forked from wrenn/wrenn
190 lines
5.4 KiB
Go
190 lines
5.4 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
"path"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/jackc/pgx/v5/pgtype"
|
|
|
|
"git.omukk.dev/wrenn/wrenn/pkg/db"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/id"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/lifecycle"
|
|
)
|
|
|
|
// Sentinel errors returned by proxyTarget, used to map to HTTP status codes
|
|
// without relying on error message text.
|
|
var (
|
|
errProxySandboxNotFound = errors.New("sandbox not found")
|
|
errProxyNoHostAddress = errors.New("host agent has no address")
|
|
)
|
|
|
|
const proxyCacheTTL = 120 * time.Second
|
|
|
|
// sandboxHostPattern matches hostnames like "49999-cl-abcd1234.localhost" or
|
|
// "49999-cl-abcd1234.example.com". Captures: port, sandbox ID.
|
|
var sandboxHostPattern = regexp.MustCompile(`^(\d+)-(cl-[0-9a-z]+)\.`)
|
|
|
|
// errProxySandboxNotRunning carries the sandbox status so callers can include
|
|
// it in the HTTP response without parsing error strings.
|
|
type errProxySandboxNotRunning struct{ status string }
|
|
|
|
func (e errProxySandboxNotRunning) Error() string {
|
|
return fmt.Sprintf("sandbox is not running (status: %s)", e.status)
|
|
}
|
|
|
|
// proxyCacheEntry caches the resolved agent URL for a sandbox.
|
|
// The *httputil.ReverseProxy is built per-request (cheap) so the Director closure
|
|
// can capture the correct port without the cache key needing to include it.
|
|
type proxyCacheEntry struct {
|
|
agentURL *url.URL
|
|
expiresAt time.Time
|
|
}
|
|
|
|
// SandboxProxyWrapper wraps an existing HTTP handler and intercepts requests
|
|
// whose Host header matches the {port}-{sandbox_id}.{domain} pattern. Matching
|
|
// requests are reverse-proxied through the host agent that owns the sandbox.
|
|
// All other requests are passed through to the inner handler.
|
|
//
|
|
// No authentication is required — sandbox URLs are unguessable and access is
|
|
// scoped to the sandbox ID embedded in the hostname.
|
|
type SandboxProxyWrapper struct {
|
|
inner http.Handler
|
|
db *db.Queries
|
|
pool *lifecycle.HostClientPool
|
|
transport http.RoundTripper
|
|
|
|
cacheMu sync.Mutex
|
|
cache map[pgtype.UUID]proxyCacheEntry
|
|
}
|
|
|
|
// NewSandboxProxyWrapper creates a new proxy wrapper.
|
|
func NewSandboxProxyWrapper(inner http.Handler, queries *db.Queries, pool *lifecycle.HostClientPool) *SandboxProxyWrapper {
|
|
return &SandboxProxyWrapper{
|
|
inner: inner,
|
|
db: queries,
|
|
pool: pool,
|
|
transport: pool.Transport(),
|
|
cache: make(map[pgtype.UUID]proxyCacheEntry),
|
|
}
|
|
}
|
|
|
|
// proxyTarget looks up the cached agent URL for sandboxID.
|
|
// On a miss it queries the DB, resolves the address, and populates the cache.
|
|
func (h *SandboxProxyWrapper) proxyTarget(ctx context.Context, sandboxID pgtype.UUID) (*url.URL, error) {
|
|
h.cacheMu.Lock()
|
|
entry, ok := h.cache[sandboxID]
|
|
h.cacheMu.Unlock()
|
|
|
|
if ok && time.Now().Before(entry.expiresAt) {
|
|
return entry.agentURL, nil
|
|
}
|
|
|
|
// Cache miss or expired — query DB.
|
|
target, err := h.db.GetSandboxProxyTarget(ctx, sandboxID)
|
|
if err != nil {
|
|
return nil, errProxySandboxNotFound
|
|
}
|
|
if target.Status != "running" {
|
|
return nil, errProxySandboxNotRunning{status: target.Status}
|
|
}
|
|
if target.HostAddress == "" {
|
|
return nil, errProxyNoHostAddress
|
|
}
|
|
|
|
agentURL, err := url.Parse(h.pool.ResolveAddr(target.HostAddress))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid host agent address: %w", err)
|
|
}
|
|
|
|
h.cacheMu.Lock()
|
|
h.cache[sandboxID] = proxyCacheEntry{
|
|
agentURL: agentURL,
|
|
expiresAt: time.Now().Add(proxyCacheTTL),
|
|
}
|
|
h.cacheMu.Unlock()
|
|
|
|
return agentURL, nil
|
|
}
|
|
|
|
// evictProxyCache removes the cached entry for a sandbox.
|
|
// Called on 502 so a stopped/moved sandbox is re-resolved on the next request.
|
|
func (h *SandboxProxyWrapper) evictProxyCache(sandboxID pgtype.UUID) {
|
|
h.cacheMu.Lock()
|
|
delete(h.cache, sandboxID)
|
|
h.cacheMu.Unlock()
|
|
}
|
|
|
|
func (h *SandboxProxyWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
host := r.Host
|
|
// Strip port from Host header (e.g. "49999-cl-abcd1234.localhost:8000" → "49999-cl-abcd1234.localhost")
|
|
if colonIdx := strings.LastIndex(host, ":"); colonIdx != -1 {
|
|
host = host[:colonIdx]
|
|
}
|
|
|
|
matches := sandboxHostPattern.FindStringSubmatch(host)
|
|
if matches == nil {
|
|
h.inner.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
port := matches[1]
|
|
sandboxIDStr := matches[2]
|
|
|
|
// Validate port.
|
|
portNum, err := strconv.Atoi(port)
|
|
if err != nil || portNum < 1 || portNum > 65535 {
|
|
http.Error(w, "invalid port", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
sandboxID, err := id.ParseSandboxID(sandboxIDStr)
|
|
if err != nil {
|
|
http.Error(w, "invalid sandbox ID", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
agentURL, err := h.proxyTarget(r.Context(), sandboxID)
|
|
if err != nil {
|
|
switch {
|
|
case errors.Is(err, errProxySandboxNotFound):
|
|
http.Error(w, err.Error(), http.StatusNotFound)
|
|
case errors.As(err, new(errProxySandboxNotRunning)):
|
|
http.Error(w, err.Error(), http.StatusConflict)
|
|
default:
|
|
http.Error(w, err.Error(), http.StatusServiceUnavailable)
|
|
}
|
|
return
|
|
}
|
|
|
|
proxy := &httputil.ReverseProxy{
|
|
Transport: h.transport,
|
|
Director: func(req *http.Request) {
|
|
req.URL.Scheme = agentURL.Scheme
|
|
req.URL.Host = agentURL.Host
|
|
req.URL.Path = path.Join("/proxy", sandboxIDStr, port, path.Clean("/"+req.URL.Path))
|
|
req.Host = agentURL.Host
|
|
},
|
|
ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
|
|
slog.Debug("sandbox proxy error",
|
|
"sandbox_id", sandboxIDStr,
|
|
"port", port,
|
|
"error", err,
|
|
)
|
|
h.evictProxyCache(sandboxID)
|
|
http.Error(w, "proxy error: "+err.Error(), http.StatusBadGateway)
|
|
},
|
|
}
|
|
proxy.ServeHTTP(w, r)
|
|
}
|