feat: add limit HTTP methods allowed for a particular route

2024-11-08 22:58:09 +01:00
parent 87bb8f9f99
commit d24625496f
9 changed files with 39 additions and 156 deletions
--- a/internal/config.go
+++ b/internal/config.go
@@ -112,6 +112,7 @@ func initConfig(configFile string) {
 		configFile = GetConfigPaths()
 	}
 	conf := &GatewayConfig{
+		Version: util.Version,
 		GatewayConfig: Gateway{
 			WriteTimeout:                 15,
 			ReadTimeout:                  15,
@@ -120,7 +121,7 @@ func initConfig(configFile string) {
 			ErrorLog:                     "/dev/stderr",
 			DisableRouteHealthCheckError: false,
 			DisableDisplayRouteOnStart:   false,
-			RateLimiter:                  0,
+			RateLimit:                    0,
 			InterceptErrors:              []int{405, 500},
 			Cors: Cors{
 				Origins: []string{"http://localhost:8080", "https://example.com"},
@@ -134,6 +135,7 @@ func initConfig(configFile string) {
 				{
 					Name:        "Public",
 					Path:        "/public",
+					Methods:     []string{"GET"},
 					Destination: "https://example.com",
 					Rewrite:     "/",
 					HealthCheck: "",
--- a/internal/proxy.go
+++ b/internal/proxy.go
@@ -21,6 +21,7 @@ import (
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"slices"
 	"strings"
 )

@@ -28,6 +29,18 @@ import (
 func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		logger.Info("%s %s %s %s", r.Method, getRealIP(r), r.URL, r.UserAgent())
+		// Check Method if is allowed
+		if len(proxyRoute.methods) > 0 {
+			if !slices.Contains(proxyRoute.methods, r.Method) {
+				logger.Error("%s Method is not allowed", r.Method)
+				w.WriteHeader(http.StatusMethodNotAllowed)
+				_, err := w.Write([]byte(fmt.Sprintf("%s method is not allowed", r.Method)))
+				if err != nil {
+					return
+				}
+				return
+			}
+		}
 		// Set CORS headers from the cors config
 		//Update Cors Headers
 		for k, v := range proxyRoute.cors.Headers {
--- a/internal/route.go
+++ b/internal/route.go
@@ -45,9 +45,9 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 		logger.Info("Block common exploits enabled")
 		r.Use(middleware.BlockExploitsMiddleware)
 	}
-	if gateway.RateLimiter != 0 {
-		//rateLimiter := middleware.NewRateLimiter(gateway.RateLimiter, time.Minute)
-		limiter := middleware.NewRateLimiterWindow(gateway.RateLimiter, time.Minute, gateway.Cors.Origins) //  requests per minute
+	if gateway.RateLimit != 0 {
+		//rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute)
+		limiter := middleware.NewRateLimiterWindow(gateway.RateLimit, time.Minute, gateway.Cors.Origins) //  requests per minute
 		// Add rate limit middleware to all routes, if defined
 		r.Use(limiter.RateLimitMiddleware())
 	}
@@ -85,6 +85,7 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 								rewrite:         route.Rewrite,
 								destination:     route.Destination,
 								disableXForward: route.DisableHeaderXForward,
+								methods:         route.Methods,
 								cors:            route.Cors,
 							}
 							secureRouter := r.PathPrefix(util.ParseRoutePath(route.Path, midPath)).Subrouter()
@@ -189,6 +190,7 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
 				path:            route.Path,
 				rewrite:         route.Rewrite,
 				destination:     route.Destination,
+				methods:         route.Methods,
 				disableXForward: route.DisableHeaderXForward,
 				cors:            route.Cors,
 			}
--- a/internal/types.go
+++ b/internal/types.go
@@ -145,6 +145,9 @@ type Route struct {
 	Destination string `yaml:"destination"`
 	// Cors contains the route cors headers
 	Cors Cors `yaml:"cors"`
+	//RateLimit int      `yaml:"rateLimit"`
+	// Methods allowed method
+	Methods []string `yaml:"methods"`
 	// DisableHeaderXForward Disable X-forwarded header.
 	//
 	// [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
@@ -173,8 +176,8 @@ type Gateway struct {
 	ReadTimeout int `yaml:"readTimeout" env:"GOMA_READ_TIMEOUT, overwrite"`
 	// IdleTimeout defines proxy idle timeout
 	IdleTimeout int `yaml:"idleTimeout" env:"GOMA_IDLE_TIMEOUT, overwrite"`
-	// RateLimiter Defines the number of request peer minutes
-	RateLimiter int `yaml:"rateLimiter" env:"GOMA_RATE_LIMITER, overwrite"`
+	// RateLimit Defines the number of request peer minutes
+	RateLimit int `yaml:"rateLimit" env:"GOMA_RATE_LIMIT, overwrite"`
 	// BlockCommonExploits enable, disable block common exploits
 	BlockCommonExploits bool   `yaml:"blockCommonExploits"`
 	AccessLog           string `yaml:"accessLog" env:"GOMA_ACCESS_LOG, overwrite"`
@@ -195,6 +198,7 @@ type Gateway struct {
 	Routes []Route `yaml:"routes"`
 }
 type GatewayConfig struct {
+	Version string `yaml:"version"`
 	// GatewayConfig holds Gateway config
 	GatewayConfig Gateway `yaml:"gateway"`
 	// Middlewares holds proxy middlewares
@@ -216,6 +220,7 @@ type ProxyRoute struct {
 	path            string
 	rewrite         string
 	destination     string
+	methods         []string
 	cors            Cors
 	disableXForward bool
 }