rename gxff package to xff so it's not strictly for grpc

Signed-off-by: Kelly Deng <kelly@packet.com>
packethost · Sep 1, 2020 · 884567e · 884567e
1 parent 6387ceb
commit 884567e
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 40 deletions.
diff --git a/http_handlers.go b/http_handlers.go
@@ -13,7 +13,6 @@ import (
 	"time"
 
 	"github.com/packethost/hegel/metrics"
-	"github.com/packethost/xff"
 )
 
 var (
@@ -265,21 +264,3 @@ func buildSubscriberHandlers(hegelServer *server) {
 	http.HandleFunc("/subscriptions", handleSubscriptions)
 	http.HandleFunc("/subscriptions/", handleSubscriptions)
 }
-
-func handleTrustedProxies(mux *http.ServeMux, trustedProxies []string) http.Handler {
-	var handler http.Handler
-	if len(trustedProxies) > 0 {
-		xffmw, err := xff.New(xff.Options{
-			AllowedSubnets: trustedProxies,
-		})
-		if err != nil {
-			logger.Fatal(err, "error creating a new xff handler")
-		}
-
-		handler = xffmw.Handler(mux)
-	} else {
-		handler = mux
-	}
-
-	return handler
-}
diff --git a/http_server.go b/http_server.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/packethost/hegel/gxff"
+	"github.com/packethost/hegel/xff"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
@@ -23,8 +23,8 @@ func ServeHTTP() {
 		logger.Fatal(err, "could not register custom endpoints")
 	}
 
-	trustedProxies := gxff.ParseTrustedProxies()
-	http.Handle("/", handleTrustedProxies(mux, trustedProxies))
+	trustedProxies := xff.ParseTrustedProxies()
+	http.Handle("/", xff.HTTPHandler(logger, mux, trustedProxies))
 
 	logger.With("port", *metricsPort).Info("Starting http server")
 	go func() {

diff --git a/http_server_test.go b/http_server_test.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/packethost/hegel/gxff"
+	"github.com/packethost/hegel/xff"
 	"github.com/tinkerbell/tink/protos/packet"
 )
 
@@ -32,8 +32,8 @@ func TestTrustedProxies(t *testing.T) {
 			mux := &http.ServeMux{}
 			mux.HandleFunc("/2009-04-04/", ec2Handler)
 
-			trustedProxies := gxff.ParseTrustedProxies()
-			xffHandler := handleTrustedProxies(mux, trustedProxies)
+			trustedProxies := xff.ParseTrustedProxies()
+			xffHandler := xff.HTTPHandler(logger, mux, trustedProxies)
 
 			req, err := http.NewRequest("GET", test.url, nil)
 			if err != nil {

diff --git a/main.go b/main.go
@@ -18,8 +18,8 @@ import (
 	cacherClient "github.com/packethost/cacher/client"
 	"github.com/packethost/cacher/protos/cacher"
 	"github.com/packethost/hegel/grpc/hegel"
-	"github.com/packethost/hegel/gxff"
 	"github.com/packethost/hegel/metrics"
+	"github.com/packethost/hegel/xff"
 	"github.com/packethost/pkg/env"
 	"github.com/packethost/pkg/log"
 	"github.com/pkg/errors"
@@ -141,7 +141,8 @@ func main() {
 		serverOpts = append(serverOpts, grpc.Creds(creds))
 	}
 
-	xffStream, xffUnary := gxff.New(logger, nil)
+	trustedProxies := xff.ParseTrustedProxies()
+	xffStream, xffUnary := xff.GRPCMiddlewares(logger, trustedProxies)
 	streamLogger, unaryLogger := logger.GRPCLoggers()
 	serverOpts = append(serverOpts,
 		grpc_middleware.WithUnaryServerChain(

diff --git a/gxff/gxff.go → xff/xff.go b/gxff/gxff.go → xff/xff.go
@@ -1,13 +1,15 @@
-package gxff
+package xff
 
 import (
 	"context"
 	"net"
+	"net/http"
 	"os"
 	"strings"
 
 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/packethost/pkg/log"
+	"github.com/packethost/xff"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
@@ -116,21 +118,18 @@ func ParseTrustedProxies() []string {
 	return result
 }
 
-// New returns a set of grpc interceptors that will replace peer.IP with X-FORWARDED-FOR value if the peer ip within a subnet in allowedSubnets
-// If allowedSubnets is nil it will look for subents in the TRUSTED_PROXIES env var.
+// GRPCMiddlewares returns a set of grpc interceptors that will replace peer.IP with X-FORWARDED-FOR value if the peer IP is within one of the subnets in allowedSubnets
+// If allowedSubnets is nil it will look for subnets in the TRUSTED_PROXIES env var.
 // If allowedSubnets is nil and TRUSTED_PROXIES is empty then X-FORWARDED-FOR will be ignored (no proxy is trusted).
-func New(l log.Logger, allowedSubnets []string) (grpc.StreamServerInterceptor, grpc.UnaryServerInterceptor) {
+func GRPCMiddlewares(l log.Logger, allowedSubnets []string) (grpc.StreamServerInterceptor, grpc.UnaryServerInterceptor) {
 	if allowedSubnets == nil {
-		allowedSubnets = ParseTrustedProxies()
-		if allowedSubnets == nil {
-			streamer := func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
-				return handler(srv, ss)
-			}
-			unaryer := func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
-				return handler(ctx, req)
-			}
-			return streamer, unaryer
+		streamer := func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+			return handler(srv, ss)
+		}
+		unaryer := func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
+			return handler(ctx, req)
 		}
+		return streamer, unaryer
 	}
 
 	masks, err := toMasks(allowedSubnets)
@@ -148,3 +147,26 @@ func New(l log.Logger, allowedSubnets []string) (grpc.StreamServerInterceptor, g
 	}
 	return streamer, unaryer
 }
+
+// HTTPHandler creates a XFF handler if there are allowedSubnets specified
+func HTTPHandler(l log.Logger, mux *http.ServeMux, allowedSubnets []string) http.Handler {
+	var handler http.Handler
+	if mux == nil {
+		mux = http.DefaultServeMux
+	}
+
+	if len(allowedSubnets) > 0 {
+		xffmw, err := xff.New(xff.Options{
+			AllowedSubnets: allowedSubnets,
+		})
+		if err != nil {
+			l.Fatal(err, "error creating a new xff handler")
+		}
+
+		handler = xffmw.Handler(mux)
+	} else {
+		handler = mux
+	}
+
+	return handler
+}