mc/mc-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
57adbbf05e32364da8855a65b144226a60d79994
mc-proxy/cmd/mcproxyctl/root.go
Kyle Isom 42c7fffc3e Add L7 policies for user-agent blocking and required headers 
Per-route HTTP-level blocking policies for L7 routes. Two rule types:
block_user_agent (substring match against User-Agent, returns 403)
and require_header (named header must be present, returns 403).

Config: L7Policy struct with type/value fields, added as L7Policies
slice on Route. Validated in config (type enum, non-empty value,
warning if set on L4 routes).

DB: Migration 4 creates l7_policies table with route_id FK (cascade
delete), type CHECK constraint, UNIQUE(route_id, type, value). New
l7policies.go with ListL7Policies, CreateL7Policy, DeleteL7Policy,
GetRouteID. Seed updated to persist policies from config.

L7 middleware: PolicyMiddleware in internal/l7/policy.go evaluates
rules in order, returns 403 on first match, no-op if empty. Composed
into the handler chain between context injection and reverse proxy.

Server: L7PolicyRule type on RouteInfo with AddL7Policy/RemoveL7Policy
mutation methods on ListenerState. handleL7 threads policies into
l7.RouteConfig. Startup loads policies per L7 route from DB.

Proto: L7Policy message, repeated l7_policies on Route. Three new
RPCs: ListL7Policies, AddL7Policy, RemoveL7Policy. All follow the
write-through pattern.

Client: L7Policy type, ListL7Policies/AddL7Policy/RemoveL7Policy
methods. CLI: mcproxyctl policies list/add/remove subcommands.

Tests: 6 PolicyMiddleware unit tests (no policies, UA match/no-match,
header present/absent, multiple rules). 4 DB tests (CRUD, cascade,
duplicate, GetRouteID). 3 gRPC tests (add+list, remove, validation).
2 end-to-end L7 tests (UA block, required header with allow/deny).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 17:11:05 -07:00

73 lines
1.7 KiB
Go
Raw Blame History

package main
import (
"context"
"os"
"github.com/spf13/cobra"
"git.wntrmute.dev/kyle/mc-proxy/client/mcproxy"
)
const defaultSocketPath = "/var/run/mc-proxy.sock"
type contextKey string
const clientKey contextKey = "client"
func rootCmd() *cobra.Command {
var socketPath string
cmd := &cobra.Command{
Use: "mcproxyctl",
Short: "Control a running mc-proxy instance",
Long: "mcproxyctl is a command-line tool for administrating a running mc-proxy instance via the gRPC admin API.",
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
// Skip client setup for help commands
if cmd.Name() == "help" || cmd.Name() == "completion" {
return nil
}
// Environment variable override
if envSocket := os.Getenv("MCPROXY_SOCKET"); envSocket != "" && socketPath == defaultSocketPath {
socketPath = envSocket
}
client, err := mcproxy.Dial(socketPath)
if err != nil {
return err
}
ctx := context.WithValue(cmd.Context(), clientKey, client)
cmd.SetContext(ctx)
return nil
},
PersistentPostRunE: func(cmd *cobra.Command, args []string) error {
client := clientFromContext(cmd.Context())
if client != nil {
return client.Close()
}
return nil
},
SilenceUsage: true,
}
cmd.PersistentFlags().StringVarP(&socketPath, "socket", "s", defaultSocketPath, "Unix socket path")
cmd.AddCommand(statusCmd())
cmd.AddCommand(healthCmd())
cmd.AddCommand(routesCmd())
cmd.AddCommand(firewallCmd())
cmd.AddCommand(policiesCmd())
return cmd
}
func clientFromContext(ctx context.Context) *mcproxy.Client {
if ctx == nil {
return nil
}
client, _ := ctx.Value(clientKey).(*mcproxy.Client)
return client
}
Reference in New Issue View Git Blame Copy Permalink