chore: panic middleware and proxy handler (#4546)

* initial commit

* removed from hyperion

* changes

* added trace

* pr comments

* pg timeouts

* panic message constant

* cleaning up

* common lib version

* argo assets revert

* adding image scanner proxy route

* common-lib-update

Author: subhashish-devtron

App.go

@@ -21,6 +21,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"github.com/devtron-labs/common-lib/middlewares"
 	"log"
 	"net/http"
 	"os"
@@ -101,6 +102,8 @@ func (app *App) Start() {
 	server := &http.Server{Addr: fmt.Sprintf(":%d", port), Handler: authMiddleware.Authorizer(app.sessionManager2, user.WhitelistChecker)(app.MuxRouter.Router)}
 	app.MuxRouter.Router.Use(app.loggingMiddleware.LoggingMiddleware)
 	app.MuxRouter.Router.Use(middleware.PrometheusMiddleware)
+	app.MuxRouter.Router.Use(middlewares.Recovery)
+
 	if tracerProvider != nil {
 		app.MuxRouter.Router.Use(otelmux.Middleware(otel.OTEL_ORCHESTRASTOR_SERVICE_NAME))
 	}

Wire.go

@@ -65,6 +65,7 @@ import (
 	"github.com/devtron-labs/devtron/client/grafana"
 	jClient "github.com/devtron-labs/devtron/client/jira"
 	"github.com/devtron-labs/devtron/client/lens"
+	"github.com/devtron-labs/devtron/client/proxy"
 	"github.com/devtron-labs/devtron/client/telemetry"
 	"github.com/devtron-labs/devtron/internal/sql/repository"
 	app2 "github.com/devtron-labs/devtron/internal/sql/repository/app"
@@ -145,6 +146,7 @@ func InitializeApp() (*App, error) {
 		sso.SsoConfigWireSet,
 		cluster.ClusterWireSet,
 		dashboard.DashboardWireSet,
+		proxy.ProxyWireSet,
 		client.HelmAppWireSet,
 		k8s.K8sApplicationWireSet,
 		chartRepo.ChartRepositoryWireSet,

api/cluster/EnvironmentRestHandler.go

@@ -66,7 +66,7 @@ type EnvironmentRestHandlerImpl struct {
 	validator                         *validator.Validate
 	enforcer                          casbin.Enforcer
 	deleteService                     delete2.DeleteService
-	k8sUtil                           *k8s2.K8sUtil
+	k8sUtil                           *k8s2.K8sServiceImpl
 	cfg                               *bean.Config
 }
 
@@ -75,7 +75,7 @@ type ClusterReachableResponse struct {
 	ClusterName      string `json:"clusterName"`
 }
 
-func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.SugaredLogger, userService user.UserService, validator *validator.Validate, enforcer casbin.Enforcer, deleteService delete2.DeleteService, k8sUtil *k8s2.K8sUtil, k8sCommonService k8s.K8sCommonService) *EnvironmentRestHandlerImpl {
+func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.SugaredLogger, userService user.UserService, validator *validator.Validate, enforcer casbin.Enforcer, deleteService delete2.DeleteService, k8sUtil *k8s2.K8sServiceImpl, k8sCommonService k8s.K8sCommonService) *EnvironmentRestHandlerImpl {
 	cfg := &bean.Config{}
 	err := env.Parse(cfg)
 	if err != nil {

api/helm-app/HelmAppService.go

@@ -84,7 +84,7 @@ type HelmAppServiceImpl struct {
 	installedAppRepository               repository.InstalledAppRepository
 	appRepository                        app.AppRepository
 	clusterRepository                    clusterRepository.ClusterRepository
-	K8sUtil                              *k8s.K8sUtil
+	K8sUtil                              *k8s.K8sServiceImpl
 	helmReleaseConfig                    *HelmReleaseConfig
 }
 
@@ -94,7 +94,7 @@ func NewHelmAppServiceImpl(Logger *zap.SugaredLogger, clusterService cluster.Clu
 	appStoreApplicationVersionRepository appStoreDiscoverRepository.AppStoreApplicationVersionRepository,
 	environmentService cluster.EnvironmentService, pipelineRepository pipelineConfig.PipelineRepository,
 	installedAppRepository repository.InstalledAppRepository, appRepository app.AppRepository,
-	clusterRepository clusterRepository.ClusterRepository, K8sUtil *k8s.K8sUtil,
+	clusterRepository clusterRepository.ClusterRepository, K8sUtil *k8s.K8sServiceImpl,
 	helmReleaseConfig *HelmReleaseConfig) *HelmAppServiceImpl {
 	return &HelmAppServiceImpl{
 		logger:                               Logger,

api/router/router.go

@@ -42,6 +42,7 @@ import (
 	webhookHelm "github.com/devtron-labs/devtron/api/webhook/helm"
 	"github.com/devtron-labs/devtron/client/cron"
 	"github.com/devtron-labs/devtron/client/dashboard"
+	"github.com/devtron-labs/devtron/client/proxy"
 	"github.com/devtron-labs/devtron/client/telemetry"
 	"github.com/devtron-labs/devtron/pkg/terminal"
 	"github.com/devtron-labs/devtron/util"
@@ -90,6 +91,7 @@ type MuxRouter struct {
 	policyRouter                       PolicyRouter
 	gitOpsConfigRouter                 GitOpsConfigRouter
 	dashboardRouter                    dashboard.DashboardRouter
+	proxyRouter                        proxy.ProxyRouter
 	attributesRouter                   AttributesRouter
 	userAttributesRouter               UserAttributesRouter
 	commonRouter                       CommonRouter
@@ -153,7 +155,8 @@ func NewMuxRouter(logger *zap.SugaredLogger, HelmRouter PipelineTriggerRouter, P
 	jobRouter JobRouter, ciStatusUpdateCron cron.CiStatusUpdateCron, resourceGroupingRouter ResourceGroupingRouter,
 	rbacRoleRouter user.RbacRoleRouter,
 	scopedVariableRouter ScopedVariableRouter,
-	ciTriggerCron cron.CiTriggerCron) *MuxRouter {
+	ciTriggerCron cron.CiTriggerCron,
+	proxyRouter proxy.ProxyRouter) *MuxRouter {
 	r := &MuxRouter{
 		Router:                             mux.NewRouter(),
 		HelmRouter:                         HelmRouter,
@@ -194,6 +197,7 @@ func NewMuxRouter(logger *zap.SugaredLogger, HelmRouter PipelineTriggerRouter, P
 		attributesRouter:                   attributesRouter,
 		userAttributesRouter:               userAttributesRouter,
 		dashboardRouter:                    dashboardRouter,
+		proxyRouter:                        proxyRouter,
 		commonRouter:                       commonRouter,
 		grafanaRouter:                      grafanaRouter,
 		ssoLoginRouter:                     ssoLoginRouter,
@@ -357,6 +361,9 @@ func (r MuxRouter) Init() {
 	dashboardRouter := r.Router.PathPrefix("/dashboard").Subrouter()
 	r.dashboardRouter.InitDashboardRouter(dashboardRouter)
 
+	proxyRouter := r.Router.PathPrefix("/proxy").Subrouter()
+	r.proxyRouter.InitProxyRouter(proxyRouter)
+
 	grafanaRouter := r.Router.PathPrefix("/grafana").Subrouter()
 	r.grafanaRouter.initGrafanaRouter(grafanaRouter)
 

client/dashboard/Config.go

@@ -1,6 +1,8 @@
 package dashboard
 
-import "github.com/caarlos0/env"
+import (
+	"github.com/caarlos0/env"
+)
 
 type Config struct {
 	Host      string `env:"DASHBOARD_HOST" envDefault:"localhost"`

client/dashboard/DashboardRouter.go

@@ -2,6 +2,7 @@ package dashboard
 
 import (
 	"fmt"
+	"github.com/devtron-labs/devtron/client/proxy"
 	"github.com/google/wire"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
@@ -31,7 +32,7 @@ func NewDashboardRouterImpl(logger *zap.SugaredLogger, dashboardCfg *Config) *Da
 			ExpectContinueTimeout: 1 * time.Second,
 		},
 	}
-	dashboardProxy := NewDashboardHTTPReverseProxy(fmt.Sprintf("http://%s:%s", dashboardCfg.Host, dashboardCfg.Port), client.Transport)
+	dashboardProxy := proxy.NewDashboardHTTPReverseProxy(fmt.Sprintf("http://%s:%s", dashboardCfg.Host, dashboardCfg.Port), client.Transport)
 	router := &DashboardRouterImpl{
 		dashboardProxy: dashboardProxy,
 		logger:         logger,

client/dashboard/proxy.go

@@ -0,0 +1,64 @@
+package proxy
+
+import (
+	"fmt"
+	"github.com/devtron-labs/devtron/api/restHandler/common"
+	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
+)
+
+const Dashboard = "dashboard"
+const Proxy = "proxy"
+
+func NewDashboardHTTPReverseProxy(serverAddr string, transport http.RoundTripper) func(writer http.ResponseWriter, request *http.Request) {
+	proxy := GetProxyServer(serverAddr, transport, Dashboard)
+	return func(w http.ResponseWriter, r *http.Request) {
+		proxy.ServeHTTP(w, r)
+	}
+}
+
+func GetProxyServer(serverAddr string, transport http.RoundTripper, pathToExclude string) *httputil.ReverseProxy {
+	target, err := url.Parse(serverAddr)
+	if err != nil {
+		log.Fatal(err)
+	}
+	proxy := httputil.NewSingleHostReverseProxy(target)
+	proxy.Transport = transport
+	proxy.Director = func(request *http.Request) {
+		path := request.URL.Path
+		request.URL.Host = target.Host
+		request.URL.Scheme = target.Scheme
+		request.URL.Path = rewriteRequestUrl(path, pathToExclude)
+		fmt.Printf("%s\n", request.URL.Path)
+	}
+	return proxy
+}
+
+func rewriteRequestUrl(path string, pathToExclude string) string {
+	parts := strings.Split(path, "/")
+	var finalParts []string
+	for _, part := range parts {
+		if part == pathToExclude {
+			continue
+		}
+		finalParts = append(finalParts, part)
+	}
+	return strings.Join(finalParts, "/")
+}
+
+func NewHTTPReverseProxy(serverAddr string, transport http.RoundTripper, enforcer casbin.Enforcer) func(writer http.ResponseWriter, request *http.Request) {
+	proxy := GetProxyServer(serverAddr, transport, Proxy)
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		token := r.Header.Get("token")
+		if ok := enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionGet, "*"); !ok {
+			common.WriteJsonResp(w, nil, "Unauthorized User", http.StatusForbidden)
+			return
+		}
+		proxy.ServeHTTP(w, r)
+	}
+}

client/proxy/Proxy.go

@@ -0,0 +1,75 @@
+package proxy
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/caarlos0/env"
+	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
+	"github.com/gorilla/mux"
+	"go.uber.org/zap"
+	"net"
+	"net/http"
+	"time"
+)
+
+type ProxyRouter interface {
+	InitProxyRouter(router *mux.Router)
+}
+
+type ProxyConnection struct {
+	Host string `json:"host"`
+	Port string `json:"port"`
+}
+
+type Config struct {
+	ProxyServiceConfig string `env:"PROXY_SERVICE_CONFIG" envDefault:""`
+}
+
+func GetProxyConfig() (*Config, error) {
+	cfg := &Config{}
+	err := env.Parse(cfg)
+	return cfg, err
+}
+
+type ProxyRouterImpl struct {
+	logger *zap.SugaredLogger
+	proxy  map[string]func(writer http.ResponseWriter, request *http.Request)
+}
+
+func NewProxyRouterImpl(logger *zap.SugaredLogger, proxyCfg *Config, enforcer casbin.Enforcer) *ProxyRouterImpl {
+	client := &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			Dial: (&net.Dialer{
+				Timeout:   120 * time.Second,
+				KeepAlive: 120 * time.Second,
+			}).Dial,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		},
+	}
+	proxyConnection := make(map[string]ProxyConnection)
+	err := json.Unmarshal([]byte(proxyCfg.ProxyServiceConfig), &proxyConnection)
+	if err != nil {
+		logger.Warnw("bad env value for PROXY_SERVICE_CONFIG", "err", err)
+	}
+
+	proxy := make(map[string]func(writer http.ResponseWriter, request *http.Request))
+	for s, connection := range proxyConnection {
+		proxy[s] = NewHTTPReverseProxy(fmt.Sprintf("http://%s:%s", connection.Host, connection.Port), client.Transport, enforcer)
+	}
+
+	router := &ProxyRouterImpl{
+		proxy:  proxy,
+		logger: logger,
+	}
+	return router
+}
+
+func (router ProxyRouterImpl) InitProxyRouter(ProxyRouter *mux.Router) {
+
+	ProxyRouter.PathPrefix("/kubelink").HandlerFunc(router.proxy["kubelink"])
+	ProxyRouter.PathPrefix("/gitsensor").HandlerFunc(router.proxy["gitsensor"])
+	ProxyRouter.PathPrefix("/kubewatch").HandlerFunc(router.proxy["kubewatch"])
+	ProxyRouter.PathPrefix("/image-scanner").HandlerFunc(router.proxy["image-scanner"])
+}

client/proxy/ProxyRouter.go

@@ -0,0 +1,9 @@
+package proxy
+
+import "github.com/google/wire"
+
+var ProxyWireSet = wire.NewSet(
+	GetProxyConfig,
+	NewProxyRouterImpl,
+	wire.Bind(new(ProxyRouter), new(*ProxyRouterImpl)),
+)

client/proxy/wireset.go

@@ -44,7 +44,7 @@ type TelemetryEventClientImpl struct {
 	logger                   *zap.SugaredLogger
 	client                   *http.Client
 	clusterService           cluster.ClusterService
-	K8sUtil                  *k8s.K8sUtil
+	K8sUtil                  *k8s.K8sServiceImpl
 	aCDAuthConfig            *util3.ACDAuthConfig
 	userService              user2.UserService
 	attributeRepo            repository.AttributesRepository
@@ -68,7 +68,7 @@ type TelemetryEventClient interface {
 }
 
 func NewTelemetryEventClientImpl(logger *zap.SugaredLogger, client *http.Client, clusterService cluster.ClusterService,
-	K8sUtil *k8s.K8sUtil, aCDAuthConfig *util3.ACDAuthConfig, userService user2.UserService,
+	K8sUtil *k8s.K8sServiceImpl, aCDAuthConfig *util3.ACDAuthConfig, userService user2.UserService,
 	attributeRepo repository.AttributesRepository, ssoLoginService sso.SSOLoginService,
 	PosthogClient *PosthogClient, moduleRepository moduleRepo.ModuleRepository, serverDataStore *serverDataStore.ServerDataStore, userAuditService user2.UserAuditService, helmAppClient client.HelmAppClient, InstalledAppRepository repository2.InstalledAppRepository) (*TelemetryEventClientImpl, error) {
 	cron := cron.New(

client/telemetry/TelemetryEventClient.go

@@ -48,7 +48,7 @@ type TelemetryEventClientImplExtended struct {
 }
 
 func NewTelemetryEventClientImplExtended(logger *zap.SugaredLogger, client *http.Client, clusterService cluster.ClusterService,
-	K8sUtil *util2.K8sUtil, aCDAuthConfig *util3.ACDAuthConfig,
+	K8sUtil *util2.K8sServiceImpl, aCDAuthConfig *util3.ACDAuthConfig,
 	environmentService cluster.EnvironmentService, userService user2.UserService,
 	appListingRepository repository.AppListingRepository, PosthogClient *PosthogClient,
 	ciPipelineRepository pipelineConfig.CiPipelineRepository, pipelineRepository pipelineConfig.PipelineRepository,