refactor: improve error interceptor

internal/config.go

@@ -18,6 +18,7 @@ limitations under the License.
 import (
 	"fmt"
 	"github.com/jkaninda/goma-gateway/internal/middleware"
+	error_interceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"github.com/jkaninda/goma-gateway/util"
 	"golang.org/x/oauth2"
@@ -27,6 +28,7 @@ import (
 	"golang.org/x/oauth2/gitlab"
 	"golang.org/x/oauth2/google"
 	"gopkg.in/yaml.v3"
+	"net/http"
 	"os"
 )
 
@@ -180,11 +182,24 @@ func initConfig(configFile string) error {
 					Middlewares: []string{"basic-auth", "api-forbidden-paths"},
 				},
 				{
-					Path:            "/",
+					Path:  "/",
-					Name:            "Hostname and load balancing example",
+					Name:  "Hostname and load balancing example",
-					Hosts:           []string{"example.com", "example.localhost"},
+					Hosts: []string{"example.com", "example.localhost"},
-					InterceptErrors: []int{404, 405, 500},
+					//InterceptErrors: []int{404, 405, 500},
-					RateLimit:       60,
+					ErrorInterceptor: error_interceptor.ErrorInterceptor{
+						ContentType: applicationJson,
+						Errors: []error_interceptor.Error{
+							{
+								Code:    http.StatusUnauthorized,
+								Message: http.StatusText(http.StatusUnauthorized),
+							},
+							{
+								Code:    http.StatusInternalServerError,
+								Message: http.StatusText(http.StatusInternalServerError),
+							},
+						},
+					},
+					RateLimit: 60,
 					Backends: []string{
 						"https://example.com",
 						"https://example2.com",

internal/middleware/access-middleware.go

@@ -16,7 +16,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 import (
-	"encoding/json"
 	"fmt"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"github.com/jkaninda/goma-gateway/util"
@@ -31,16 +30,7 @@ func (blockList AccessListMiddleware) AccessMiddleware(next http.Handler) http.H
 		for _, block := range blockList.List {
 			if isPathBlocked(r.URL.Path, util.ParseURLPath(blockList.Path+block)) {
 				logger.Error("%s: %s access forbidden", getRealIP(r), r.URL.Path)
-				w.Header().Set("Content-Type", "application/json")
+				RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d you do not have permission to access this resource", http.StatusForbidden), blockList.ErrorInterceptor)
-				w.WriteHeader(http.StatusForbidden)
-				err := json.NewEncoder(w).Encode(ProxyResponseError{
-					Success: false,
-					Code:    http.StatusForbidden,
-					Message: fmt.Sprintf("You do not have permission to access this resource"),
-				})
-				if err != nil {
-					return
-				}
 				return
 			}
 		}

internal/middleware/block-common-exploits.go

@@ -18,15 +18,19 @@
 package middleware
 
 import (
-	"encoding/json"
 	"fmt"
+	errorinterceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"net/http"
 	"regexp"
 )
 
+type BlockCommon struct {
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
+}
+
 // BlockExploitsMiddleware Middleware to block common exploits
-func BlockExploitsMiddleware(next http.Handler) http.Handler {
+func (blockCommon BlockCommon) BlockExploitsMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Patterns to detect SQL injection attempts
 		sqlInjectionPattern := regexp.MustCompile(sqlPatterns)
@@ -42,36 +46,18 @@ func BlockExploitsMiddleware(next http.Handler) http.Handler {
 			pathTraversalPattern.MatchString(r.URL.Path) ||
 			xssPattern.MatchString(r.URL.RawQuery) {
 			logger.Error("%s: %s Forbidden - Potential exploit detected", getRealIP(r), r.URL.Path)
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor)
-			w.WriteHeader(http.StatusForbidden)
-			err := json.NewEncoder(w).Encode(ProxyResponseError{
-				Success: false,
-				Code:    http.StatusForbidden,
-				Message: fmt.Sprintf("Forbidden - Potential exploit detected"),
-			})
-			if err != nil {
-				return
-			}
 			return
-		}
 
+		}
 		// Check form data (for POST requests)
 		if r.Method == http.MethodPost {
 			if err := r.ParseForm(); err == nil {
 				for _, values := range r.Form {
 					for _, value := range values {
 						if sqlInjectionPattern.MatchString(value) || xssPattern.MatchString(value) {
-							logger.Error("%s: %s Forbidden - Potential exploit detected", getRealIP(r), r.URL.Path)
+							logger.Error("%s: %s %s Forbidden - Potential exploit detected", getRealIP(r), r.Method, r.URL.Path)
-							w.Header().Set("Content-Type", "application/json")
+							RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor)
-							w.WriteHeader(http.StatusForbidden)
-							err := json.NewEncoder(w).Encode(ProxyResponseError{
-								Success: false,
-								Code:    http.StatusForbidden,
-								Message: fmt.Sprintf("Forbidden - Potential exploit detected"),
-							})
-							if err != nil {
-								return
-							}
 							return
 						}
 					}

internal/middleware/error-interceptor.go

@@ -22,6 +22,7 @@ import (
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"io"
 	"net/http"
+	"slices"
 )
 
 func newResponseRecorder(w http.ResponseWriter) *responseRecorder {
@@ -62,6 +63,7 @@ func (intercept InterceptErrors) ErrorInterceptor(next http.Handler) http.Handle
 			if err != nil {
 				return
 			}
+			return
 		} else {
 			// No error: write buffered response to client
 			w.WriteHeader(rec.statusCode)
@@ -69,18 +71,12 @@ func (intercept InterceptErrors) ErrorInterceptor(next http.Handler) http.Handle
 			if err != nil {
 				return
 			}
+			return
 
 		}
 
 	})
 }
 func canIntercept(code int, errors []int) bool {
-	for _, er := range errors {
+	return slices.Contains(errors, code)
-		if er == code {
-			return true
-		}
-		continue
-
-	}
-	return false
 }

internal/middleware/helpers.go

@@ -17,7 +17,12 @@
 
 package middleware
 
-import "net/http"
+import (
+	"encoding/json"
+	"fmt"
+	errorinterceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
+	"net/http"
+)
 
 func getRealIP(r *http.Request) string {
 	if ip := r.Header.Get("X-Real-IP"); ip != "" {
@@ -38,3 +43,53 @@ func allowedOrigin(origins []string, origin string) bool {
 	return false
 
 }
+func canInterceptError(code int, errors []errorinterceptor.Error) bool {
+	for _, er := range errors {
+		if er.Code == code {
+			return true
+		}
+		continue
+
+	}
+	return false
+}
+func errMessage(code int, errors []errorinterceptor.Error) (string, error) {
+	for _, er := range errors {
+		if er.Code == code {
+			if len(er.Message) != 0 {
+				return er.Message, nil
+			}
+			continue
+		}
+	}
+	return "", fmt.Errorf("%d errors occurred", code)
+}
+
+// RespondWithError is a helper function to handle error responses with flexible content type
+func RespondWithError(w http.ResponseWriter, statusCode int, logMessage string, errorIntercept errorinterceptor.ErrorInterceptor) {
+	message, err := errMessage(statusCode, errorIntercept.Errors)
+	if err != nil {
+		message = logMessage
+	}
+	if errorIntercept.ContentType == errorinterceptor.ApplicationJson {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(statusCode)
+		err := json.NewEncoder(w).Encode(ProxyResponseError{
+			Success: false,
+			Code:    statusCode,
+			Message: message,
+		})
+		if err != nil {
+			return
+		}
+		return
+	} else {
+		w.Header().Set("Content-Type", "plain/text;charset=utf-8")
+		w.WriteHeader(statusCode)
+		_, err2 := w.Write([]byte(message))
+		if err2 != nil {
+			return
+		}
+		return
+	}
+}

internal/middleware/middleware.go

@@ -17,7 +17,6 @@ limitations under the License.
 */
 import (
 	"encoding/base64"
-	"encoding/json"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"io"
 	"net/http"
@@ -38,48 +37,23 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
 				if allowedOrigin(jwtAuth.Origins, r.Header.Get("Origin")) {
 					w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
 				}
-				w.WriteHeader(http.StatusUnauthorized)
+				RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), jwtAuth.ErrorInterceptor)
-				err := json.NewEncoder(w).Encode(ProxyResponseError{
-					Message: http.StatusText(http.StatusUnauthorized),
-					Code:    http.StatusUnauthorized,
-					Success: false,
-				})
-				if err != nil {
-					return
-				}
 				return
+
 			}
 		}
 		//token := r.Header.Get("Authorization")
 		authURL, err := url.Parse(jwtAuth.AuthURL)
 		if err != nil {
 			logger.Error("Error parsing auth URL: %v", err)
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), jwtAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusInternalServerError)
-			err = json.NewEncoder(w).Encode(ProxyResponseError{
-				Message: "Internal Server Error",
-				Code:    http.StatusInternalServerError,
-				Success: false,
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 		// Create a new request for /authentication
 		authReq, err := http.NewRequest("GET", authURL.String(), nil)
 		if err != nil {
 			logger.Error("Proxy error creating authentication request: %v", err)
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), jwtAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusInternalServerError)
-			err = json.NewEncoder(w).Encode(ProxyResponseError{
-				Message: "Internal Server Error",
-				Code:    http.StatusInternalServerError,
-				Success: false,
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 		logger.Trace("JWT Auth response headers: %v", authReq.Header)
@@ -99,16 +73,7 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
 		if err != nil || authResp.StatusCode != http.StatusOK {
 			logger.Debug("%s %s %s %s", r.Method, getRealIP(r), r.URL, r.UserAgent())
 			logger.Debug("Proxy authentication error")
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), jwtAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusUnauthorized)
-			err = json.NewEncoder(w).Encode(ProxyResponseError{
-				Message: "Unauthorized",
-				Code:    http.StatusUnauthorized,
-				Success: false,
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 		defer func(Body io.ReadCloser) {
@@ -146,31 +111,14 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
 		if authHeader == "" {
 			logger.Debug("Proxy error, missing Authorization header")
 			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusUnauthorized)
-			err := json.NewEncoder(w).Encode(ProxyResponseError{
-				Success: false,
-				Code:    http.StatusUnauthorized,
-				Message: http.StatusText(http.StatusUnauthorized),
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 		// Check if the Authorization header contains "Basic" scheme
 		if !strings.HasPrefix(authHeader, "Basic ") {
 			logger.Error("Proxy error, missing Basic Authorization header")
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusUnauthorized)
+
-			err := json.NewEncoder(w).Encode(ProxyResponseError{
-				Success: false,
-				Code:    http.StatusUnauthorized,
-				Message: http.StatusText(http.StatusUnauthorized),
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 
@@ -178,16 +126,7 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
 		payload, err := base64.StdEncoding.DecodeString(authHeader[len("Basic "):])
 		if err != nil {
 			logger.Debug("Proxy error, missing Basic Authorization header")
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusUnauthorized)
-			err := json.NewEncoder(w).Encode(ProxyResponseError{
-				Success: false,
-				Code:    http.StatusUnauthorized,
-				Message: http.StatusText(http.StatusUnauthorized),
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 
@@ -195,16 +134,7 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
 		pair := strings.SplitN(string(payload), ":", 2)
 		if len(pair) != 2 || pair[0] != basicAuth.Username || pair[1] != basicAuth.Password {
 			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
-			w.Header().Set("Content-Type", "application/json")
+			RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor)
-			w.WriteHeader(http.StatusUnauthorized)
-			err := json.NewEncoder(w).Encode(ProxyResponseError{
-				Success: false,
-				Code:    http.StatusUnauthorized,
-				Message: http.StatusText(http.StatusUnauthorized),
-			})
-			if err != nil {
-				return
-			}
 			return
 		}
 

internal/middleware/rate-limit.go

@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 import (
-	"encoding/json"
+	"fmt"
 	"github.com/gorilla/mux"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"net/http"
@@ -28,20 +28,17 @@ func (rl *TokenRateLimiter) RateLimitMiddleware() mux.MiddlewareFunc {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			if !rl.Allow() {
+				logger.Error("Too many requests from IP: %s %s %s", getRealIP(r), r.URL, r.UserAgent())
+				//RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor)
+
 				// Rate limit exceeded, return a 429 Too Many Requests response
-				w.Header().Set("Content-Type", "application/json")
 				w.WriteHeader(http.StatusTooManyRequests)
-				err := json.NewEncoder(w).Encode(ProxyResponseError{
+				_, err := w.Write([]byte(fmt.Sprintf("%d Too many requests, API rate limit exceeded. Please try again later", http.StatusTooManyRequests)))
-					Success: false,
-					Code:    http.StatusTooManyRequests,
-					Message: "Too many requests, API rate limit exceeded. Please try again later.",
-				})
 				if err != nil {
 					return
 				}
 				return
 			}
-
 			// Proceed to the next handler if rate limit is not exceeded
 			next.ServeHTTP(w, r)
 		})
@@ -66,21 +63,12 @@ func (rl *RateLimiter) RateLimitMiddleware() mux.MiddlewareFunc {
 			rl.mu.Unlock()
 
 			if client.RequestCount > rl.Requests {
-				logger.Debug("Too many requests from IP: %s %s %s", clientID, r.URL, r.UserAgent())
+				logger.Error("Too many requests from IP: %s %s %s", clientID, r.URL, r.UserAgent())
-				w.Header().Set("Content-Type", "application/json")
-				w.WriteHeader(http.StatusTooManyRequests)
 				//Update Origin Cors Headers
 				if allowedOrigin(rl.Origins, r.Header.Get("Origin")) {
 					w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
 				}
-				err := json.NewEncoder(w).Encode(ProxyResponseError{
+				RespondWithError(w, http.StatusTooManyRequests, fmt.Sprintf("%d Too many requests, API rate limit exceeded. Please try again later", http.StatusTooManyRequests), rl.ErrorInterceptor)
-					Success: false,
-					Code:    http.StatusTooManyRequests,
-					Message: "Too many requests, API rate limit exceeded. Please try again later.",
-				})
-				if err != nil {
-					return
-				}
 				return
 			}
 			// Proceed to the next handler if rate limit is not exceeded

internal/middleware/route_error_interceptor.go

@@ -0,0 +1,58 @@
+package middleware
+
+/*
+ * Copyright 2024 Jonas Kaninda
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+import (
+	errorinterceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
+	"github.com/jkaninda/goma-gateway/pkg/logger"
+	"io"
+	"net/http"
+)
+
+// RouteErrorInterceptor contains backend status code errors to intercept
+type RouteErrorInterceptor struct {
+	Origins          []string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
+}
+
+// RouteErrorInterceptor Middleware intercepts backend route errors
+func (intercept RouteErrorInterceptor) RouteErrorInterceptor(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rec := newResponseRecorder(w)
+		next.ServeHTTP(rec, r)
+		if canInterceptError(rec.statusCode, intercept.ErrorInterceptor.Errors) {
+			logger.Debug("Backend error")
+			logger.Error("An error occurred from the backend with the status code: %d", rec.statusCode)
+			//Update Origin Cors Headers
+			if allowedOrigin(intercept.Origins, r.Header.Get("Origin")) {
+				w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+			}
+			RespondWithError(w, rec.statusCode, http.StatusText(rec.statusCode), intercept.ErrorInterceptor)
+			return
+		} else {
+			// No error: write buffered response to client
+			w.WriteHeader(rec.statusCode)
+			_, err := io.Copy(w, rec.body)
+			if err != nil {
+				return
+			}
+			return
+
+		}
+
+	})
+}

internal/middleware/types.go

@@ -19,6 +19,7 @@ package middleware
 
 import (
 	"bytes"
+	errorinterceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
 	"net/http"
 	"sync"
 	"time"
@@ -26,11 +27,12 @@ import (
 
 // RateLimiter defines rate limit properties.
 type RateLimiter struct {
-	Requests  int
+	Requests         int
-	Window    time.Duration
+	Window           time.Duration
-	ClientMap map[string]*Client
+	ClientMap        map[string]*Client
-	mu        sync.Mutex
+	mu               sync.Mutex
-	Origins   []string
+	Origins          []string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
 }
 
 // Client stores request count and window expiration for each client.
@@ -67,11 +69,12 @@ type ProxyResponseError struct {
 
 // JwtAuth  stores JWT configuration
 type JwtAuth struct {
-	AuthURL         string
+	AuthURL          string
-	RequiredHeaders []string
+	RequiredHeaders  []string
-	Headers         map[string]string
+	Headers          map[string]string
-	Params          map[string]string
+	Params           map[string]string
-	Origins         []string
+	Origins          []string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
 }
 
 // AuthenticationMiddleware Define struct
@@ -82,17 +85,19 @@ type AuthenticationMiddleware struct {
 	Params          map[string]string
 }
 type AccessListMiddleware struct {
-	Path        string
+	Path             string
-	Destination string
+	Destination      string
-	List        []string
+	List             []string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
 }
 
 // AuthBasic contains Basic auth configuration
 type AuthBasic struct {
-	Username string
+	Username         string
-	Password string
+	Password         string
-	Headers  map[string]string
+	Headers          map[string]string
-	Params   map[string]string
+	Params           map[string]string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
 }
 
 // InterceptErrors contains backend status code errors to intercept
@@ -120,10 +125,11 @@ type Oauth struct {
 	// Scope specifies optional requested permissions.
 	Scopes []string
 	// contains filtered or unexported fields
-	State     string
+	State            string
-	Origins   []string
+	Origins          []string
-	JWTSecret string
+	JWTSecret        string
-	Provider  string
+	Provider         string
+	ErrorInterceptor errorinterceptor.ErrorInterceptor
 }
 type OauthEndpoint struct {
 	AuthURL     string

internal/proxy.go

@@ -17,6 +17,7 @@ limitations under the License.
 */
 import (
 	"fmt"
+	"github.com/jkaninda/goma-gateway/internal/middleware"
 	"github.com/jkaninda/goma-gateway/pkg/logger"
 	"net/http"
 	"net/http/httputil"
@@ -36,11 +37,7 @@ func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
 		if len(proxyRoute.methods) > 0 {
 			if !slices.Contains(proxyRoute.methods, r.Method) {
 				logger.Error("%s Method is not allowed", r.Method)
-				w.WriteHeader(http.StatusMethodNotAllowed)
+				middleware.RespondWithError(w, http.StatusMethodNotAllowed, fmt.Sprintf("%d %s method is not allowed", http.StatusMethodNotAllowed, r.Method), proxyRoute.ErrorInterceptor)
-				_, err := w.Write([]byte(fmt.Sprintf("%s method is not allowed", r.Method)))
-				if err != nil {
-					return
-				}
 				return
 			}
 		}
@@ -63,11 +60,7 @@ func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
 		targetURL, err := url.Parse(proxyRoute.destination)
 		if err != nil {
 			logger.Error("Error parsing backend URL: %s", err)
-			w.WriteHeader(http.StatusInternalServerError)
+			middleware.RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), proxyRoute.ErrorInterceptor)
-			_, err := w.Write([]byte("Internal Server Error"))
-			if err != nil {
-				return
-			}
 			return
 		}
 		r.Header.Set("X-Forwarded-Host", r.Header.Get("Host"))

internal/route.go

@@ -58,7 +58,8 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 	// Enable common exploits
 	if gateway.BlockCommonExploits {
 		logger.Info("Block common exploits enabled")
-		r.Use(middleware.BlockExploitsMiddleware)
+		blockCommon := middleware.BlockCommon{}
+		r.Use(blockCommon.BlockExploitsMiddleware)
 	}
 	if gateway.RateLimit != 0 {
 		//rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute)
@@ -219,8 +220,11 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 			// Apply common exploits to the route
 			// Enable common exploits
 			if route.BlockCommonExploits {
+				blockCommon := middleware.BlockCommon{
+					ErrorInterceptor: route.ErrorInterceptor,
+				}
 				logger.Info("Block common exploits enabled")
-				router.Use(middleware.BlockExploitsMiddleware)
+				router.Use(blockCommon.BlockExploitsMiddleware)
 			}
 			// Apply route rate limit
 			if route.RateLimit > 0 {
@@ -246,6 +250,12 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 				// Prometheus endpoint
 				router.Use(pr.prometheusMiddleware)
 			}
+			// Apply route Error interceptor middleware
+			interceptErrors := middleware.RouteErrorInterceptor{
+				Origins:          gateway.Cors.Origins,
+				ErrorInterceptor: route.ErrorInterceptor,
+			}
+			r.Use(interceptErrors.RouteErrorInterceptor)
 		} else {
 			logger.Error("Error, path is empty in route %s", route.Name)
 			logger.Error("Route path ignored: %s", route.Path)

internal/types.go

@@ -20,6 +20,7 @@ package pkg
 import (
 	"context"
 	"github.com/gorilla/mux"
+	errorinterceptor "github.com/jkaninda/goma-gateway/pkg/error-interceptor"
 	"time"
 )
 
@@ -161,12 +162,12 @@ type Route struct {
 	//
 	// It will not match the backend route
 	DisableHostFording bool `yaml:"disableHostFording"`
-	// InterceptErrors intercepts backend errors based on the status codes
+
-	//
-	// Eg: [ 403, 405, 500 ]
-	InterceptErrors []int `yaml:"interceptErrors"`
 	// BlockCommonExploits enable, disable block common exploits
 	BlockCommonExploits bool `yaml:"blockCommonExploits"`
+	// ErrorInterceptor intercepts backend errors based on the status codes and custom message
+	//
+	ErrorInterceptor errorinterceptor.ErrorInterceptor `yaml:"errorInterceptor"`
 	// Middlewares Defines route middleware from Middleware names
 	Middlewares []string `yaml:"middlewares"`
 }
@@ -242,6 +243,7 @@ type ProxyRoute struct {
 	methods            []string
 	cors               Cors
 	disableHostFording bool
+	ErrorInterceptor   errorinterceptor.ErrorInterceptor
 }
 type RoutePath struct {
 	route       Route
@@ -285,3 +287,16 @@ type Health struct {
 	Interval        string
 	HealthyStatuses []int
 }
+
+//type ErrorInterceptor struct {
+//	// ContentType error response content type, application/json, plain/text
+//	ContentType string `yaml:"contentType"`
+//	//Errors contains error status code and custom message
+//	Errors []ErrorInterceptor `yaml:"errors"`
+//}
+//type ErrorInterceptor struct {
+//	// Code HTTP status code
+//	Code int `yaml:"code"`
+//	// Message custom message
+//	Message string `yaml:"message"`
+//}

internal/var.go

@@ -9,6 +9,10 @@ const AccessMiddleware = "access" // access middleware
 const BasicAuth = "basic"         // basic authentication middleware
 const JWTAuth = "jwt"             // JWT authentication middleware
 const OAuth = "oauth"             // OAuth authentication middleware
+const applicationJson = "application/json"
+const textPlain = "text/plain"
+const applicationXml = "application/xml"
+
 // Round-robin counter
 var counter uint32
 

pkg/error-interceptor/types.go

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2024 Jonas Kaninda
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package error_interceptor
+
+type ErrorInterceptor struct {
+	// ContentType error response content type, application/json, plain/text
+	ContentType string `yaml:"contentType"`
+	//Errors contains error status code and custom message
+	Errors []Error `yaml:"errors"`
+}
+type Error struct {
+	// Code HTTP status code
+	Code int `yaml:"code"`
+	// Message custom message
+	Message string `yaml:"message"`
+}

pkg/error-interceptor/var.go

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2024 Jonas Kaninda
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package error_interceptor
+
+const TextPlain = "text/plain"
+const ApplicationXml = "application/xml"
+const ApplicationJson = "application/json"