refactor: adjust proxy handle function

Author: vicanso

Diff for: benches/bench.rs

@@ -139,8 +139,8 @@ fn bench_location_filter(c: &mut Criterion) {
         )
         .unwrap();
         b.iter(|| {
-            lo.matched("", "/api/users/me");
-            lo.matched("", "/rest");
+            lo.match_host_path("", "/api/users/me");
+            lo.match_host_path("", "/rest");
         });
     });
 
@@ -155,8 +155,8 @@ fn bench_location_filter(c: &mut Criterion) {
         )
         .unwrap();
         b.iter(|| {
-            lo.matched("", "/rest/api/users/me");
-            lo.matched("", "/rest");
+            lo.match_host_path("", "/rest/api/users/me");
+            lo.match_host_path("", "/rest");
         });
     });
     group.bench_function("equal", |b| {
@@ -170,8 +170,8 @@ fn bench_location_filter(c: &mut Criterion) {
         )
         .unwrap();
         b.iter(|| {
-            lo.matched("", "/api/users/me");
-            lo.matched("", "/api");
+            lo.match_host_path("", "/api/users/me");
+            lo.match_host_path("", "/api");
         });
     });
 

Diff for: error.html

@@ -58,7 +58,7 @@
                 >
             </div>
         </header>
-        <p class="pingap-error">{{error_ype}}</p>
+        <p class="pingap-error">{{error_type}}</p>
         <p class="pingap-error">{{content}}</p>
     </body>
 </html>

Diff for: src/plugin/cache.rs

@@ -390,7 +390,7 @@ impl Plugin for Cache {
         if method == METHOD_PURGE.to_owned() {
             let found = match self
                 .purge_ip_rules
-                .matched(&util::get_client_ip(session))
+                .is_match(&util::get_client_ip(session))
             {
                 Ok(matched) => matched,
                 Err(e) => {

Diff for: src/plugin/combined_auth.rs

@@ -183,7 +183,7 @@ impl CombinedAuth {
         // Uses X-Forwarded-For header for IP detection behind proxies
         if let Some(ip_rules) = &auth_param.ip_rules {
             let ip = util::get_client_ip(session);
-            if !ip_rules.matched(&ip).unwrap_or_default() {
+            if !ip_rules.is_match(&ip).unwrap_or_default() {
                 return Err(Error::Invalid {
                     category: category.to_string(),
                     message: "ip is invalid".to_string(),

Diff for: src/plugin/ip_restriction.rs

@@ -147,7 +147,7 @@ impl Plugin for IpRestriction {
 
         // Check if IP matches any configured rules
         // Returns error if IP is malformed
-        let found = match self.ip_rules.matched(&ip) {
+        let found = match self.ip_rules.is_match(&ip) {
             Ok(matched) => matched,
             Err(e) => {
                 return Ok(Some(HttpResponse::bad_request(

Diff for: src/proxy/dynamic_certificate.rs

@@ -292,12 +292,15 @@ impl pingora::listeners::TlsAccept for GlobalCertificate {
         // 5. Handle special case for CA certificates (self-signed)
         // 6. Apply certificate, private key, and chain to SSL context
 
-        // TODO add more debug log
-        debug!(category = LOG_CATEGORY, ssl = format!("{ssl:?}"));
         let sni = ssl
             .servername(NameType::HOST_NAME)
             .unwrap_or(DEFAULT_SERVER_NAME);
-        debug!(category = LOG_CATEGORY, server_name = sni);
+        // TODO add more debug log
+        debug!(
+            category = LOG_CATEGORY,
+            ssl = format!("{ssl:?}"),
+            server_name = sni
+        );
 
         let mut dynamic_certificate = None;
         let certs = DYNAMIC_CERTIFICATE_MAP.load();

Diff for: src/proxy/location.rs

@@ -431,7 +431,7 @@ impl Location {
     /// - bool: Whether the request matched both path and host rules
     /// - Option<Vec<(String, String)>>: Any captured variables from regex host matching
     #[inline]
-    pub fn matched(
+    pub fn match_host_path(
         &self,
         host: &str,
         path: &str,
@@ -787,8 +787,8 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(true, lo.matched("pingap", "/api").0);
-        assert_eq!(true, lo.matched("", "").0);
+        assert_eq!(true, lo.match_host_path("pingap", "/api").0);
+        assert_eq!(true, lo.match_host_path("", "").0);
 
         // host
         let lo = Location::new(
@@ -800,9 +800,9 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(true, lo.matched("pingap", "/api").0);
-        assert_eq!(true, lo.matched("pingap", "").0);
-        assert_eq!(false, lo.matched("", "/api").0);
+        assert_eq!(true, lo.match_host_path("pingap", "/api").0);
+        assert_eq!(true, lo.match_host_path("pingap", "").0);
+        assert_eq!(false, lo.match_host_path("", "/api").0);
 
         // regex
         let lo = Location::new(
@@ -814,9 +814,9 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(true, lo.matched("", "/api/users").0);
-        assert_eq!(true, lo.matched("", "/users").0);
-        assert_eq!(false, lo.matched("", "/api").0);
+        assert_eq!(true, lo.match_host_path("", "/api/users").0);
+        assert_eq!(true, lo.match_host_path("", "/users").0);
+        assert_eq!(false, lo.match_host_path("", "/api").0);
 
         // regex ^/api
         let lo = Location::new(
@@ -828,9 +828,9 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(true, lo.matched("", "/api/users").0);
-        assert_eq!(false, lo.matched("", "/users").0);
-        assert_eq!(true, lo.matched("", "/api").0);
+        assert_eq!(true, lo.match_host_path("", "/api/users").0);
+        assert_eq!(false, lo.match_host_path("", "/users").0);
+        assert_eq!(true, lo.match_host_path("", "/api").0);
 
         // prefix
         let lo = Location::new(
@@ -842,9 +842,9 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(true, lo.matched("", "/api/users").0);
-        assert_eq!(false, lo.matched("", "/users").0);
-        assert_eq!(true, lo.matched("", "/api").0);
+        assert_eq!(true, lo.match_host_path("", "/api/users").0);
+        assert_eq!(false, lo.match_host_path("", "/users").0);
+        assert_eq!(true, lo.match_host_path("", "/api").0);
 
         // equal
         let lo = Location::new(
@@ -856,9 +856,9 @@ mod tests {
             },
         )
         .unwrap();
-        assert_eq!(false, lo.matched("", "/api/users").0);
-        assert_eq!(false, lo.matched("", "/users").0);
-        assert_eq!(true, lo.matched("", "/api").0);
+        assert_eq!(false, lo.match_host_path("", "/api/users").0);
+        assert_eq!(false, lo.match_host_path("", "/users").0);
+        assert_eq!(true, lo.match_host_path("", "/api").0);
     }
 
     #[test]

Diff for: src/proxy/server.rs

@@ -492,7 +492,7 @@ fn get_digest_detail(digest: &Digest) -> DigestDetail {
         connection_reused,
         tcp_established,
         connection_time,
-        tls_established: get_established(digest.timing_digest.get(1)),
+        tls_established: get_established(digest.timing_digest.last()),
         tls_version: Some(ssl_digest.version.to_string()),
         tls_cipher: Some(ssl_digest.cipher.to_string()),
     }
@@ -609,7 +609,7 @@ impl ProxyHttp for Server {
             let Some(location) = get_location(name) else {
                 continue;
             };
-            let (matched, variables) = location.matched(host, path);
+            let (matched, variables) = location.match_host_path(host, path);
             if matched {
                 ctx.location = Some(location);
                 if let Some(variables) = variables {
@@ -633,6 +633,17 @@ impl ProxyHttp for Server {
                 .validate_content_length(header)
                 .map_err(|e| util::new_internal_error(413, e.to_string()))?;
 
+            // add processing, if processing is max than limit,
+            // it will return error with 429 status code
+            match location.add_processing() {
+                Ok((accepted, processing)) => {
+                    ctx.location_accepted = accepted;
+                    ctx.location_processing = processing;
+                },
+                Err(e) => {
+                    return Err(util::new_internal_error(429, e.to_string()));
+                },
+            };
             if location.support_grpc_web() {
                 // Initialize grpc web module for this request
                 let grpc_web = session
@@ -648,15 +659,6 @@ impl ProxyHttp for Server {
                 grpc_web.init();
             }
 
-            match location.add_processing() {
-                Ok((accepted, processing)) => {
-                    ctx.location_accepted = accepted;
-                    ctx.location_processing = processing;
-                },
-                Err(e) => {
-                    return Err(util::new_internal_error(429, e.to_string()));
-                },
-            };
             let _ = location
                 .clone()
                 .handle_request_plugin(PluginStep::EarlyRequest, session, ctx)
@@ -706,10 +708,15 @@ impl ProxyHttp for Server {
             && self.prometheus.is_some()
             && header.uri.path() == self.prometheus_metrics
         {
-            let body =
-                self.prometheus.as_ref().unwrap().metrics().map_err(|e| {
-                    util::new_internal_error(500, e.to_string())
-                })?;
+            let body = self
+                .prometheus
+                .as_ref()
+                .ok_or(util::new_internal_error(
+                    500,
+                    "get prometheus fail".to_string(),
+                ))?
+                .metrics()
+                .map_err(|e| util::new_internal_error(500, e.to_string()))?;
             HttpResponse::text(body.into()).send(session).await?;
             return Ok(true);
         }
@@ -833,9 +840,9 @@ impl ProxyHttp for Server {
     {
         debug!(category = LOG_CATEGORY, "--> connected to upstream");
         defer!(debug!(category = LOG_CATEGORY, "<-- connected to upstream"););
-        if !reused {
-            if let Some(digest) = digest {
-                let detail = get_digest_detail(digest);
+        if let Some(digest) = digest {
+            let detail = get_digest_detail(digest);
+            if !reused {
                 let upstream_connect_time =
                     ctx.upstream_connect_time.unwrap_or_default();
                 if upstream_connect_time > 0
@@ -849,6 +856,7 @@ impl ProxyHttp for Server {
                         Some(detail.tls_established - detail.tcp_established);
                 }
             }
+            ctx.upstream_connection_time = Some(detail.connection_time);
         }
 
         ctx.upstream_reused = reused;
@@ -1192,7 +1200,7 @@ impl ProxyHttp for Server {
             .error_template
             .replace("{{version}}", util::get_pkg_version())
             .replace("{{content}}", &e.to_string())
-            .replace("{{error_ype}}", error_type);
+            .replace("{{error_type}}", error_type);
         let buf = Bytes::from(content);
         ctx.status = Some(
             StatusCode::from_u16(code)

Diff for: src/proxy/server_conf.rs

@@ -72,10 +72,11 @@ pub struct ServerConf {
     pub tcp_fastopen: Option<usize>,
 
     // Whether to use globally configured TLS certificates
-    // False means server-specific certificates will be used
+    // False means the server is using http protocol
     pub global_certificates: bool,
 
     // Whether HTTP/2 protocol support is enabled for this server
+    // False means the server is using h2c protocol
     pub enabled_h2: bool,
 
     // Endpoint path for exposing Prometheus metrics

Diff for: src/util/ip.rs

@@ -55,7 +55,7 @@ impl IpRules {
     /// - Ok(true) if IP matches either an individual IP or falls within a network range
     /// - Ok(false) if no match is found
     /// - Err if the IP address string cannot be parsed
-    pub fn matched(&self, ip: &String) -> Result<bool, AddrParseError> {
+    pub fn is_match(&self, ip: &String) -> Result<bool, AddrParseError> {
         let found = if self.ip_list.contains(ip) {
             // First check for exact match in individual IP list
             true