alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
138 Commits 2 Branches 0 Tags
245d2a69ff763e806b559709b06153a71b768d3e
Commit Graph

17 Commits

Author SHA1 Message Date
glm-5.1
01e3b1cd9a Mark 6 fix tasks as completed (admin-socket-resource-limits, upstream-uri-error-handling, remove-dead-code-remnants, acme-contact-validation, admin-socket-reload-mutex-visibility, connector-timeout-ceiling) 2026-06-12 14:18:23 +00:00
glm-5.1
db982e9c4d Mark fix/inflight-counter-increment, fix/consolidate-config-types, fix/rate-limiter-ip-source as completed 2026-06-12 14:02:02 +00:00
glm-5.1
54f1725173 Decompose security review #003 findings into 17 fix tasks and 1 review task 
Address 4 critical, 8 warning, and 5 suggestion findings from the
security and bug review by creating atomic, dependency-ordered tasks:

Critical fixes (C1-C4): rate limiter IP source (ADR-025), InFlightCounter
increment + drain interval, connector timeout ceiling (ADR-026), JSON format
without log file.

Validation tightening (W1, W2): upstream host validation, ACME contact email
validation.

Robustness (W3, W4, W5, W12): upstream URI error handling (502 not silent
drop), admin socket resource limits (ADR-027), TlsMode wildcard mismatch,
http_port u32→u16.

Code quality (W6, W10, W11, S1, S3, W8/W9): config type consolidation,
TokenBucket field visibility, reload_mutex #[cfg(test)], dead code removal,
root cert count logging, misleading test names.

Test coverage (S10): rate limiter ConnectInfo tests (depends on C1 fix).

Review: post-security-fix-review checkpoint covering all critical fixes
and sensitive config consolidation path.
 2026-06-12 13:42:37 +00:00
glm-5.1
da28ea749d Mark fix/clean-dead-code as completed 2026-06-12 05:13:10 +00:00
glm-5.1
8f3c56e6bc Mark fix/add-code-comments as completed 2026-06-12 05:05:36 +00:00
glm-5.1
516efb0403 Mark fix/connect-timeout as completed 2026-06-12 05:02:41 +00:00
glm-5.1
1da01a2336 Mark fix/graceful-shutdown as completed 2026-06-12 05:00:28 +00:00
glm-5.1
abc8a44134 Mark fix/request-timeout-scope as completed 2026-06-12 04:47:15 +00:00
glm-5.1
f02670d5ef Mark Batch 2 tasks as completed (remove-health, access-logging, acme-contact) 2026-06-12 04:46:34 +00:00
glm-5.1
19efbd42ee Mark fix/normalize-host-ipv6 as completed 2026-06-12 04:41:52 +00:00
glm-5.1
53d601522e Mark fix/config-reload-static-drift as completed 2026-06-12 04:36:34 +00:00
glm-5.1
d7f811ffb5 Mark fix/logging-test-global-subscriber as completed 2026-06-12 04:29:48 +00:00
glm-5.1
c50d2e8d1b Mark fix/http-port-validation as completed 2026-06-12 04:29:02 +00:00
glm-5.1
53ef5b32c3 Mark fix/fragile-error-detection as completed 2026-06-12 04:25:49 +00:00
glm-5.1
4db4ecbeb9 Mark fix/integration-test-toml as completed 2026-06-12 04:23:27 +00:00
glm-5.1
426333eeda Mark fix/token-bucket-nanosecond as completed 2026-06-12 04:22:35 +00:00
glm-5.1
f9d7b8112b Decompose implementation review fixes into 14 atomic tasks with post-fix review 
Break down findings from review #002 into dependency-ordered fix tasks:

Critical/High:
- fix/acme-contact-and-challenge (C1+C2): Add acme_contact field, wire to
  ACME, remove unused challenge_config, add validation rule 19
- fix/remove-health-and-hardcode-https (W5+W14+ADR-022): Remove /health
  from main listener, hardcode X-Forwarded-Proto to https
- fix/config-reload-static-drift (C4): Use ArcSwap<StaticConfig> so reload
  diffs against last config, not startup config
- fix/access-logging (W13): Wire up log_request! macro for every proxied
  request with client_ip, host, method, path, status, upstream, duration_ms

Medium:
- fix/graceful-shutdown (W1+W7): Join HTTPS tasks with timeout instead of
  abort, add shutdown signal to admin socket and eviction task
- fix/connect-timeout (W4): Wire upstream_connect_timeout_secs to enforce
  separate connect timeout

Low/Independent:
- fix/token-bucket-nanosecond (W6): Use as_nanos() instead of as_millis()
- fix/normalize-host-ipv6 (S3): Handle IPv6 bracket notation in normalize_host
- fix/http-port-validation (S1): Validate http_port in range 0 or 1-65535
- fix/integration-test-toml (S10): Fix double-nested listeners.listeners.sites
- fix/logging-test-global-subscriber (W9): Use try_init() to avoid test conflicts
- fix/fragile-error-detection (W3): Add typed error matching or documented string match
- fix/add-code-comments (C3,W8,W10,W11,S9): Document correct-but-non-obvious behaviors
- fix/request-timeout-scope (S8): Document full-request timeout scope
- fix/clean-dead-code (S4+S2): Remove dead_code annotations, add #[non_exhaustive]

Review gate:
- review/post-fix-review: Verify all fixes against architecture spec
 2026-06-12 04:08:45 +00:00