mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-16 19:49:56 +00:00
* [agent-network] Shared proto, OpenAPI schema, and generated types * [agent-network] Management: store, manager, synthesizer, policy engine, provider catalog, HTTP/gRPC API Adds the account-scoped agent-network module: provider/policy/budget CRUD and store, the reverse-proxy service synthesizer, policy selection + limit enforcement, the provider catalog (incl. Vertex AI and AWS Bedrock entries), and the management HTTP + proxy gRPC surfaces. * [management] Fix agent-network proxy-peer fan-out on affected-peer recompute The affected-peers resolver loaded only persisted reverse-proxy services, but agent-network services are synthesized on demand and never persisted. As a result the embedded proxy peer was never folded into the affected set when a client's group changed, so the proxy received no network-map update for a newly authorised client and rejected its handshake until a full resync (restart). loadProxyServices now merges the synthesized agent-network services (injected via a registration hook to avoid an import cycle), so proxy peers learn newly authorised clients immediately. * [proxy] Reverse-proxy middleware framework, chain, and request plumbing The per-target middleware chain (slots, dispatcher, mutation gate, metadata merger), body capture, access-log terminal sink, and the proxy wiring that builds + runs chains for synthesized agent-network services. * [proxy] LLM parsers, pricing, and builtin middlewares (OpenAI, Anthropic, Vertex AI, AWS Bedrock) Request/response parsers and SSE/event-stream metering, the embedded pricing table, and the builtin middleware set: request parser, router, policy limit-check/record, cost meter, guardrail, identity inject, response parser. Includes the path-routed providers — Google Vertex AI (keyfile:: service-account OAuth minting) and AWS Bedrock (bearer auth, invoke/converse/streaming, optional /bedrock prefix) — plus the Models allowlist and unmeterable-publisher deny. * [proxy] IPv6 in-place apply and TCP accept-loop hardening on netstack listeners * [agent-network] End-to-end test suite, module docs, and deployment preset * [agent-network] Fix codespell typos and exclude false positives - labelgen word pool: vermillion -> vermilion, racoon -> raccoon. - codespell ignore list: add flate (Go compress/flate package), recordin (a test-local identifier), and unparseable (a valid alternative spelling used consistently across identifiers + a metadata-value constant). * [management] Set LastSeen on injected proxy peer in realstack test (MySQL strict-mode) The injected embedded proxy peer had a PeerStatus with a zero LastSeen, which serializes to '0000-00-00' and is rejected by MySQL in strict mode (SQLite tolerates it). Set LastSeen to a valid time so SaveAccount succeeds on both engines. * [agent-network] Remove e2e shell-script suite from this branch The end-to-end shell scripts under scripts/e2e/ are maintained in a separate testing suite and are not part of this change set. * [agent-network] Polish module docs: remove internal review scaffolding, fix links, verify diagrams Strip PR-review framing, commit references, absolute paths, and stale internal references from the agent-network module docs; fix broken relative links; verify all diagrams against the current architecture. Remove the internal AI-reviewer prompt file. * [management] Refine session expiration handling to support 3-state encoding for SSO deadlines * [agent-network] Relocate agentnetwork package to internals/modules Move management/server/agentnetwork (and its catalog/, labelgen/, types/ subpackages) to management/internals/modules/agentnetwork, alongside the reverse-proxy module, and rewrite all importers. Pure relocation: package names, the synthesizer + affectedpeers registration hook, and store access (shared store.Store) are unchanged, so no import cycle is introduced (affectedpeers still depends only on the agentnetwork/types leaf). * [agent-network] Co-locate HTTP handlers in the module (RegisterEndpoints) Move the agent-network HTTP handlers from server/http/handlers/agentnetwork into the module at internals/modules/agentnetwork/handlers (package handlers) and rename the entrypoint AddEndpoints -> RegisterEndpoints, matching the reverse-proxy module convention. Wiring in http/handler.go updated accordingly.
100 lines
3.2 KiB
Go
100 lines
3.2 KiB
Go
package middleware
|
|
|
|
import "regexp"
|
|
|
|
// keyRegex constrains metadata keys to the cross-domain shape
|
|
// described in keys.go. At least one dot, lowercase ASCII / digits /
|
|
// dot / underscore / hyphen only, length within MaxMetadataKeyBytes.
|
|
var keyRegex = regexp.MustCompile(`^[a-z][a-z0-9_-]*(\.[a-z0-9][a-z0-9_-]*)+$`)
|
|
|
|
// MetadataRejection describes a single rejected key/value so the
|
|
// dispatcher can emit per-reason counter increments.
|
|
type MetadataRejection struct {
|
|
Key string
|
|
Reason string
|
|
}
|
|
|
|
// Rejection reasons reported by Accumulator.Emit.
|
|
const (
|
|
MetadataReasonBadKey = "bad_key"
|
|
MetadataReasonNotAllowlisted = "not_allowlisted"
|
|
MetadataReasonKeyTooLong = "key_too_long"
|
|
MetadataReasonValueTooLong = "value_too_long"
|
|
MetadataReasonMiddlewareCap = "middleware_cap"
|
|
MetadataReasonRequestCap = "request_cap"
|
|
)
|
|
|
|
// Accumulator enforces per-middleware and per-request metadata caps.
|
|
// Not safe for concurrent use; callers hold one inside a single chain
|
|
// execution.
|
|
type Accumulator struct {
|
|
perMiddlewareUsed map[string]int
|
|
totalUsed int
|
|
maxPerRequest int
|
|
}
|
|
|
|
// NewAccumulator returns an accumulator configured for the per-request
|
|
// total cap. A maxPerRequest of zero means use MaxRequestMetadataBytes.
|
|
func NewAccumulator(maxPerRequest int) *Accumulator {
|
|
if maxPerRequest <= 0 {
|
|
maxPerRequest = MaxRequestMetadataBytes
|
|
}
|
|
return &Accumulator{
|
|
perMiddlewareUsed: make(map[string]int),
|
|
maxPerRequest: maxPerRequest,
|
|
}
|
|
}
|
|
|
|
// Emit validates the candidate metadata against the middleware's
|
|
// allowlist and the global caps, redacts each accepted value, and
|
|
// returns the accepted entries plus any rejections for metric emission.
|
|
func (a *Accumulator) Emit(middlewareID string, allow []string, out []KV) ([]KV, []MetadataRejection) {
|
|
if len(out) == 0 {
|
|
return nil, nil
|
|
}
|
|
allowSet := make(map[string]struct{}, len(allow))
|
|
for _, k := range allow {
|
|
allowSet[k] = struct{}{}
|
|
}
|
|
|
|
accepted := make([]KV, 0, len(out))
|
|
var rejected []MetadataRejection
|
|
|
|
for _, kv := range out {
|
|
if len(kv.Key) == 0 || len(kv.Key) > MaxMetadataKeyBytes {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonKeyTooLong})
|
|
continue
|
|
}
|
|
if !keyRegex.MatchString(kv.Key) {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonBadKey})
|
|
continue
|
|
}
|
|
if _, ok := allowSet[kv.Key]; !ok {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonNotAllowlisted})
|
|
continue
|
|
}
|
|
if len(kv.Value) > MaxMetadataValueBytes {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonValueTooLong})
|
|
continue
|
|
}
|
|
|
|
redacted := Scan(kv.Value)
|
|
cost := len(kv.Key) + len(redacted)
|
|
|
|
if a.perMiddlewareUsed[middlewareID]+cost > MaxMiddlewareMetadataBytes {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonMiddlewareCap})
|
|
continue
|
|
}
|
|
if a.totalUsed+cost > a.maxPerRequest {
|
|
rejected = append(rejected, MetadataRejection{Key: kv.Key, Reason: MetadataReasonRequestCap})
|
|
continue
|
|
}
|
|
|
|
a.perMiddlewareUsed[middlewareID] += cost
|
|
a.totalUsed += cost
|
|
accepted = append(accepted, KV{Key: kv.Key, Value: redacted})
|
|
}
|
|
|
|
return accepted, rejected
|
|
}
|