Sienna Meridian Satterwhite
0f31c7645c
Add in-memory HTTP response cache using pingora-cache MemCache backend. Cache runs after the detection pipeline so cache hits bypass upstream request modifications and body rewriting. Respects Cache-Control (no-store, private, s-maxage, max-age), skips caching for routes with body rewrites or auth subrequest headers, and supports configurable default TTL, stale-while-revalidate, and max file size per route. Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
86 lines
2.2 KiB
TOML
86 lines
2.2 KiB
TOML
[package]
|
|
name = "sunbeam-proxy"
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
|
|
[lib]
|
|
name = "sunbeam_proxy"
|
|
path = "src/lib.rs"
|
|
|
|
[dependencies]
|
|
# Pingora with rustls backend (pure Rust TLS, no BoringSSL C build)
|
|
pingora = { version = "0.8", features = ["rustls"] }
|
|
pingora-proxy = { version = "0.8", features = ["rustls"] }
|
|
pingora-core = { version = "0.8", features = ["rustls"] }
|
|
pingora-http = "0.8"
|
|
pingora-cache = { version = "0.8", features = ["rustls"] }
|
|
|
|
# HTTP header constants
|
|
http = "1"
|
|
|
|
# Config
|
|
serde = { version = "1", features = ["derive"] }
|
|
toml = "0.8"
|
|
|
|
# Async
|
|
tokio = { version = "1", features = ["full"] }
|
|
futures = "0.3"
|
|
async-trait = "0.1"
|
|
pin-project-lite = "0.2"
|
|
|
|
# Structured logging + OTEL
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["json", "env-filter"] }
|
|
tracing-opentelemetry = "0.28"
|
|
opentelemetry = { version = "0.27", features = ["trace"] }
|
|
opentelemetry_sdk = { version = "0.27", features = ["rt-tokio"] }
|
|
opentelemetry-otlp = { version = "0.27", features = ["http-proto", "reqwest-client"] }
|
|
serde_json = "1"
|
|
anyhow = "1"
|
|
|
|
# DDoS detection (KNN classifier)
|
|
clap = { version = "4", features = ["derive"] }
|
|
fnntw = "0.4"
|
|
bincode = "1"
|
|
rustc-hash = "2"
|
|
|
|
# Lock-free Arc swapping for hot-reload (scanner model)
|
|
arc-swap = "1"
|
|
|
|
# Reverse DNS for bot IP verification
|
|
dns-lookup = "2"
|
|
|
|
# Prometheus metrics
|
|
prometheus = "0.13"
|
|
|
|
# Request IDs
|
|
uuid = { version = "1", features = ["v4"] }
|
|
|
|
# Static file serving and body rewriting
|
|
bytes = "1"
|
|
regex = "1"
|
|
|
|
# Auth subrequests
|
|
reqwest = { version = "0.12", features = ["rustls-tls"], default-features = false }
|
|
|
|
# Rustls crypto provider — must be installed before any TLS init
|
|
rustls = { version = "0.23", features = ["aws-lc-rs"] }
|
|
|
|
# K8s watcher for cert/config hot-reload
|
|
kube = { version = "3", features = ["runtime", "client"] }
|
|
k8s-openapi = { version = "0.27", features = ["v1_35"] }
|
|
libc = "0.2"
|
|
|
|
[dev-dependencies]
|
|
criterion = { version = "0.5", features = ["html_reports"] }
|
|
|
|
[[bench]]
|
|
name = "scanner_bench"
|
|
harness = false
|
|
|
|
[profile.release]
|
|
opt-level = 3
|
|
lto = true
|
|
codegen-units = 1
|
|
strip = true
|