feat: more elaborate XFF compute (#350)

* feat: more elaborate XFF compute #328 followup now featuring configuration and defaults that shouldn't break most setups. fixes #344 * refactor: obvious condition eval order optimization * feat: add StripLLU implementation * chore: I'm sorry it's 7 AM * test: add test environment for unix socket serving Signed-off-by: Xe Iaso <me@xeiaso.net> * test(unix-socket-xff): comment out the shell script more Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(internal): fix logic bug in XFF computation, add tests Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(internal): prevent panic in local testing Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(internal): shuffle around return values to flow better Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-25 13:59:55 +02:00 · 2025-04-25 13:59:55 +02:00 · a420db8b8a
commit a420db8b8a
parent 5a4f68d384
8 changed files with 619 additions and 22 deletions
--- a/test/unix-socket-xff/start.sh
+++ b/test/unix-socket-xff/start.sh
@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Remove lingering .sock files, relayd and unixhttpd will do that too but
+# measure twice, cut once.
+rm *.sock ||:
+
+# If the transient local TLS certificate doesn't exist, mint a new one
+if [ ! -f ../pki/relayd.local.cetacean.club/cert.pem ]; then
+  # Subshell to contain the directory change
+  (
+    cd ../pki \
+    && mkdir -p relayd.local.cetacean.club \
+    && \
+    # Try using https://github.com/FiloSottile/mkcert for better DevEx,
+    # but fall back to using https://github.com/jsha/minica in case
+    # you don't have that installed.
+    (
+      mkcert \
+        --cert-file ./relayd.local.cetacean.club/cert.pem \
+        --key-file ./relayd.local.cetacean.club/key.pem relayd.local.cetacean.club \
+      || go tool minica -domains relayd.local.cetacean.club
+    )
+  )
+fi
+
+# Build static assets
+(cd ../.. && npm ci && npm run assets)
+
+# Spawn three jobs:
+
+# HTTP daemon that listens over a unix socket (implicitly ./unixhttpd.sock)
+go run ../cmd/unixhttpd &
+
+# A copy of Anubis, specifically for the current Git checkout
+go tool anubis \
+  --bind=./anubis.sock \
+  --bind-network=unix \
+  --target=unix://$(pwd)/unixhttpd.sock &
+
+# A simple TLS terminator that forwards to Anubis, which will forward to
+# unixhttpd
+go run ../cmd/relayd \
+  --proxy-to=unix://./anubis.sock \
+  --cert-dir=../pki/relayd.local.cetacean.club &
+
+# When you press control c, kill all the child processes to clean things up
+trap 'echo signal received!; kill $(jobs -p); wait' SIGINT SIGTERM
+
+echo "open https://relayd.local.cetacean.club:3004/reqmeta"
+
+# Wait for all child processes to exit
+wait