[management, reverse proxy] Add reverse proxy feature (#5291)

* implement reverse proxy --------- Co-authored-by: Alisdair MacLeod <git@alisdairmacleod.co.uk> Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> Co-authored-by: Eduard Gert <kontakt@eduardgert.de> Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Diego Noguês <diego.sure@gmail.com> Co-authored-by: Diego Noguês <49420+diegocn@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Ashley Mensah <ashleyamo982@gmail.com>
2026-04-18 08:16:39 +00:00 · 2026-02-13 19:37:43 +01:00
parent edce11b34d
commit f53155562f
225 changed files with 35513 additions and 235 deletions
--- a/proxy/internal/accesslog/middleware.go
+++ b/proxy/internal/accesslog/middleware.go
@@ -0,0 +1,74 @@
+package accesslog
+
+import (
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/rs/xid"
+
+	"github.com/netbirdio/netbird/proxy/internal/proxy"
+	"github.com/netbirdio/netbird/proxy/web"
+)
+
+func (l *Logger) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Skip logging for internal proxy assets (CSS, JS, etc.)
+		if strings.HasPrefix(r.URL.Path, web.PathPrefix+"/") {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// Generate request ID early so it can be used by error pages and log correlation.
+		requestID := xid.New().String()
+
+		l.logger.Debugf("request: request_id=%s method=%s host=%s path=%s", requestID, r.Method, r.Host, r.URL.Path)
+
+		// Use a response writer wrapper so we can access the status code later.
+		sw := &statusWriter{
+			w:      w,
+			status: http.StatusOK,
+		}
+
+		// Resolve the source IP using trusted proxy configuration before passing
+		// the request on, as the proxy will modify forwarding headers.
+		sourceIp := extractSourceIP(r, l.trustedProxies)
+
+		// Create a mutable struct to capture data from downstream handlers.
+		// We pass a pointer in the context - the pointer itself flows down immutably,
+		// but the struct it points to can be mutated by inner handlers.
+		capturedData := &proxy.CapturedData{RequestID: requestID}
+		capturedData.SetClientIP(sourceIp)
+		ctx := proxy.WithCapturedData(r.Context(), capturedData)
+
+		start := time.Now()
+		next.ServeHTTP(sw, r.WithContext(ctx))
+		duration := time.Since(start)
+
+		host, _, err := net.SplitHostPort(r.Host)
+		if err != nil {
+			// Fallback to just using the full host value.
+			host = r.Host
+		}
+
+		entry := logEntry{
+			ID:            requestID,
+			ServiceId:     capturedData.GetServiceId(),
+			AccountID:     string(capturedData.GetAccountId()),
+			Host:          host,
+			Path:          r.URL.Path,
+			DurationMs:    duration.Milliseconds(),
+			Method:        r.Method,
+			ResponseCode:  int32(sw.status),
+			SourceIp:      sourceIp,
+			AuthMechanism: capturedData.GetAuthMethod(),
+			UserId:        capturedData.GetUserID(),
+			AuthSuccess:   sw.status != http.StatusUnauthorized && sw.status != http.StatusForbidden,
+		}
+		l.logger.Debugf("response: request_id=%s method=%s host=%s path=%s status=%d duration=%dms source=%s origin=%s service=%s account=%s",
+			requestID, r.Method, host, r.URL.Path, sw.status, duration.Milliseconds(), sourceIp, capturedData.GetOrigin(), capturedData.GetServiceId(), capturedData.GetAccountId())
+
+		l.log(r.Context(), entry)
+	})
+}