fix management reverseproxy proto mapping

2026-04-16 15:26:40 +00:00 · 2026-01-29 12:29:21 +00:00
parent 7d74904d62
commit f204da0d68
2 changed files with 17 additions and 56 deletions
--- a/management/internals/modules/reverseproxy/reverseproxy.go
+++ b/management/internals/modules/reverseproxy/reverseproxy.go
@@ -2,7 +2,9 @@ package reverseproxy

 import (
 	"errors"
-	"fmt"
+	"net"
+	"net/url"
+	"strconv"

 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
@@ -137,19 +139,23 @@ func (r *ReverseProxy) ToProtoMapping(operation Operation, setupKey string) *pro
 			continue
 		}

-		targetURL := target.Protocol + "://" + target.Host
-		if target.Port > 0 {
-			targetURL += ":" + fmt.Sprintf("%d", target.Port)
-		}
-
 		path := "/"
 		if target.Path != nil {
 			path = *target.Path
 		}

+		targetURL := url.URL{
+			Scheme: target.Protocol,
+			Host:   target.Host,
+			Path:   path,
+		}
+		if target.Port > 0 {
+			targetURL.Host = net.JoinHostPort(targetURL.Host, strconv.Itoa(target.Port))
+		}
+
 		pathMappings = append(pathMappings, &proto.PathMapping{
 			Path:   path,
-			Target: targetURL,
+			Target: targetURL.String(),
 		})
 	}

--- a/management/internals/shared/grpc/proxy.go
+++ b/management/internals/shared/grpc/proxy.go
@@ -129,47 +129,6 @@ func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnec
 			continue
 		}

-		// Fill auth values.
-		// TODO: This will be removed soon as the management server should be handling authentication rather than the proxy, so probably not much use in fleshing this out too much.
-		auth := &proto.Authentication{}
-		if rp.Auth.BearerAuth != nil && rp.Auth.BearerAuth.Enabled {
-			auth.Oidc = &proto.OIDC{
-				Enabled: true,
-				// TODO: fill other OIDC fields from account OIDC settings.
-			}
-		}
-		if rp.Auth.PasswordAuth != nil && rp.Auth.PasswordAuth.Password != "" {
-			auth.Password = &proto.Password{
-				Enabled:  true,
-				Password: rp.Auth.PasswordAuth.Password,
-			}
-		}
-		if rp.Auth.PinAuth != nil && rp.Auth.PinAuth.Pin != "" {
-			auth.Pin = &proto.Pin{
-				Enabled: true,
-				Pin:     rp.Auth.PinAuth.Pin,
-			}
-		}
-
-		var paths []*proto.PathMapping
-		for _, t := range rp.Targets {
-			if !t.Enabled {
-				// We don't care about disabled reverse proxy targets for snapshots.
-				continue
-			}
-
-			// Default to a top level path (routes all paths) if no path is defined.
-			path := "/"
-			if t.Path != nil {
-				path = *t.Path
-			}
-
-			paths = append(paths, &proto.PathMapping{
-				Path:   path,
-				Target: t.Host,
-			})
-		}
-
 		group, err := s.keyStore.GetGroupByName(ctx, rp.Name, rp.AccountID)
 		if err != nil {
 			// TODO: log this?
@@ -195,14 +154,10 @@ func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnec

 		if err := conn.stream.Send(&proto.GetMappingUpdateResponse{
 			Mapping: []*proto.ProxyMapping{
-				{
-					Type:     proto.ProxyMappingUpdateType_UPDATE_TYPE_CREATED, // Initial snapshot, all records are "new" for the proxy.
-					Id:       rp.ID,
-					Domain:   rp.Domain,
-					Path:     paths,
-					SetupKey: key.Key,
-					Auth:     auth,
-				},
+				rp.ToProtoMapping(
+					reverseproxy.Create, // Initial snapshot, all records are "new" for the proxy.
+					key.Key,
+				),
 			},
 		}); err != nil {
 			// TODO: log the error, maybe retry?