Merge pull request #39 from wollomatic/develop

1.5.2

Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM --platform=$BUILDPLATFORM golang:1.22.7-alpine3.20 AS build
+FROM --platform=$BUILDPLATFORM golang:1.23.2-alpine3.20 AS build
 WORKDIR /application
 COPY . ./
 ARG TARGETOS

README.md

@@ -186,7 +186,7 @@ socket-proxy can be configured via command line parameters or via environment va
 | `-stoponwatchdog`              | `SP_STOPONWATCHDOG`              | (not set/false)        | If set, socket-proxy will be stopped if the watchdog detects that the unix socket is not available.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | `-watchdoginterval`            | `SP_WATCHDOGINTERVAL`            | `0`                    | Check for socket availabibity every x seconds (disable checks, if not set or value is 0)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
 | `-proxysocketendpoint`         | `SP_PROXYSOCKETENDPOINT`         | (not set)              | Proxy to the given unix socket instead of a TCP port                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| `-proxysocketendpointfilemode` | `SP_PROXYSOCKETENDPOINTFILEMODE` | `0400`                 | Explicitly set the file mode for the filtered unix socket endpoint (only useful with `-proxysocketendpoint`)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+| `-proxysocketendpointfilemode` | `SP_PROXYSOCKETENDPOINTFILEMODE` | `0600`                 | Explicitly set the file mode for the filtered unix socket endpoint (only useful with `-proxysocketendpoint`)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
 
 ### Changelog
 
@@ -200,6 +200,8 @@ socket-proxy can be configured via command line parameters or via environment va
 
 1.4 - allow configuration from env variables
 
+1.5 - allow unix socket as proxied/filtered endpoint
+
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

cmd/socket-proxy/handlehttprequest.go

@@ -8,11 +8,10 @@ import (
 	"strings"
 )
 
-// handleHttpRequest checks if the request is allowed and sends it to the proxy.
+// handleHTTPRequest checks if the request is allowed and sends it to the proxy.
 // Otherwise, it returns a "405 Method Not Allowed" or a "403 Forbidden" error.
 // In case of an error, it returns a 500 Internal Server Error.
-func handleHttpRequest(w http.ResponseWriter, r *http.Request) {
-
+func handleHTTPRequest(w http.ResponseWriter, r *http.Request) {
 	if cfg.ProxySocketEndpoint == "" { // do not perform this check if we proxy to a unix socket
 		allowedIP, err := isAllowedClient(r.RemoteAddr)
 		if err != nil {

cmd/socket-proxy/main.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/wollomatic/socket-proxy/internal/config"
 	"log/slog"
 	"net"
 	"net/http"
@@ -15,10 +14,12 @@ import (
 	"runtime"
 	"syscall"
 	"time"
+
+	"github.com/wollomatic/socket-proxy/internal/config"
 )
 
 const (
-	programUrl   = "github.com/wollomatic/socket-proxy"
+	programURL   = "github.com/wollomatic/socket-proxy"
 	logAddSource = false // set to true to log the source position (file and line) of the log message
 )
 
@@ -55,7 +56,7 @@ func main() {
 	slog.SetDefault(logger)
 
 	// print configuration
-	slog.Info("starting socket-proxy", "version", version, "os", runtime.GOOS, "arch", runtime.GOARCH, "runtime", runtime.Version(), "URL", programUrl)
+	slog.Info("starting socket-proxy", "version", version, "os", runtime.GOOS, "arch", runtime.GOARCH, "runtime", runtime.Version(), "URL", programURL)
 	if cfg.ProxySocketEndpoint == "" {
 		slog.Info("configuration info", "socketpath", cfg.SocketPath, "listenaddress", cfg.ListenAddress, "loglevel", cfg.LogLevel, "logjson", cfg.LogJSON, "allowfrom", cfg.AllowFrom, "shutdowngracetime", cfg.ShutdownGraceTime)
 	} else {
@@ -90,8 +91,8 @@ func main() {
 	}
 
 	// define the reverse proxy
-	socketUrlDummy, _ := url.Parse("http://localhost") // dummy URL - we use the unix socket
-	socketProxy = httputil.NewSingleHostReverseProxy(socketUrlDummy)
+	socketURLDummy, _ := url.Parse("http://localhost") // dummy URL - we use the unix socket
+	socketProxy = httputil.NewSingleHostReverseProxy(socketURLDummy)
 	socketProxy.Transport = &http.Transport{
 		DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
 			return net.Dial("unix", cfg.SocketPath)
@@ -125,7 +126,7 @@ func main() {
 	}
 
 	srv := &http.Server{ // #nosec G112 -- intentionally do not time out the client
-		Handler: http.HandlerFunc(handleHttpRequest), // #nosec G112
+		Handler: http.HandlerFunc(handleHTTPRequest), // #nosec G112
 	} // #nosec G112
 
 	// start the server in a goroutine
@@ -148,7 +149,6 @@ func main() {
 	if cfg.AllowHealthcheck {
 		go healthCheckServer(cfg.SocketPath)
 		slog.Debug("healthcheck ready")
-
 	}
 
 	// Wait for stop signal

internal/config/config.go

@@ -25,7 +25,7 @@ var (
 	defaultWatchdogInterval            = uint(0)                // watchdog interval in seconds (0 to disable)
 	defaultStopOnWatchdog              = false                  // set to true to stop the program when the socket gets unavailable (otherwise log only)
 	defaultProxySocketEndpoint         = ""                     // empty string means no socket listener, but regular TCP listener
-	defaultProxySocketEndpointFileMode = uint(0400)             // set the file mode of the unix socket endpoint
+	defaultProxySocketEndpointFileMode = uint(0o400)            // set the file mode of the unix socket endpoint
 )
 
 type Config struct {
@@ -180,13 +180,13 @@ func InitConfig() (*Config, error) {
 		if rx.regexStringFromParam != "" {
 			r, err := regexp.Compile("^" + rx.regexStringFromParam + "$")
 			if err != nil {
-				return nil, fmt.Errorf("invalid regex \"%s\" for method %s in command line parameter: %s", rx.regexStringFromParam, rx.method, err)
+				return nil, fmt.Errorf("invalid regex \"%s\" for method %s in command line parameter: %w", rx.regexStringFromParam, rx.method, err)
 			}
 			cfg.AllowedRequests[rx.method] = r
 		} else if rx.regexStringFromEnv != "" {
 			r, err := regexp.Compile("^" + rx.regexStringFromEnv + "$")
 			if err != nil {
-				return nil, fmt.Errorf("invalid regex \"%s\" for method %s in env variable: %s", rx.regexStringFromParam, rx.method, err)
+				return nil, fmt.Errorf("invalid regex \"%s\" for method %s in env variable: %w", rx.regexStringFromParam, rx.method, err)
 			}
 			cfg.AllowedRequests[rx.method] = r
 		}