studio/proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26 Commits 1 Branch 0 Tags
5d279f992bd124a4ec0eebcd256c3463ac693636
Commit Graph

5 Commits

Author SHA1 Message Date
Sienna Meridian Satterwhite
2660ee974c fix(proxy): skip detection pipeline for bypass CIDR IPs 
Trusted IPs (localhost, pod network) now skip the entire DDoS/scanner/
rate-limit pipeline via early return. Fixes buildkitd pushes to Gitea
being blocked by the scanner when using host networking.

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
 2026-03-10 23:38:20 +00:00
Sienna Meridian Satterwhite
0f31c7645c feat(cache): add pingora-cache integration with per-route config 
Add in-memory HTTP response cache using pingora-cache MemCache backend.
Cache runs after the detection pipeline so cache hits bypass upstream
request modifications and body rewriting. Respects Cache-Control
(no-store, private, s-maxage, max-age), skips caching for routes with
body rewrites or auth subrequest headers, and supports configurable
default TTL, stale-while-revalidate, and max file size per route.

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
 2026-03-10 23:38:20 +00:00
Sienna Meridian Satterwhite
76ad9e93e5 feat(static_files): add static file serving, SPA fallback, rewrites, body rewriting, and auth subrequests 
Add static file serving with try_files chain ($uri, $uri.html,
$uri/index.html, fallback), regex-based URL rewrites compiled at
startup, response body find/replace for text/html and JS content,
auth subrequests with header capture for path routes, and custom
response headers per route. Extends RouteConfig with static_root,
fallback, rewrites, body_rewrites, and response_headers fields.

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
 2026-03-10 23:38:20 +00:00
Sienna Meridian Satterwhite
867b6b2489 feat(proxy): integrate DDoS, scanner, and rate limiter into request pipeline 
Wire up all three detection layers in request_filter with pipeline
logging at each stage for unfiltered training data. Add DDoS, scanner,
and rate_limit config sections. Bot allowlist check before scanner
model on the hot path. CLI subcommands for train/replay.

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
 2026-03-10 23:38:20 +00:00
Sienna Meridian Satterwhite
4ce008dc11 fix(proxy): forward X-Forwarded-Proto via insert_header; add e2e test 
Root cause: upstream_request_filter was inserting x-forwarded-proto with
a raw headers.insert() call (via DerefMut) which only updates base.headers
but NOT the CaseMap. header_to_h1_wire zips CaseMap with base.headers, so
headers added without a CaseMap entry are silently dropped on the wire.

Fix: use insert_header() which keeps both maps in sync.

Also adds:
- src/lib.rs + [lib] section: exposes SunbeamProxy/RouteConfig/AcmeRoutes
  to integration tests without re-declaring modules in main.rs
- tests/e2e.rs: real end-to-end test — starts a SunbeamProxy over plain
  HTTP, routes it to a TCP echo backend, and asserts x-forwarded-proto: http
  is present in the upstream request headers
- Updated unit tests to verify header_to_h1_wire round-trip (not just that
  HeaderMap::insert works in isolation)

Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
 2026-03-10 23:38:19 +00:00