQaBdVLX7z2TTHUF5u1tj2TPiY=
+github.com/linode/linodego v1.64.0/go.mod h1:GoiwLVuLdBQcAebxAVKVL3mMYUgJZR/puOUSla04xBE=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -150,10 +140,10 @@ github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
 github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1 h1:3oOIAQ9Fd2qTKTS/VlWmvKyBPKKhXBcCXjRZqOUypI4=
-github.com/nrdcg/oci-go-sdk/common/v1065 v1065.108.1/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1 h1:2H75475moAv1hVVYlOk815KfqeiFCiQ7ovqn3OnN6FY=
-github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.108.1/go.mod h1:9HGOXiiQxcsG+4amgdr4xBIMq6IchdLW/nQDyZz07IE=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 h1:eMzyN+jGJbxG4ut278uwIsUo9XacXc711lFjhKnaUso=
+github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0/go.mod h1:Gcs8GCaZXL3FdiDWgdnMxlOLEdRprJJnPYB22TX1jw8=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 h1:t34IpOa+8NfmjkU8bdWtYrLrmr346/FGhu8FlpJDQok=
+github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0/go.mod h1:p95/OxVsdx71I2Qrck1GtIS87sRxcTRKXzUi5nWm9NY=
 github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
 github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/ovh/go-ovh v1.9.0 h1:6K8VoL3BYjVV3In9tPJUdT7qMx9h0GExN9EXx1r2kKE=
@@ -188,77 +178,72 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/vultr/govultr/v3 v3.27.0 h1:J8etMyu/Jh5+idMsu2YZpOWmDXXHeW4VZnkYXmJYHx8=
-github.com/vultr/govultr/v3 v3.27.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
+github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
+github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
-github.com/yusing/gointernals v0.2.0 h1:jyWB3kdUPkuU6s0r8QY/sS5h2WNBF4Kfisly8dtSVvg=
-github.com/yusing/gointernals v0.2.0/go.mod h1:xGzNbPGMm5Z8kG0t4JYISMscw+gMQlgghkLxlgRZv5Y=
+github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
+github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusing/goutils v0.7.0 h1:I5hd8GwZ+3WZqFPK0tWqek1Q5MY6Xg29hKZcwwQi4SY=
 github.com/yusing/goutils v0.7.0/go.mod h1:CtF/KFH4q8jkr7cvBpkaExnudE0lLu8sLe43F73Bn5Q=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
-go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
-golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
-golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
-golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
-golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.266.0 h1:hco+oNCf9y7DmLeAtHJi/uBAY7n/7XC9mZPxu1ROiyk=
-google.golang.org/api v0.266.0/go.mod h1:Jzc0+ZfLnyvXma3UtaTl023TdhZu6OMBP9tJ+0EmFD0=
-google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 h1:VQZ/yAbAtjkHgH80teYd2em3xtIkkHd7ZhqfH2N9CsM=
-google.golang.org/genproto v0.0.0-20260128011058-8636f8732409/go.mod h1:rxKD3IEILWEu3P44seeNOAwZN4SaoKaQ/2eTg4mM6EM=
-google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=
-google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY=
-google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/api v0.263.0 h1:UFs7qn8gInIdtk1ZA6eXRXp5JDAnS4x9VRsRVCeKdbk=
+google.golang.org/api v0.263.0/go.mod h1:fAU1xtNNisHgOF5JooAs8rRaTkl2rT3uaoNGo9NS3R8=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
+google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/docker/client.go

@@ -14,7 +14,7 @@ import (
 	"unsafe"
 
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/moby/moby/client"
+	"github.com/docker/docker/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
@@ -198,7 +198,9 @@ func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, e
 		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
 	}
 
-	client, err := client.New(opt...)
+	opt = append(opt, client.WithAPIVersionNegotiation())
+
+	client, err := client.NewClientWithOpts(opt...)
 	if err != nil {
 		return nil, err
 	}

internal/docker/container.go

@@ -11,9 +11,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
-	"github.com/moby/moby/api/types/container"
-	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -99,18 +98,18 @@ func UpdatePorts(ctx context.Context, c *types.Container) error {
 	}
 	defer dockerClient.Close()
 
-	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID, client.ContainerInspectOptions{})
+	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID)
 	if err != nil {
 		return err
 	}
 
-	for port := range inspect.Container.Config.ExposedPorts {
-		proto, portStr := nat.SplitProtoPort(port.String())
+	for port := range inspect.Config.ExposedPorts {
+		proto, portStr := nat.SplitProtoPort(string(port))
 		portInt, _ := nat.ParsePort(portStr)
 		if portInt == 0 {
 			continue
 		}
-		c.PublicPortMapping[portInt] = container.PortSummary{
+		c.PublicPortMapping[portInt] = container.Port{
 			PublicPort:  uint16(portInt), //nolint:gosec
 			PrivatePort: uint16(portInt), //nolint:gosec
 			Type:        proto,
@@ -211,8 +210,8 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	if c.Network != "" {
 		v, hasNetwork := helper.NetworkSettings.Networks[c.Network]
-		if hasNetwork && v.IPAddress.IsValid() {
-			c.PrivateHostname = v.IPAddress.String()
+		if hasNetwork && v.IPAddress != "" {
+			c.PrivateHostname = v.IPAddress
 			return
 		}
 		var hasComposeNetwork bool
@@ -220,9 +219,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 		if proj := DockerComposeProject(c); proj != "" {
 			newNetwork := fmt.Sprintf("%s_%s", proj, c.Network)
 			v, hasComposeNetwork = helper.NetworkSettings.Networks[newNetwork]
-			if hasComposeNetwork && v.IPAddress.IsValid() {
+			if hasComposeNetwork && v.IPAddress != "" {
 				c.Network = newNetwork // update network to the new one
-				c.PrivateHostname = v.IPAddress.String()
+				c.PrivateHostname = v.IPAddress
 				return
 			}
 		}
@@ -235,9 +234,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	// fallback to first network if no network is specified
 	for k, v := range helper.NetworkSettings.Networks {
-		if v.IPAddress.IsValid() {
+		if v.IPAddress != "" {
 			c.Network = k // update network to the first network
-			c.PrivateHostname = v.IPAddress.String()
+			c.PrivateHostname = v.IPAddress
 			return
 		}
 	}

internal/docker/container_helper.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"strings"
 
-	"github.com/moby/moby/api/types/container"
+	"github.com/docker/docker/api/types/container"
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/types"
 	strutils "github.com/yusing/goutils/strings"

internal/docker/container_test.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"testing"
 
-	"github.com/moby/moby/api/types/container"
+	"github.com/docker/docker/api/types/container"
 	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )

internal/docker/label.go

@@ -1,7 +1,6 @@
 package docker
 
 import (
-	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -12,7 +11,7 @@ import (
 	strutils "github.com/yusing/goutils/strings"
 )
 
-var ErrInvalidLabel = errors.New("invalid label")
+var ErrInvalidLabel = gperr.New("invalid label")
 
 const nsProxyDot = NSProxy + "."
 
@@ -24,7 +23,7 @@ var refPrefixes = func() []string {
 	return prefixes
 }()
 
-func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, error) {
+func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, gperr.Error) {
 	nestedMap := make(types.LabelMap)
 	errs := gperr.NewBuilder("labels error")
 
@@ -36,7 +35,7 @@ func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, e
 			continue
 		}
 		if len(parts) == 1 {
-			errs.AddSubject(ErrInvalidLabel, lbl)
+			errs.Add(ErrInvalidLabel.Subject(lbl))
 			continue
 		}
 		parts = parts[1:]
@@ -54,7 +53,7 @@ func ParseLabels(labels map[string]string, aliases ...string) (types.LabelMap, e
 				// Move deeper into the nested map
 				m, ok := currentMap[k].(types.LabelMap)
 				if !ok && currentMap[k] != "" {
-					errs.AddSubject(fmt.Errorf("expect mapping, got %T", currentMap[k]), lbl)
+					errs.Add(gperr.Errorf("expect mapping, got %T", currentMap[k]).Subject(lbl))
 					continue
 				} else if !ok {
 					m = make(types.LabelMap)
@@ -83,7 +82,15 @@ func ExpandWildcard(labels map[string]string, aliases ...string) {
 		}
 		// lbl is "proxy.X..." where X is alias or wildcard
 		rest := lbl[len(nsProxyDot):] // "X..." or "X.suffix"
-		alias, suffix, _ := strings.Cut(rest, ".")
+		dotIdx := strings.IndexByte(rest, '.')
+		var alias, suffix string
+		if dotIdx == -1 {
+			alias = rest
+		} else {
+			alias = rest[:dotIdx]
+			suffix = rest[dotIdx+1:]
+		}
+
 		if alias == WildcardAlias {
 			delete(labels, lbl)
 			if suffix == "" || strings.Count(value, "\n") > 1 {
@@ -113,10 +120,15 @@ func ExpandWildcard(labels map[string]string, aliases ...string) {
 			continue
 		}
 		rest := lbl[len(nsProxyDot):]
-		alias, suffix, ok := strings.Cut(rest, ".")
-		if !ok || alias == "" || alias[0] == '#' {
+		dotIdx := strings.IndexByte(rest, '.')
+		if dotIdx == -1 {
 			continue
 		}
+		alias := rest[:dotIdx]
+		if alias[0] == '#' {
+			continue
+		}
+		suffix := rest[dotIdx+1:]
 
 		idx, known := aliasSet[alias]
 		if !known {

internal/docker/list_containers.go

@@ -3,12 +3,12 @@ package docker
 import (
 	"context"
 
-	"github.com/moby/moby/api/types/container"
-	"github.com/moby/moby/client"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
 	"github.com/yusing/godoxy/internal/types"
 )
 
-var listOptions = client.ContainerListOptions{
+var listOptions = container.ListOptions{
 	// created|restarting|running|removing|paused|exited|dead
 	// Filters: filters.NewArgs(
 	// 	filters.Arg("status", "created"),
@@ -31,7 +31,7 @@ func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) (
 	if err != nil {
 		return nil, err
 	}
-	return containers.Items, nil
+	return containers, nil
 }
 
 func IsErrConnectionFailed(err error) bool {

internal/entrypoint/README.md

@@ -1,10 +1,10 @@
 # Entrypoint
 
-The entrypoint package provides the main HTTP entry point for GoDoxy, handling domain-based routing, middleware application, short link matching, access logging, and HTTP server lifecycle management.
+The entrypoint package provides the main HTTP entry point for GoDoxy, handling domain-based routing, middleware application, short link matching, and access logging.
 
 ## Overview
 
-The entrypoint package implements the primary HTTP handler that receives all incoming requests, manages the lifecycle of HTTP servers, determines the target route based on hostname, applies middleware, and forwards requests to the appropriate route handler.
+The entrypoint package implements the primary HTTP handler that receives all incoming requests, determines the target route based on hostname, applies middleware, and forwards requests to the appropriate route handler.
 
 ### Key Features
 
@@ -14,350 +14,103 @@ The entrypoint package implements the primary HTTP handler that receives all inc
 - Access logging for all requests
 - Configurable not-found handling
 - Per-domain route resolution
-- HTTP server management (HTTP/HTTPS)
-- Route pool abstractions via [`PoolLike`](internal/entrypoint/types/entrypoint.go:27) and [`RWPoolLike`](internal/entrypoint/types/entrypoint.go:33) interfaces
 
-### Primary Consumers
+## Architecture
 
-- **HTTP servers**: Per-listen-addr servers dispatch requests to routes
-- **Route providers**: Register routes via [`StartAddRoute`](internal/entrypoint/routes.go:48)
-- **Configuration layer**: Validates and applies middleware/access-logging config
+```mermaid
+graph TD
+    A[HTTP Request] --> B[Entrypoint Handler]
+    B --> C{Access Logger?}
+    C -->|Yes| D[Wrap Response Recorder]
+    C -->|No| E[Skip Logging]
 
-### Non-goals
+    D --> F[Find Route by Host]
+    E --> F
 
-- Does not implement route discovery (delegates to providers)
-- Does not handle TLS certificate management (delegates to autocert)
-- Does not implement health checks (delegates to `internal/health/monitor`)
-- Does not manage TCP/UDP listeners directly (only HTTP/HTTPS via `goutils/server`)
+    F --> G{Route Found?}
+    G -->|Yes| H{Middleware?}
+    G -->|No| I{Short Link?}
+    I -->|Yes| J[Short Link Handler]
+    I -->|No| K{Not Found Handler?}
+    K -->|Yes| L[Not Found Handler]
+    K -->|No| M[Serve 404]
 
-### Stability
+    H -->|Yes| N[Apply Middleware]
+    H -->|No| O[Direct Route]
+    N --> O
 
-Internal package with stable core interfaces. The [`Entrypoint`](internal/entrypoint/types/entrypoint.go:7) interface is the public contract.
+    O --> P[Route ServeHTTP]
+    P --> Q[Response]
 
-## Public API
+    L --> R[404 Response]
+    J --> Q
+    M --> R
+```
 
-### Entrypoint Interface
+## Core Components
+
+### Entrypoint Structure
 
 ```go
-type Entrypoint interface {
-    // Server capabilities
-    SupportProxyProtocol() bool
-    DisablePoolsLog(v bool)
-
-    // Route registry access
-    GetRoute(alias string) (types.Route, bool)
-    StartAddRoute(r types.Route) error
-    IterRoutes(yield func(r types.Route) bool)
-    NumRoutes() int
-    RoutesByProvider() map[string][]types.Route
-
-    // Route pool accessors
-    HTTPRoutes() PoolLike[types.HTTPRoute]
-    StreamRoutes() PoolLike[types.StreamRoute]
-    ExcludedRoutes() RWPoolLike[types.Route]
-
-    // Health info queries
-    GetHealthInfo() map[string]types.HealthInfo
-    GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail
-    GetHealthInfoSimple() map[string]types.HealthStatus
-
-    // Configuration
-    SetFindRouteDomains(domains []string)
-    SetMiddlewares(mws []map[string]any) error
-    SetNotFoundRules(rules rules.Rules)
-    SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) error
-
-    // Context integration
-    ShortLinkMatcher() *ShortLinkMatcher
+type Entrypoint struct {
+    middleware      *middleware.Middleware
+    notFoundHandler http.Handler
+    accessLogger    accesslog.AccessLogger
+    findRouteFunc   func(host string) types.HTTPRoute
+    shortLinkTree   *ShortLinkMatcher
 }
 ```
 
-### Pool Interfaces
+### Active Config
 
 ```go
-type PoolLike[Route types.Route] interface {
-    Get(alias string) (Route, bool)
-    Iter(yield func(alias string, r Route) bool)
-    Size() int
-}
+var ActiveConfig atomic.Pointer[entrypoint.Config]
+```
 
-type RWPoolLike[Route types.Route] interface {
-    PoolLike[Route]
-    Add(r Route)
-    Del(r Route)
-}
+## Public API
+
+### Creation
+
+```go
+// NewEntrypoint creates a new entrypoint instance.
+func NewEntrypoint() Entrypoint
 ```
 
 ### Configuration
 
 ```go
-type Config struct {
-    SupportProxyProtocol bool                     `json:"support_proxy_protocol"`
-    Rules                struct {
-        NotFound rules.Rules                     `json:"not_found"`
-    }                                               `json:"rules"`
-    Middlewares          []map[string]any          `json:"middlewares"`
-    AccessLog            *accesslog.RequestLoggerConfig `json:"access_log" validate:"omitempty"`
-}
+// SetFindRouteDomains configures domain-based route lookup.
+func (ep *Entrypoint) SetFindRouteDomains(domains []string)
+
+// SetMiddlewares loads and configures middleware chain.
+func (ep *Entrypoint) SetMiddlewares(mws []map[string]any) error
+
+// SetNotFoundRules configures the not-found handler.
+func (ep *Entrypoint) SetNotFoundRules(rules rules.Rules)
+
+// SetAccessLogger initializes access logging.
+func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) error
+
+// ShortLinkMatcher returns the short link matcher.
+func (ep *Entrypoint) ShortLinkMatcher() *ShortLinkMatcher
 ```
 
-### Context Functions
+### Request Handling
 
 ```go
-func SetCtx(ctx interface{ SetValue(any, any) }, ep Entrypoint)
-func FromCtx(ctx context.Context) Entrypoint
+// ServeHTTP is the main HTTP handler.
+func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request)
+
+// FindRoute looks up a route by hostname.
+func (ep *Entrypoint) FindRoute(s string) types.HTTPRoute
 ```
 
-## Architecture
-
-### Core Components
-
-```mermaid
-classDiagram
-    class Entrypoint {
-        +task *task.new_task
-        +cfg *Config
-        +middleware *middleware.Middleware
-        +notFoundHandler http.Handler
-        +accessLogger AccessLogger
-        +findRouteFunc findRouteFunc
-        +shortLinkMatcher *ShortLinkMatcher
-        +streamRoutes *pool.Pool[types.StreamRoute]
-        +excludedRoutes *pool.Pool[types.Route]
-        +servers *xsync.Map[string, *httpServer]
-        +SupportProxyProtocol() bool
-        +StartAddRoute(r) error
-        +IterRoutes(yield)
-        +HTTPRoutes() PoolLike
-    }
-
-    class httpServer {
-        +routes *pool.Pool[types.HTTPRoute]
-        +ServeHTTP(w, r)
-        +AddRoute(route)
-        +DelRoute(route)
-        +FindRoute(s) types.HTTPRoute
-    }
-
-    class PoolLike {
-        <<interface>>
-        +Get(alias) (Route, bool)
-        +Iter(yield) bool
-        +Size() int
-    }
-
-    class RWPoolLike {
-        <<interface>>
-        +PoolLike
-        +Add(r Route)
-        +Del(r Route)
-    }
-
-    class ShortLinkMatcher {
-        +fqdnRoutes *xsync.Map[string, string]
-        +subdomainRoutes *xsync.Map[string, struct{}]
-        +ServeHTTP(w, r)
-        +AddRoute(alias)
-        +DelRoute(alias)
-        +SetDefaultDomainSuffix(suffix)
-    }
-
-    Entrypoint --> httpServer : manages
-    Entrypoint --> ShortLinkMatcher : owns
-    Entrypoint --> PoolLike : HTTPRoutes()
-    Entrypoint --> RWPoolLike : ExcludedRoutes()
-    httpServer --> PoolLike : routes pool
-```
-
-### Request Processing Pipeline
-
-```mermaid
-flowchart TD
-    A[HTTP Request] --> B[Find Route by Host]
-    B --> C{Route Found?}
-    C -->|Yes| D{Middleware?}
-    C -->|No| E{Short Link?}
-    E -->|Yes| F[Short Link Handler]
-    E -->|No| G{Not Found Handler?}
-    G -->|Yes| H[Not Found Handler]
-    G -->|No| I[Serve 404]
-
-    D -->|Yes| J[Apply Middleware Chain]
-    D -->|No| K[Direct Route Handler]
-    J --> K
-
-    K --> L[Route ServeHTTP]
-    L --> M[Response]
-
-    F --> M
-    H --> N[404 Response]
-    I --> N
-```
-
-### Server Lifecycle
-
-```mermaid
-stateDiagram-v2
-    [*] --> Empty: NewEntrypoint()
-
-    Empty --> Listening: StartAddRoute()
-    Listening --> Listening: StartAddRoute()
-    Listening --> Listening: delHTTPRoute()
-    Listening --> [*]: Cancel()
-
-    Listening --> AddingServer: addHTTPRoute()
-    AddingServer --> Listening: Server starts
-
-    note right of Listening
-        servers map: addr -> httpServer
-        For HTTPS, routes are added to ProxyHTTPSAddr
-        Default routes added to both HTTP and HTTPS
-    end note
-```
-
-## Data Flow
-
-```mermaid
-sequenceDiagram
-    participant Client
-    participant httpServer
-    participant Entrypoint
-    participant Middleware
-    participant Route
-
-    Client->>httpServer: GET /path
-    httpServer->>Entrypoint: FindRoute(host)
-
-    alt Route Found
-        Entrypoint-->>httpServer: HTTPRoute
-        httpServer->>Middleware: ServeHTTP(routeHandler)
-        alt Has Middleware
-            Middleware->>Middleware: Process Chain
-        end
-        Middleware->>Route: Forward Request
-        Route-->>Middleware: Response
-        Middleware-->>httpServer: Response
-    else Short Link (go.example.com/alias)
-        httpServer->>ShortLinkMatcher: Match short code
-        ShortLinkMatcher-->>httpServer: Redirect
-    else Not Found
-        httpServer->>NotFoundHandler: Serve 404
-        NotFoundHandler-->>httpServer: 404 Page
-    end
-
-    httpServer-->>Client: Response
-```
-
-## Route Registry
-
-Routes are managed per-entrypoint:
-
-```go
-// Adding a route (main entry point for providers)
-if err := ep.StartAddRoute(route); err != nil {
-    return err
-}
-
-// Iterating all routes including excluded
-ep.IterRoutes(func(r types.Route) bool {
-    log.Info().Str("alias", r.Name()).Msg("route")
-    return true // continue iteration
-})
-
-// Querying by alias
-route, ok := ep.GetRoute("myapp")
-
-// Grouping by provider
-byProvider := ep.RoutesByProvider()
-```
-
-## Configuration Surface
-
-### Config Source
-
-Environment variables and YAML config file:
-
-```yaml
-entrypoint:
-  support_proxy_protocol: true
-  middlewares:
-    - rate_limit:
-        requests_per_second: 100
-  rules:
-    not_found:
-      # not-found rules configuration
-  access_log:
-    path: /var/log/godoxy/access.log
-```
-
-### Environment Variables
-
-| Variable                       | Description                   |
-| ------------------------------ | ----------------------------- |
-| `PROXY_SUPPORT_PROXY_PROTOCOL` | Enable PROXY protocol support |
-
-## Dependency and Integration Map
-
-| Dependency                         | Purpose                     |
-| ---------------------------------- | --------------------------- |
-| `internal/route`                   | Route types and handlers    |
-| `internal/route/rules`             | Not-found rules processing  |
-| `internal/logging/accesslog`       | Request logging             |
-| `internal/net/gphttp/middleware`   | Middleware chain            |
-| `internal/types`                   | Route and health types      |
-| `github.com/puzpuzpuz/xsync/v4`    | Concurrent server map       |
-| `github.com/yusing/goutils/pool`   | Route pool implementations  |
-| `github.com/yusing/goutils/task`   | Lifecycle management        |
-| `github.com/yusing/goutils/server` | HTTP/HTTPS server lifecycle |
-
-## Observability
-
-### Logs
-
-| Level   | Context               | Description             |
-| ------- | --------------------- | ----------------------- |
-| `DEBUG` | `route`, `listen_url` | Route addition/removal  |
-| `DEBUG` | `addr`, `proto`       | Server lifecycle        |
-| `ERROR` | `route`, `listen_url` | Server startup failures |
-
-### Metrics
-
-Route metrics exposed via [`GetHealthInfo`](internal/entrypoint/query.go:10) methods:
-
-```go
-// Health info for all routes
-healthMap := ep.GetHealthInfo()
-// {
-//   "myapp": {Status: "healthy", Uptime: 3600, Latency: 5ms},
-//   "excluded-route": {Status: "unknown", Detail: "n/a"},
-// }
-```
-
-## Security Considerations
-
-- Route lookup is read-only from route pools
-- Middleware chain is applied per-request
-- Proxy protocol support must be explicitly enabled
-- Access logger captures request metadata before processing
-- Short link matching is limited to configured domains
-
-## Failure Modes and Recovery
-
-| Failure               | Behavior                        | Recovery                     |
-| --------------------- | ------------------------------- | ---------------------------- |
-| Server bind fails     | Error returned, route not added | Fix port/address conflict    |
-| Route start fails     | Route excluded, error logged    | Fix route configuration      |
-| Middleware load fails | SetMiddlewares returns error    | Fix middleware configuration |
-| Context cancelled     | All servers stopped gracefully  | Restart entrypoint           |
-
-## Usage Examples
+## Usage
 
 ### Basic Setup
 
 ```go
-ep := entrypoint.NewEntrypoint(parent, &entrypoint.Config{
-    SupportProxyProtocol: false,
-})
+ep := entrypoint.NewEntrypoint()
 
 // Configure domain matching
 ep.SetFindRouteDomains([]string{".example.com", "example.com"})
@@ -367,7 +120,7 @@ err := ep.SetMiddlewares([]map[string]any{
     {"rate_limit": map[string]any{"requests_per_second": 100}},
 })
 if err != nil {
-    return err
+    log.Fatal(err)
 }
 
 // Configure access logging
@@ -375,58 +128,181 @@ err = ep.SetAccessLogger(parent, &accesslog.RequestLoggerConfig{
     Path: "/var/log/godoxy/access.log",
 })
 if err != nil {
-    return err
+    log.Fatal(err)
 }
+
+// Start server
+http.ListenAndServe(":80", &ep)
 ```
 
-### Route Querying
+### Route Lookup Logic
+
+The entrypoint uses multiple strategies to find routes:
+
+1. **Subdomain Matching**: For `sub.domain.com`, looks for `sub`
+1. **Exact Match**: Looks for the full hostname
+1. **Port Stripping**: Strips port from host if present
 
 ```go
-// Iterate all routes including excluded
-ep.IterRoutes(func(r types.Route) bool {
-    log.Info().
-        Str("alias", r.Name()).
-        Str("provider", r.ProviderName()).
-        Bool("excluded", r.ShouldExclude()).
-        Msg("route")
-    return true // continue iteration
-})
+func findRouteAnyDomain(host string) types.HTTPRoute {
+    // Try subdomain (everything before first dot)
+    idx := strings.IndexByte(host, '.')
+    if idx != -1 {
+        target := host[:idx]
+        if r, ok := routes.HTTP.Get(target); ok {
+            return r
+        }
+    }
 
-// Get health info for all routes
-healthMap := ep.GetHealthInfoSimple()
-for alias, status := range healthMap {
-    log.Info().Str("alias", alias).Str("status", string(status)).Msg("health")
+    // Try exact match
+    if r, ok := routes.HTTP.Get(host); ok {
+        return r
+    }
+
+    // Try stripping port
+    if before, _, ok := strings.Cut(host, ":"); ok {
+        if r, ok := routes.HTTP.Get(before); ok {
+            return r
+        }
+    }
+
+    return nil
 }
 ```
 
-### Route Addition
+### Short Links
 
-Routes are typically added by providers via `StartAddRoute`:
+Short links use a special `.short` domain:
 
 ```go
-// StartAddRoute handles route registration and server creation
-if err := ep.StartAddRoute(route); err != nil {
-    return err
+// Request to: https://abc.short.example.com
+// Looks for route with alias "abc"
+if strings.EqualFold(host, common.ShortLinkPrefix) {
+    // Handle short link
+    ep.shortLinkTree.ServeHTTP(w, r)
 }
 ```
 
-### Context Integration
+## Data Flow
 
-Routes can access the entrypoint from request context:
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Entrypoint
+    participant Middleware
+    participant Route
+    participant Logger
+
+    Client->>Entrypoint: GET /path
+    Entrypoint->>Entrypoint: FindRoute(host)
+    alt Route Found
+        Entrypoint->>Logger: Get ResponseRecorder
+        Logger-->>Entrypoint: Recorder
+        Entrypoint->>Middleware: ServeHTTP(routeHandler)
+        alt Has Middleware
+            Middleware->>Middleware: Process Chain
+        end
+        Middleware->>Route: Forward Request
+        Route-->>Middleware: Response
+        Middleware-->>Entrypoint: Response
+    else Short Link
+        Entrypoint->>ShortLinkTree: Match short code
+        ShortLinkTree-->>Entrypoint: Redirect
+    else Not Found
+        Entrypoint->>NotFoundHandler: Serve 404
+        NotFoundHandler-->>Entrypoint: 404 Page
+    end
+
+    Entrypoint->>Logger: Log Request
+    Logger-->>Entrypoint: Complete
+    Entrypoint-->>Client: Response
+```
+
+## Not-Found Handling
+
+When no route is found, the entrypoint:
+
+1. Attempts to serve a static error page file
+1. Logs the 404 request
+1. Falls back to the configured error page
+1. Returns 404 status code
 
 ```go
-// Set entrypoint in context (typically during initialization)
-entrypoint.SetCtx(task, ep)
+func (ep *Entrypoint) serveNotFound(w http.ResponseWriter, r *http.Request) {
+    if served := middleware.ServeStaticErrorPageFile(w, r); !served {
+        log.Error().
+            Str("method", r.Method).
+            Str("url", r.URL.String()).
+            Str("remote", r.RemoteAddr).
+            Msgf("not found: %s", r.Host)
 
-// Get entrypoint from context
-if ep := entrypoint.FromCtx(r.Context()); ep != nil {
-    route, ok := ep.GetRoute("alias")
+        errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
+        if ok {
+            w.WriteHeader(http.StatusNotFound)
+            w.Header().Set("Content-Type", "text/html; charset=utf-8")
+            w.Write(errorPage)
+        } else {
+            http.NotFound(w, r)
+        }
+    }
 }
 ```
 
-## Testing Notes
+## Configuration Structure
 
-- Benchmark tests in [`entrypoint_benchmark_test.go`](internal/entrypoint/entrypoint_benchmark_test.go)
-- Integration tests in [`entrypoint_test.go`](internal/entrypoint/entrypoint_test.go)
-- Mock route pools for unit testing
-- Short link tests in [`shortlink_test.go`](internal/entrypoint/shortlink_test.go)
+```go
+type Config struct {
+    Middlewares []map[string]any `json:"middlewares"`
+    Rules       rules.Rules      `json:"rules"`
+    AccessLog   *accesslog.RequestLoggerConfig `json:"access_log"`
+}
+```
+
+## Middleware Integration
+
+The entrypoint supports middleware chains configured via YAML:
+
+```yaml
+entrypoint:
+  middlewares:
+    - use: rate_limit
+      average: 100
+      burst: 200
+      bypass:
+        - remote 192.168.1.0/24
+    - use: redirect_http
+```
+
+## Access Logging
+
+Access logging wraps the response recorder to capture:
+
+- Request method and URL
+- Response status code
+- Response size
+- Request duration
+- Client IP address
+
+```go
+func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+    if ep.accessLogger != nil {
+        rec := accesslog.GetResponseRecorder(w)
+        w = rec
+        defer func() {
+            ep.accessLogger.Log(r, rec.Response())
+            accesslog.PutResponseRecorder(rec)
+        }()
+    }
+    // ... handle request
+}
+```
+
+## Integration Points
+
+The entrypoint integrates with:
+
+- **Route Registry**: HTTP route lookup
+- **Middleware**: Request processing chain
+- **AccessLog**: Request logging
+- **ErrorPage**: 404 error pages
+- **ShortLink**: Short link handling

internal/entrypoint/entrypoint.go

@@ -4,112 +4,44 @@ import (
 	"net/http"
 	"strings"
 	"sync/atomic"
-	"testing"
 
-	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog/log"
+	"github.com/yusing/godoxy/internal/common"
 	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/logging/accesslog"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
+	"github.com/yusing/godoxy/internal/net/gphttp/middleware/errorpage"
+	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/route/rules"
 	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/pool"
 	"github.com/yusing/goutils/task"
 )
 
-type HTTPRoutes interface {
-	Get(alias string) (types.HTTPRoute, bool)
-}
-
-type findRouteFunc func(HTTPRoutes, string) types.HTTPRoute
-
 type Entrypoint struct {
-	task *task.Task
-
-	cfg *Config
-
-	middleware       *middleware.Middleware
-	notFoundHandler  http.Handler
-	accessLogger     accesslog.AccessLogger
-	findRouteFunc    findRouteFunc
-	shortLinkMatcher *ShortLinkMatcher
-
-	streamRoutes   *pool.Pool[types.StreamRoute]
-	excludedRoutes *pool.Pool[types.Route]
-
-	// this only affects future http servers creation
-	httpPoolDisableLog atomic.Bool
-
-	servers *xsync.Map[string, *httpServer] // listen addr -> server
+	middleware      *middleware.Middleware
+	notFoundHandler http.Handler
+	accessLogger    accesslog.AccessLogger
+	findRouteFunc   func(host string) types.HTTPRoute
+	shortLinkTree   *ShortLinkMatcher
 }
 
-var _ entrypoint.Entrypoint = &Entrypoint{}
+// nil-safe
+var ActiveConfig atomic.Pointer[entrypoint.Config]
 
-var emptyCfg Config
-
-func NewTestEntrypoint(tb testing.TB, cfg *Config) *Entrypoint {
-	tb.Helper()
-
-	testTask := task.GetTestTask(tb)
-	ep := NewEntrypoint(testTask, cfg)
-	entrypoint.SetCtx(testTask, ep)
-	return ep
+func init() {
+	// make sure it's not nil
+	ActiveConfig.Store(&entrypoint.Config{})
 }
 
-func NewEntrypoint(parent task.Parent, cfg *Config) *Entrypoint {
-	if cfg == nil {
-		cfg = &emptyCfg
+func NewEntrypoint() Entrypoint {
+	return Entrypoint{
+		findRouteFunc: findRouteAnyDomain,
+		shortLinkTree: newShortLinkTree(),
 	}
-
-	ep := &Entrypoint{
-		task:             parent.Subtask("entrypoint", false),
-		cfg:              cfg,
-		findRouteFunc:    findRouteAnyDomain,
-		shortLinkMatcher: newShortLinkMatcher(),
-		streamRoutes:     pool.New[types.StreamRoute]("stream_routes", "stream_routes"),
-		excludedRoutes:   pool.New[types.Route]("excluded_routes", "excluded_routes"),
-		servers:          xsync.NewMap[string, *httpServer](),
-	}
-	return ep
-}
-
-func (ep *Entrypoint) Task() *task.Task {
-	return ep.task
-}
-
-func (ep *Entrypoint) SupportProxyProtocol() bool {
-	return ep.cfg.SupportProxyProtocol
-}
-
-func (ep *Entrypoint) DisablePoolsLog(v bool) {
-	ep.httpPoolDisableLog.Store(v)
-	// apply to all running http servers
-	for _, srv := range ep.servers.Range {
-		srv.routes.DisableLog(v)
-	}
-	// apply to other pools
-	ep.streamRoutes.DisableLog(v)
-	ep.excludedRoutes.DisableLog(v)
 }
 
 func (ep *Entrypoint) ShortLinkMatcher() *ShortLinkMatcher {
-	return ep.shortLinkMatcher
-}
-
-func (ep *Entrypoint) HTTPRoutes() entrypoint.PoolLike[types.HTTPRoute] {
-	return newHTTPPoolAdapter(ep)
-}
-
-func (ep *Entrypoint) StreamRoutes() entrypoint.PoolLike[types.StreamRoute] {
-	return ep.streamRoutes
-}
-
-func (ep *Entrypoint) ExcludedRoutes() entrypoint.RWPoolLike[types.Route] {
-	return ep.excludedRoutes
-}
-
-func (ep *Entrypoint) GetServer(addr string) (HTTPServer, bool) {
-	return ep.servers.Load(addr)
+	return ep.shortLinkTree
 }
 
 func (ep *Entrypoint) SetFindRouteDomains(domains []string) {
@@ -142,59 +74,128 @@ func (ep *Entrypoint) SetMiddlewares(mws []map[string]any) error {
 }
 
 func (ep *Entrypoint) SetNotFoundRules(rules rules.Rules) {
-	ep.notFoundHandler = rules.BuildHandler(serveNotFound)
+	ep.notFoundHandler = rules.BuildHandler(http.HandlerFunc(ep.serveNotFound))
 }
 
-func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) error {
+func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) (err error) {
 	if cfg == nil {
 		ep.accessLogger = nil
-		return nil
-	}
-
-	accessLogger, err := accesslog.NewAccessLogger(parent, cfg)
-	if err != nil {
 		return err
 	}
 
-	ep.accessLogger = accessLogger
+	ep.accessLogger, err = accesslog.NewAccessLogger(parent, cfg)
+	if err != nil {
+		return err
+	}
 	log.Debug().Msg("entrypoint access logger created")
-	return nil
+	return err
 }
 
-func findRouteAnyDomain(routes HTTPRoutes, host string) types.HTTPRoute {
-	//nolint:modernize
+func (ep *Entrypoint) FindRoute(s string) types.HTTPRoute {
+	return ep.findRouteFunc(s)
+}
+
+func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if ep.accessLogger != nil {
+		rec := accesslog.GetResponseRecorder(w)
+		w = rec
+		defer func() {
+			ep.accessLogger.LogRequest(r, rec.Response())
+			accesslog.PutResponseRecorder(rec)
+		}()
+	}
+
+	route := ep.findRouteFunc(r.Host)
+	switch {
+	case route != nil:
+		r = routes.WithRouteContext(r, route)
+		if ep.middleware != nil {
+			ep.middleware.ServeHTTP(route.ServeHTTP, w, r)
+		} else {
+			route.ServeHTTP(w, r)
+		}
+	case ep.tryHandleShortLink(w, r):
+		return
+	case ep.notFoundHandler != nil:
+		ep.notFoundHandler.ServeHTTP(w, r)
+	default:
+		ep.serveNotFound(w, r)
+	}
+}
+
+func (ep *Entrypoint) tryHandleShortLink(w http.ResponseWriter, r *http.Request) (handled bool) {
+	host := r.Host
+	if before, _, ok := strings.Cut(host, ":"); ok {
+		host = before
+	}
+	if strings.EqualFold(host, common.ShortLinkPrefix) {
+		if ep.middleware != nil {
+			ep.middleware.ServeHTTP(ep.shortLinkTree.ServeHTTP, w, r)
+		} else {
+			ep.shortLinkTree.ServeHTTP(w, r)
+		}
+		return true
+	}
+	return false
+}
+
+func (ep *Entrypoint) serveNotFound(w http.ResponseWriter, r *http.Request) {
+	// Why use StatusNotFound instead of StatusBadRequest or StatusBadGateway?
+	// On nginx, when route for domain does not exist, it returns StatusBadGateway.
+	// Then scraper / scanners will know the subdomain is invalid.
+	// With StatusNotFound, they won't know whether it's the path, or the subdomain that is invalid.
+	if served := middleware.ServeStaticErrorPageFile(w, r); !served {
+		log.Error().
+			Str("method", r.Method).
+			Str("url", r.URL.String()).
+			Str("remote", r.RemoteAddr).
+			Msgf("not found: %s", r.Host)
+		errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
+		if ok {
+			w.WriteHeader(http.StatusNotFound)
+			w.Header().Set("Content-Type", "text/html; charset=utf-8")
+			if _, err := w.Write(errorPage); err != nil {
+				log.Err(err).Msg("failed to write error page")
+			}
+		} else {
+			http.NotFound(w, r)
+		}
+	}
+}
+
+func findRouteAnyDomain(host string) types.HTTPRoute {
 	idx := strings.IndexByte(host, '.')
 	if idx != -1 {
 		target := host[:idx]
-		if r, ok := routes.Get(target); ok {
+		if r, ok := routes.HTTP.Get(target); ok {
 			return r
 		}
 	}
-	if r, ok := routes.Get(host); ok {
+	if r, ok := routes.HTTP.Get(host); ok {
 		return r
 	}
 	// try striping the trailing :port from the host
 	if before, _, ok := strings.Cut(host, ":"); ok {
-		if r, ok := routes.Get(before); ok {
+		if r, ok := routes.HTTP.Get(before); ok {
 			return r
 		}
 	}
 	return nil
 }
 
-func findRouteByDomains(domains []string) func(routes HTTPRoutes, host string) types.HTTPRoute {
-	return func(routes HTTPRoutes, host string) types.HTTPRoute {
+func findRouteByDomains(domains []string) func(host string) types.HTTPRoute {
+	return func(host string) types.HTTPRoute {
 		host, _, _ = strings.Cut(host, ":") // strip the trailing :port
 		for _, domain := range domains {
 			if target, ok := strings.CutSuffix(host, domain); ok {
-				if r, ok := routes.Get(target); ok {
+				if r, ok := routes.HTTP.Get(target); ok {
 					return r
 				}
 			}
 		}
 
 		// fallback to exact match
-		if r, ok := routes.Get(host); ok {
+		if r, ok := routes.HTTP.Get(host); ok {
 			return r
 		}
 		return nil

internal/entrypoint/entrypoint_benchmark_test.go

@@ -10,12 +10,12 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-	"github.com/yusing/godoxy/internal/common"
 	. "github.com/yusing/godoxy/internal/entrypoint"
 	"github.com/yusing/godoxy/internal/route"
+	"github.com/yusing/godoxy/internal/route/routes"
 	routeTypes "github.com/yusing/godoxy/internal/route/types"
 	"github.com/yusing/godoxy/internal/types"
+	"github.com/yusing/goutils/task"
 )
 
 type noopResponseWriter struct {
@@ -48,9 +48,9 @@ func (t noopTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 }
 
 func BenchmarkEntrypointReal(b *testing.B) {
-	ep := NewTestEntrypoint(b, nil)
+	var ep Entrypoint
 	req := http.Request{
-		Method: http.MethodGet,
+		Method: "GET",
 		URL:    &url.URL{Path: "/", RawPath: "/"},
 		Host:   "test.domain.tld",
 	}
@@ -77,48 +77,48 @@ func BenchmarkEntrypointReal(b *testing.B) {
 		b.Fatal(err)
 	}
 
-	r, err := route.NewStartedTestRoute(b, &route.Route{
+	r := &route.Route{
 		Alias:       "test",
 		Scheme:      routeTypes.SchemeHTTP,
 		Host:        host,
-		Port:        route.Port{Listening: 1000, Proxy: portInt},
+		Port:        route.Port{Proxy: portInt},
 		HealthCheck: types.HealthCheckConfig{Disable: true},
-	})
+	}
 
-	require.NoError(b, err)
-	require.False(b, r.ShouldExclude())
+	err = r.Validate()
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	err = r.Start(task.RootTask("test", false))
+	if err != nil {
+		b.Fatal(err)
+	}
 
 	var w noopResponseWriter
 
-	server, ok := ep.GetServer(":1000")
-	if !ok {
-		b.Fatal("server not found")
-	}
-
-	server.ServeHTTP(&w, &req)
-	if w.statusCode != http.StatusOK {
-		b.Fatalf("status code is not 200: %d", w.statusCode)
-	}
-	if string(w.written) != "1" {
-		b.Fatalf("written is not 1: %s", string(w.written))
-	}
-
 	b.ResetTimer()
 	for b.Loop() {
-		server.ServeHTTP(&w, &req)
+		ep.ServeHTTP(&w, &req)
+		// if w.statusCode != http.StatusOK {
+		// 	b.Fatalf("status code is not 200: %d", w.statusCode)
+		// }
+		// if string(w.written) != "1" {
+		// 	b.Fatalf("written is not 1: %s", string(w.written))
+		// }
 	}
 }
 
 func BenchmarkEntrypoint(b *testing.B) {
-	ep := NewTestEntrypoint(b, nil)
+	var ep Entrypoint
 	req := http.Request{
-		Method: http.MethodGet,
+		Method: "GET",
 		URL:    &url.URL{Path: "/", RawPath: "/"},
 		Host:   "test.domain.tld",
 	}
 	ep.SetFindRouteDomains([]string{})
 
-	r, err := route.NewStartedTestRoute(b, &route.Route{
+	r := &route.Route{
 		Alias:  "test",
 		Scheme: routeTypes.SchemeHTTP,
 		Host:   "localhost",
@@ -128,23 +128,29 @@ func BenchmarkEntrypoint(b *testing.B) {
 		HealthCheck: types.HealthCheckConfig{
 			Disable: true,
 		},
-	})
+	}
 
-	require.NoError(b, err)
-	require.False(b, r.ShouldExclude())
+	err := r.Validate()
+	if err != nil {
+		b.Fatal(err)
+	}
 
-	r.(types.ReverseProxyRoute).ReverseProxy().Transport = noopTransport{}
+	err = r.Start(task.RootTask("test", false))
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	rev, ok := routes.HTTP.Get("test")
+	if !ok {
+		b.Fatal("route not found")
+	}
+	rev.(types.ReverseProxyRoute).ReverseProxy().Transport = noopTransport{}
 
 	var w noopResponseWriter
 
-	server, ok := ep.GetServer(common.ProxyHTTPAddr)
-	if !ok {
-		b.Fatal("server not found")
-	}
-
 	b.ResetTimer()
 	for b.Loop() {
-		server.ServeHTTP(&w, &req)
+		ep.ServeHTTP(&w, &req)
 		if w.statusCode != http.StatusOK {
 			b.Fatalf("status code is not 200: %d", w.statusCode)
 		}

internal/entrypoint/entrypoint_test.go

@@ -3,70 +3,48 @@ package entrypoint_test
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	. "github.com/yusing/godoxy/internal/entrypoint"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
-	routeTypes "github.com/yusing/godoxy/internal/route/types"
-	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/task"
+	"github.com/yusing/godoxy/internal/route/routes"
+
 	expect "github.com/yusing/goutils/testing"
 )
 
-func addRoute(t *testing.T, alias string) {
-	t.Helper()
+var ep = NewEntrypoint()
 
-	ep := entrypoint.FromCtx(task.GetTestTask(t).Context())
-	require.NotNil(t, ep)
-
-	_, err := route.NewStartedTestRoute(t, &route.Route{
-		Alias:  alias,
-		Scheme: routeTypes.SchemeHTTP,
-		Port: route.Port{
-			Listening: 1000,
-			Proxy:     8080,
-		},
-		HealthCheck: types.HealthCheckConfig{
-			Disable: true,
+func addRoute(alias string) {
+	routes.HTTP.Add(&route.ReveseProxyRoute{
+		Route: &route.Route{
+			Alias: alias,
+			Port: route.Port{
+				Proxy: 80,
+			},
 		},
 	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	route, ok := ep.HTTPRoutes().Get(alias)
-	require.True(t, ok, "route not found")
-	require.NotNil(t, route)
 }
 
-func run(t *testing.T, ep *Entrypoint, match []string, noMatch []string) {
+func run(t *testing.T, match []string, noMatch []string) {
 	t.Helper()
-
-	server, ok := ep.GetServer(":1000")
-	require.True(t, ok, "server not found")
-	require.NotNil(t, server)
+	t.Cleanup(routes.Clear)
+	t.Cleanup(func() { ep.SetFindRouteDomains(nil) })
 
 	for _, test := range match {
 		t.Run(test, func(t *testing.T) {
-			route := server.FindRoute(test)
-			assert.NotNil(t, route)
+			found := ep.FindRoute(test)
+			expect.NotNil(t, found)
 		})
 	}
 
 	for _, test := range noMatch {
 		t.Run(test, func(t *testing.T) {
-			found, ok := ep.HTTPRoutes().Get(test)
-			assert.False(t, ok)
-			assert.Nil(t, found)
+			found := ep.FindRoute(test)
+			expect.Nil(t, found)
 		})
 	}
 }
 
 func TestFindRouteAnyDomain(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	addRoute(t, "app1")
+	addRoute("app1")
 
 	tests := []string{
 		"app1.com",
@@ -80,12 +58,10 @@ func TestFindRouteAnyDomain(t *testing.T) {
 		"app2.sub.domain.com",
 	}
 
-	run(t, ep, tests, testsNoMatch)
+	run(t, tests, testsNoMatch)
 }
 
 func TestFindRouteExactHostMatch(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
 	tests := []string{
 		"app2.com",
 		"app2.domain.com",
@@ -99,20 +75,19 @@ func TestFindRouteExactHostMatch(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		addRoute(t, test)
+		addRoute(test)
 	}
 
-	run(t, ep, tests, testsNoMatch)
+	run(t, tests, testsNoMatch)
 }
 
 func TestFindRouteByDomains(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
 	ep.SetFindRouteDomains([]string{
 		".domain.com",
 		".sub.domain.com",
 	})
 
-	addRoute(t, "app1")
+	addRoute("app1")
 
 	tests := []string{
 		"app1.domain.com",
@@ -128,17 +103,16 @@ func TestFindRouteByDomains(t *testing.T) {
 		"app2.sub.domain.com",
 	}
 
-	run(t, ep, tests, testsNoMatch)
+	run(t, tests, testsNoMatch)
 }
 
 func TestFindRouteByDomainsExactMatch(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
 	ep.SetFindRouteDomains([]string{
 		".domain.com",
 		".sub.domain.com",
 	})
 
-	addRoute(t, "app1.foo.bar")
+	addRoute("app1.foo.bar")
 
 	tests := []string{
 		"app1.foo.bar", // exact match
@@ -152,14 +126,13 @@ func TestFindRouteByDomainsExactMatch(t *testing.T) {
 		"app1.sub.domain.com",
 	}
 
-	run(t, ep, tests, testsNoMatch)
+	run(t, tests, testsNoMatch)
 }
 
 func TestFindRouteWithPort(t *testing.T) {
 	t.Run("AnyDomain", func(t *testing.T) {
-		ep := NewTestEntrypoint(t, nil)
-		addRoute(t, "app1")
-		addRoute(t, "app2.com")
+		addRoute("app1")
+		addRoute("app2.com")
 
 		tests := []string{
 			"app1:8080",
@@ -171,17 +144,16 @@ func TestFindRouteWithPort(t *testing.T) {
 			"app2.co",
 			"app2.co:8080",
 		}
-		run(t, ep, tests, testsNoMatch)
+		run(t, tests, testsNoMatch)
 	})
 
 	t.Run("ByDomains", func(t *testing.T) {
-		ep := NewTestEntrypoint(t, nil)
 		ep.SetFindRouteDomains([]string{
 			".domain.com",
 		})
-		addRoute(t, "app1")
-		addRoute(t, "app2")
-		addRoute(t, "app3.domain.com")
+		addRoute("app1")
+		addRoute("app2")
+		addRoute("app3.domain.com")
 
 		tests := []string{
 			"app1.domain.com:8080",
@@ -197,120 +169,6 @@ func TestFindRouteWithPort(t *testing.T) {
 			"app3.domain.co",
 			"app3.domain.co:8080",
 		}
-		run(t, ep, tests, testsNoMatch)
+		run(t, tests, testsNoMatch)
 	})
 }
-
-func TestHealthInfoQueries(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	// Add routes without health monitors (default case)
-	addRoute(t, "app1")
-	addRoute(t, "app2")
-
-	// Test GetHealthInfo
-	t.Run("GetHealthInfo", func(t *testing.T) {
-		info := ep.GetHealthInfo()
-		expect.Equal(t, 2, len(info))
-		for _, health := range info {
-			expect.Equal(t, types.StatusUnknown, health.Status)
-			expect.Equal(t, "n/a", health.Detail)
-		}
-	})
-
-	// Test GetHealthInfoWithoutDetail
-	t.Run("GetHealthInfoWithoutDetail", func(t *testing.T) {
-		info := ep.GetHealthInfoWithoutDetail()
-		expect.Equal(t, 2, len(info))
-		for _, health := range info {
-			expect.Equal(t, types.StatusUnknown, health.Status)
-		}
-	})
-
-	// Test GetHealthInfoSimple
-	t.Run("GetHealthInfoSimple", func(t *testing.T) {
-		info := ep.GetHealthInfoSimple()
-		expect.Equal(t, 2, len(info))
-		for _, status := range info {
-			expect.Equal(t, types.StatusUnknown, status)
-		}
-	})
-}
-
-func TestRoutesByProvider(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	// Add routes with provider info
-	addRoute(t, "app1")
-	addRoute(t, "app2")
-
-	byProvider := ep.RoutesByProvider()
-	expect.Equal(t, 1, len(byProvider)) // All routes are from same implicit provider
-
-	routes, ok := byProvider[""]
-	expect.True(t, ok)
-	expect.Equal(t, 2, len(routes))
-}
-
-func TestNumRoutes(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	expect.Equal(t, 0, ep.NumRoutes())
-
-	addRoute(t, "app1")
-	expect.Equal(t, 1, ep.NumRoutes())
-
-	addRoute(t, "app2")
-	expect.Equal(t, 2, ep.NumRoutes())
-}
-
-func TestIterRoutes(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	addRoute(t, "app1")
-	addRoute(t, "app2")
-	addRoute(t, "app3")
-
-	count := 0
-	for r := range ep.IterRoutes {
-		count++
-		expect.NotNil(t, r)
-	}
-	expect.Equal(t, 3, count)
-}
-
-func TestGetRoute(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	// Route not found case
-	_, ok := ep.GetRoute("nonexistent")
-	expect.False(t, ok)
-
-	addRoute(t, "app1")
-
-	route, ok := ep.GetRoute("app1")
-	expect.True(t, ok)
-	expect.NotNil(t, route)
-}
-
-func TestHTTPRoutesPool(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	pool := ep.HTTPRoutes()
-	expect.Equal(t, 0, pool.Size())
-
-	addRoute(t, "app1")
-	expect.Equal(t, 1, pool.Size())
-
-	// Verify route is accessible
-	route, ok := pool.Get("app1")
-	expect.True(t, ok)
-	expect.NotNil(t, route)
-}
-
-func TestExcludedRoutesPool(t *testing.T) {
-	ep := NewTestEntrypoint(t, nil)
-
-	excludedPool := ep.ExcludedRoutes()
-	expect.Equal(t, 0, excludedPool.Size())
-}

internal/entrypoint/http_pool_adapter.go

@@ -1,51 +0,0 @@
-package entrypoint
-
-import (
-	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/godoxy/internal/types"
-)
-
-// httpPoolAdapter implements the PoolLike interface for the HTTP routes.
-type httpPoolAdapter struct {
-	ep *Entrypoint
-}
-
-func newHTTPPoolAdapter(ep *Entrypoint) httpPoolAdapter {
-	return httpPoolAdapter{ep: ep}
-}
-
-func (h httpPoolAdapter) Iter(yield func(alias string, route types.HTTPRoute) bool) {
-	for addr, srv := range h.ep.servers.Range {
-		// default routes are added to both HTTP and HTTPS servers, we don't need to iterate over them twice.
-		if addr == common.ProxyHTTPSAddr {
-			continue
-		}
-		for alias, route := range srv.routes.Iter {
-			if !yield(alias, route) {
-				return
-			}
-		}
-	}
-}
-
-func (h httpPoolAdapter) Get(alias string) (types.HTTPRoute, bool) {
-	for addr, srv := range h.ep.servers.Range {
-		if addr == common.ProxyHTTPSAddr {
-			continue
-		}
-		if route, ok := srv.routes.Get(alias); ok {
-			return route, true
-		}
-	}
-	return nil, false
-}
-
-func (h httpPoolAdapter) Size() (n int) {
-	for addr, srv := range h.ep.servers.Range {
-		if addr == common.ProxyHTTPSAddr {
-			continue
-		}
-		n += srv.routes.Size()
-	}
-	return
-}

internal/entrypoint/http_server.go

@@ -1,175 +0,0 @@
-package entrypoint
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/rs/zerolog/log"
-	acl "github.com/yusing/godoxy/internal/acl/types"
-	autocert "github.com/yusing/godoxy/internal/autocert/types"
-	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/godoxy/internal/logging/accesslog"
-	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
-	"github.com/yusing/godoxy/internal/net/gphttp/middleware/errorpage"
-	"github.com/yusing/godoxy/internal/route/routes"
-	"github.com/yusing/godoxy/internal/types"
-	"github.com/yusing/goutils/pool"
-	"github.com/yusing/goutils/server"
-)
-
-// HTTPServer is a server that listens on a given address and serves HTTP routes.
-type HTTPServer interface {
-	Listen(addr string, proto HTTPProto) error
-	AddRoute(route types.HTTPRoute)
-	DelRoute(route types.HTTPRoute)
-	FindRoute(s string) types.HTTPRoute
-	ServeHTTP(w http.ResponseWriter, r *http.Request)
-}
-
-type httpServer struct {
-	ep *Entrypoint
-
-	stopFunc func(reason any)
-
-	addr   string
-	routes *pool.Pool[types.HTTPRoute]
-}
-
-type HTTPProto string
-
-const (
-	HTTPProtoHTTP  HTTPProto = "http"
-	HTTPProtoHTTPS HTTPProto = "https"
-)
-
-func NewHTTPServer(ep *Entrypoint) HTTPServer {
-	return newHTTPServer(ep)
-}
-
-func newHTTPServer(ep *Entrypoint) *httpServer {
-	return &httpServer{ep: ep}
-}
-
-// Listen starts the server and stop when entrypoint is stopped.
-func (srv *httpServer) Listen(addr string, proto HTTPProto) error {
-	if srv.addr != "" {
-		return errors.New("server already started")
-	}
-
-	opts := server.Options{
-		Name:                 addr,
-		Handler:              srv,
-		ACL:                  acl.FromCtx(srv.ep.task.Context()),
-		SupportProxyProtocol: srv.ep.cfg.SupportProxyProtocol,
-	}
-
-	switch proto {
-	case HTTPProtoHTTP:
-		opts.HTTPAddr = addr
-	case HTTPProtoHTTPS:
-		opts.HTTPSAddr = addr
-		opts.CertProvider = autocert.FromCtx(srv.ep.task.Context())
-	}
-
-	task := srv.ep.task.Subtask("http_server", false)
-	_, err := server.StartServer(task, opts)
-	if err != nil {
-		return err
-	}
-	srv.stopFunc = task.FinishAndWait
-	srv.addr = addr
-	srv.routes = pool.New[types.HTTPRoute](fmt.Sprintf("[%s] %s", proto, addr), "http_routes")
-	srv.routes.DisableLog(srv.ep.httpPoolDisableLog.Load())
-	return nil
-}
-
-func (srv *httpServer) Close() {
-	if srv.stopFunc == nil {
-		return
-	}
-	srv.stopFunc(nil)
-}
-
-func (srv *httpServer) AddRoute(route types.HTTPRoute) {
-	srv.routes.Add(route)
-}
-
-func (srv *httpServer) DelRoute(route types.HTTPRoute) {
-	srv.routes.Del(route)
-}
-
-func (srv *httpServer) FindRoute(s string) types.HTTPRoute {
-	return srv.ep.findRouteFunc(srv.routes, s)
-}
-
-func (srv *httpServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if srv.ep.accessLogger != nil {
-		rec := accesslog.GetResponseRecorder(w)
-		w = rec
-		defer func() {
-			// there is no body to close
-			//nolint:bodyclose
-			srv.ep.accessLogger.LogRequest(r, rec.Response())
-			accesslog.PutResponseRecorder(rec)
-		}()
-	}
-
-	route := srv.ep.findRouteFunc(srv.routes, r.Host)
-	switch {
-	case route != nil:
-		r = routes.WithRouteContext(r, route)
-		if srv.ep.middleware != nil {
-			srv.ep.middleware.ServeHTTP(route.ServeHTTP, w, r)
-		} else {
-			route.ServeHTTP(w, r)
-		}
-	case srv.tryHandleShortLink(w, r):
-		return
-	case srv.ep.notFoundHandler != nil:
-		srv.ep.notFoundHandler.ServeHTTP(w, r)
-	default:
-		serveNotFound(w, r)
-	}
-}
-
-func (srv *httpServer) tryHandleShortLink(w http.ResponseWriter, r *http.Request) (handled bool) {
-	host := r.Host
-	if before, _, ok := strings.Cut(host, ":"); ok {
-		host = before
-	}
-	if strings.EqualFold(host, common.ShortLinkPrefix) {
-		if srv.ep.middleware != nil {
-			srv.ep.middleware.ServeHTTP(srv.ep.shortLinkMatcher.ServeHTTP, w, r)
-		} else {
-			srv.ep.shortLinkMatcher.ServeHTTP(w, r)
-		}
-		return true
-	}
-	return false
-}
-
-func serveNotFound(w http.ResponseWriter, r *http.Request) {
-	// Why use StatusNotFound instead of StatusBadRequest or StatusBadGateway?
-	// On nginx, when route for domain does not exist, it returns StatusBadGateway.
-	// Then scraper / scanners will know the subdomain is invalid.
-	// With StatusNotFound, they won't know whether it's the path, or the subdomain that is invalid.
-	if served := middleware.ServeStaticErrorPageFile(w, r); !served {
-		log.Warn().
-			Str("method", r.Method).
-			Str("url", r.URL.String()).
-			Str("remote", r.RemoteAddr).
-			Msgf("not found: %s", r.Host)
-		errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
-		if ok {
-			w.Header().Set("Content-Type", "text/html; charset=utf-8")
-			w.WriteHeader(http.StatusNotFound)
-			if _, err := w.Write(errorPage); err != nil {
-				log.Err(err).Msg("failed to write error page")
-			}
-		} else {
-			http.NotFound(w, r)
-		}
-	}
-}

internal/entrypoint/query.go

@@ -1,92 +0,0 @@
-package entrypoint
-
-import (
-	"github.com/yusing/godoxy/internal/types"
-)
-
-// GetHealthInfo returns a map of route name to health info.
-//
-// The health info is for all routes, including excluded routes.
-func (ep *Entrypoint) GetHealthInfo() map[string]types.HealthInfo {
-	healthMap := make(map[string]types.HealthInfo, ep.NumRoutes())
-	for r := range ep.IterRoutes {
-		healthMap[r.Name()] = getHealthInfo(r)
-	}
-	return healthMap
-}
-
-// GetHealthInfoWithoutDetail returns a map of route name to health info without detail.
-//
-// The health info is for all routes, including excluded routes.
-func (ep *Entrypoint) GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail {
-	healthMap := make(map[string]types.HealthInfoWithoutDetail, ep.NumRoutes())
-	for r := range ep.IterRoutes {
-		healthMap[r.Name()] = getHealthInfoWithoutDetail(r)
-	}
-	return healthMap
-}
-
-// GetHealthInfoSimple returns a map of route name to health status.
-//
-// The health status is for all routes, including excluded routes.
-func (ep *Entrypoint) GetHealthInfoSimple() map[string]types.HealthStatus {
-	healthMap := make(map[string]types.HealthStatus, ep.NumRoutes())
-	for r := range ep.IterRoutes {
-		healthMap[r.Name()] = getHealthInfoSimple(r)
-	}
-	return healthMap
-}
-
-// RoutesByProvider returns a map of provider name to routes.
-//
-// The routes are all routes, including excluded routes.
-func (ep *Entrypoint) RoutesByProvider() map[string][]types.Route {
-	rts := make(map[string][]types.Route)
-	for r := range ep.IterRoutes {
-		providerName := r.ProviderName()
-		rts[providerName] = append(rts[providerName], r)
-	}
-	return rts
-}
-
-func getHealthInfo(r types.Route) types.HealthInfo {
-	mon := r.HealthMonitor()
-	if mon == nil {
-		return types.HealthInfo{
-			HealthInfoWithoutDetail: types.HealthInfoWithoutDetail{
-				Status: types.StatusUnknown,
-			},
-			Detail: "n/a",
-		}
-	}
-	return types.HealthInfo{
-		HealthInfoWithoutDetail: types.HealthInfoWithoutDetail{
-			Status:  mon.Status(),
-			Uptime:  mon.Uptime(),
-			Latency: mon.Latency(),
-		},
-		Detail: mon.Detail(),
-	}
-}
-
-func getHealthInfoWithoutDetail(r types.Route) types.HealthInfoWithoutDetail {
-	mon := r.HealthMonitor()
-	if mon == nil {
-		return types.HealthInfoWithoutDetail{
-			Status: types.StatusUnknown,
-		}
-	}
-	return types.HealthInfoWithoutDetail{
-		Status:  mon.Status(),
-		Uptime:  mon.Uptime(),
-		Latency: mon.Latency(),
-	}
-}
-
-func getHealthInfoSimple(r types.Route) types.HealthStatus {
-	mon := r.HealthMonitor()
-	if mon == nil {
-		return types.StatusUnknown
-	}
-	return mon.Status()
-}

internal/entrypoint/routes.go

@@ -1,146 +0,0 @@
-package entrypoint
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"strconv"
-
-	"github.com/yusing/godoxy/internal/common"
-	"github.com/yusing/godoxy/internal/types"
-)
-
-func (ep *Entrypoint) IterRoutes(yield func(r types.Route) bool) {
-	for _, r := range ep.HTTPRoutes().Iter {
-		if !yield(r) {
-			return
-		}
-	}
-	for _, r := range ep.streamRoutes.Iter {
-		if !yield(r) {
-			return
-		}
-	}
-	for _, r := range ep.excludedRoutes.Iter {
-		if !yield(r) {
-			return
-		}
-	}
-}
-
-func (ep *Entrypoint) NumRoutes() int {
-	return ep.HTTPRoutes().Size() + ep.streamRoutes.Size() + ep.excludedRoutes.Size()
-}
-
-func (ep *Entrypoint) GetRoute(alias string) (types.Route, bool) {
-	if r, ok := ep.HTTPRoutes().Get(alias); ok {
-		return r, true
-	}
-	if r, ok := ep.streamRoutes.Get(alias); ok {
-		return r, true
-	}
-	if r, ok := ep.excludedRoutes.Get(alias); ok {
-		return r, true
-	}
-	return nil, false
-}
-
-func (ep *Entrypoint) StartAddRoute(r types.Route) error {
-	if r.ShouldExclude() {
-		ep.excludedRoutes.Add(r)
-		r.Task().OnCancel("remove_route", func() {
-			ep.excludedRoutes.Del(r)
-		})
-		return nil
-	}
-	switch r := r.(type) {
-	case types.HTTPRoute:
-		if err := ep.AddHTTPRoute(r); err != nil {
-			return err
-		}
-		ep.shortLinkMatcher.AddRoute(r.Key())
-		r.Task().OnCancel("remove_route", func() {
-			ep.delHTTPRoute(r)
-			ep.shortLinkMatcher.DelRoute(r.Key())
-		})
-	case types.StreamRoute:
-		err := r.ListenAndServe(r.Task().Context(), nil, nil)
-		if err != nil {
-			return err
-		}
-		ep.streamRoutes.Add(r)
-
-		r.Task().OnCancel("remove_route", func() {
-			r.Stream().Close()
-			ep.streamRoutes.Del(r)
-		})
-	default:
-		return fmt.Errorf("unknown route type: %T", r)
-	}
-	return nil
-}
-
-func getAddr(route types.HTTPRoute) (httpAddr, httpsAddr string) {
-	if port := route.ListenURL().Port(); port == "" || port == "0" {
-		host := route.ListenURL().Hostname()
-		if host == "" {
-			httpAddr = common.ProxyHTTPAddr
-			httpsAddr = common.ProxyHTTPSAddr
-		} else {
-			httpAddr = net.JoinHostPort(host, strconv.Itoa(common.ProxyHTTPPort))
-			httpsAddr = net.JoinHostPort(host, strconv.Itoa(common.ProxyHTTPSPort))
-		}
-		return httpAddr, httpsAddr
-	}
-
-	httpsAddr = route.ListenURL().Host
-	return
-}
-
-// AddHTTPRoute adds a HTTP route to the entrypoint's server.
-//
-// If the server does not exist, it will be created, started and return any error.
-func (ep *Entrypoint) AddHTTPRoute(route types.HTTPRoute) error {
-	httpAddr, httpsAddr := getAddr(route)
-	var httpErr, httpsErr error
-	if httpAddr != "" {
-		httpErr = ep.addHTTPRoute(route, httpAddr, HTTPProtoHTTP)
-	}
-	if httpsAddr != "" {
-		httpsErr = ep.addHTTPRoute(route, httpsAddr, HTTPProtoHTTPS)
-	}
-	return errors.Join(httpErr, httpsErr)
-}
-
-func (ep *Entrypoint) addHTTPRoute(route types.HTTPRoute, addr string, proto HTTPProto) error {
-	var err error
-	srv, _ := ep.servers.LoadOrCompute(addr, func() (newSrv *httpServer, cancel bool) {
-		newSrv = newHTTPServer(ep)
-		err = newSrv.Listen(addr, proto)
-		cancel = err != nil
-		return
-	})
-	if err != nil {
-		return err
-	}
-
-	srv.AddRoute(route)
-	return nil
-}
-
-func (ep *Entrypoint) delHTTPRoute(route types.HTTPRoute) {
-	httpAddr, httpsAddr := getAddr(route)
-	if httpAddr != "" {
-		srv, _ := ep.servers.Load(httpAddr)
-		if srv != nil {
-			srv.DelRoute(route)
-		}
-	}
-	if httpsAddr != "" {
-		srv, _ := ep.servers.Load(httpsAddr)
-		if srv != nil {
-			srv.DelRoute(route)
-		}
-	}
-	// TODO: close server if no routes are left
-}