nolint:cyclop //TODO reduce complexity here.
(rw http.ResponseWriter, r *http.Request)
| 216 | |
| 217 | //nolint:cyclop //TODO reduce complexity here. |
| 218 | func serveHTTP(rw http.ResponseWriter, r *http.Request) { |
| 219 | switch r.Method { |
| 220 | case http.MethodGet, http.MethodPost: |
| 221 | // Only GET and POST methods are supported. |
| 222 | case http.MethodOptions: |
| 223 | // This is required for CORS shit :) |
| 224 | rw.Header().Set("Allow", "GET,POST") |
| 225 | return |
| 226 | default: |
| 227 | err := fmt.Errorf("%q: unsupported method %q", r.RemoteAddr, r.Method) |
| 228 | rw.Header().Set("Connection", "close") |
| 229 | respondWith(rw, err, http.StatusMethodNotAllowed) |
| 230 | return |
| 231 | } |
| 232 | |
| 233 | switch r.URL.Path { |
| 234 | case "/favicon.ico": |
| 235 | case "/metrics": |
| 236 | // nolint:forcetypeassert // We will cover this by tests as we control what is stored. |
| 237 | an := allowedNetworksMetrics.Load().(*config.Networks) |
| 238 | if !an.Contains(r.RemoteAddr) { |
| 239 | err := fmt.Errorf("connections to /metrics are not allowed from %s", r.RemoteAddr) |
| 240 | rw.Header().Set("Connection", "close") |
| 241 | respondWith(rw, err, http.StatusForbidden) |
| 242 | return |
| 243 | } |
| 244 | proxy.refreshCacheMetrics() |
| 245 | promHandler.ServeHTTP(rw, r) |
| 246 | case "/", "/query", pingEndpoint: |
| 247 | var err error |
| 248 | |
| 249 | if r.URL.Path == pingEndpoint && !allowPing.Load() { |
| 250 | err = fmt.Errorf("ping is not allowed") |
| 251 | respondWith(rw, err, http.StatusForbidden) |
| 252 | return |
| 253 | } |
| 254 | |
| 255 | // nolint:forcetypeassert // We will cover this by tests as we control what is stored. |
| 256 | proxyHandler := proxyHandler.Load().(*ProxyHandler) |
| 257 | r.RemoteAddr = proxyHandler.GetRemoteAddr(r) |
| 258 | |
| 259 | var an *config.Networks |
| 260 | if r.TLS != nil { |
| 261 | // nolint:forcetypeassert // We will cover this by tests as we control what is stored. |
| 262 | an = allowedNetworksHTTPS.Load().(*config.Networks) |
| 263 | err = fmt.Errorf("https connections are not allowed from %s", r.RemoteAddr) |
| 264 | } else { |
| 265 | // nolint:forcetypeassert // We will cover this by tests as we control what is stored. |
| 266 | an = allowedNetworksHTTP.Load().(*config.Networks) |
| 267 | err = fmt.Errorf("http connections are not allowed from %s", r.RemoteAddr) |
| 268 | } |
| 269 | if !an.Contains(r.RemoteAddr) { |
| 270 | rw.Header().Set("Connection", "close") |
| 271 | respondWith(rw, err, http.StatusForbidden) |
| 272 | return |
| 273 | } |
| 274 | proxy.ServeHTTP(rw, r) |
| 275 | default: |
nothing calls this directly
no test coverage detected