proxy+aperture: refactor to local service

We want aperture to handle some of the incoming requests on its own, without forwarding/proxying them to a remote backend. Those "local" services can register themselves and will be given every request for inspection. If a service decides to handle it locally, the request is passed to that service and not forwarded.
2025-12-18 17:44:20 +01:00 · 2021-11-22 16:30:49 +01:00
parent 8dad6da45a
commit c45cd3a317
2 changed files with 80 additions and 24 deletions
--- a/aperture.go
+++ b/aperture.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 	"time"

@@ -592,9 +593,27 @@ func createProxy(cfg *Config, challenger *LndChallenger,
 		ServiceLimiter: newStaticServiceLimiter(cfg.Services),
 	})
 	authenticator := auth.NewLsatAuthenticator(minter, challenger)
-	return proxy.New(
-		authenticator, cfg.Services, cfg.ServeStatic, cfg.StaticRoot,
-	)
+
+	// By default the static file server only returns 404 answers for
+	// security reasons. Serving files from the staticRoot directory has to
+	// be enabled intentionally.
+	staticServer := http.NotFoundHandler()
+	if cfg.ServeStatic {
+		if len(strings.TrimSpace(cfg.StaticRoot)) == 0 {
+			return nil, fmt.Errorf("staticroot cannot be empty, " +
+				"must contain path to directory that " +
+				"contains index.html")
+		}
+		staticServer = http.FileServer(http.Dir(cfg.StaticRoot))
+	}
+
+	localServices := []proxy.LocalService{
+		proxy.NewLocalService(staticServer, func(r *http.Request) bool {
+			return true
+		}),
+	}
+
+	return proxy.New(authenticator, cfg.Services, localServices...)
 }

 // cleanup closes the given server and shuts down the log rotator.