vane 0.9.0

A flow-based reverse proxy with multi-layer routing and programmable pipelines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327

/* src/layers/l7/container.rs */

use std::sync::atomic::{AtomicUsize, Ordering};

use bytes::Bytes;
use fancy_log::{LogLevel, log};
use http::{HeaderMap, Response};
use http_body::Body;
use http_body_util::BodyExt;
use hyper::upgrade::OnUpgrade;
use tokio::sync::oneshot;

use crate::common::{
	config::env_loader,
	sys::lifecycle::{Error, Result},
};
use crate::layers::l7::{
	http::{protocol_data::HttpProtocolData, wrapper::VaneBody},
	protocol_data::ProtocolData,
};
use crate::resources::kv::KvStore;

// --- Memory Management State ---

/// Global counter for total buffered L7 bytes.
pub static GLOBAL_L7_BUFFERED_BYTES: AtomicUsize = AtomicUsize::new(0);

/// Current memory limit (dynamic or fixed).
pub static CURRENT_MEMORY_LIMIT: AtomicUsize = AtomicUsize::new(536_870_912); // Default 512MB

/// Updates the dynamic memory limit.
pub fn update_memory_limit(new_limit: usize) {
	CURRENT_MEMORY_LIMIT.store(new_limit, Ordering::Relaxed);
}

/// Tries to reserve memory for buffering. Returns true if successful.
pub fn try_reserve_buffer_memory(amount: usize) -> bool {
	let limit = CURRENT_MEMORY_LIMIT.load(Ordering::Relaxed);
	let current = GLOBAL_L7_BUFFERED_BYTES.load(Ordering::Relaxed);
	if current + amount > limit {
		log(
			LogLevel::Warn,
			&format!(
				"🛡 Security: L7 Global Buffer Limit reached! Denying allocation of {amount} bytes (Used: {current}/{limit})"
			),
		);
		return false;
	}
	GLOBAL_L7_BUFFERED_BYTES.fetch_add(amount, Ordering::Relaxed);
	true
}

/// Releases memory from the global counter.
pub fn release_buffer_memory(amount: usize) {
	GLOBAL_L7_BUFFERED_BYTES.fetch_sub(amount, Ordering::Relaxed);
}

/// A RAII guard that tracks buffered L7 memory.
/// When dropped, it automatically releases its quota from the global counter.
#[derive(Debug)]
pub struct BufferGuard {
	size: usize,
}

impl BufferGuard {
	#[must_use]
	pub fn new(size: usize) -> Self {
		Self { size }
	}
}

impl Drop for BufferGuard {
	fn drop(&mut self) {
		if self.size > 0 {
			release_buffer_memory(self.size);
		}
	}
}

/// Represents the payload of an L7 envelope.
/// It abstracts over HTTP bodies (H1/H2/H3) or buffered data using VaneBody.
#[derive(Debug)]
pub enum PayloadState {
	/// A Vane-compatible HTTP Body stream (for H1/H2/H3).
	Http(VaneBody),

	/// A generic L7 stream (e.g., for future Redis/MySQL support).
	Generic,

	/// The payload has been fully buffered into memory.
	/// The BufferGuard ensures the global quota is released when this state is dropped.
	Buffered(Bytes, BufferGuard),

	/// No payload exists or it has been consumed.
	Empty,
}

impl PayloadState {
	/// Creates a new Buffered payload state, enforcing global memory limits.
	pub fn new_buffered(bytes: Bytes) -> Result<Self> {
		let len = bytes.len();
		if !try_reserve_buffer_memory(len) {
			return Err(Error::System(
				"Global L7 memory limit exceeded. Buffering denied.".to_owned(),
			));
		}
		Ok(Self::Buffered(bytes, BufferGuard::new(len)))
	}

	/// Internal helper to buffer the current state into memory.
	async fn force_buffer(&mut self) -> Result<&Bytes> {
		let max_len_str = env_loader::get_env("L7_MAX_BUFFER_SIZE", "10485760".to_owned()); // Default 10MB
		let max_len = max_len_str.parse::<usize>().unwrap_or(10485760);

		// Temporarily take ownership of self to perform transition
		// We use Empty as a placeholder during the async collect()
		let current_state = std::mem::replace(self, Self::Empty);

		match current_state {
			Self::Http(body) => {
				// 1. Get body size hint if available
				let size_hint = body.size_hint().lower() as usize;
				if size_hint > max_len {
					*self = Self::Http(body); // Restore
					return Err(Error::System(format!(
						"Payload size hint too large: {size_hint} > {max_len}"
					)));
				}

				// 2. Perform the collection
				let collected = body
					.collect()
					.await
					.map_err(|e| Error::System(format!("Failed to buffer Vane body: {e}")))?;

				let bytes = collected.to_bytes();
				let actual_len = bytes.len();

				if actual_len > max_len {
					return Err(Error::System(format!(
						"Actual payload too large to buffer: {actual_len} > {max_len}"
					)));
				}

				// 3. Create buffered state (enforces GLOBAL quota)
				*self = Self::new_buffered(bytes)?;
			}
			Self::Buffered(bytes, guard) => {
				// Already buffered, just restore
				*self = Self::Buffered(bytes, guard);
			}
			Self::Generic => {
				*self = Self::new_buffered(Bytes::new())?;
			}
			Self::Empty => {
				*self = Self::Empty;
			}
		}

		match self {
			Self::Buffered(b, _) => Ok(b),
			_ => Err(Error::System(
				"Internal state inconsistency: payload not buffered after force_buffer".to_owned(),
			)),
		}
	}
}

/// The Universal L7 Container (The Envelope).
///
/// # Architecture Note (Hybrid Storage)
/// - **KV (Control Plane):** Stores high-freq metadata (IP, Method, Path) for routing.
/// - **Headers/Body (Data Plane):** Stores the full protocol payload.
///   Accessed via "Magic Words" in the Template System (On-Demand Copy).
/// - **Protocol Data (Extension Plane):** Protocol-specific extension fields.
///   HTTP uses this for WebSocket upgrade handles. Future protocols (DNS, gRPC)
///   can inject their own data without polluting the core structure.
pub struct Container {
	/// Metadata Store (Control Plane)
	pub kv: KvStore,

	/// The Request Headers (Data Plane).
	/// Populated by Adapter. Hijacked by Template System. Consumed by Upstream.
	pub request_headers: HeaderMap,

	/// The Request Body (Data Plane).
	/// Populated at start. Hijacked by Template System (Lazy Buffer). Consumed by FetchUpstream.
	pub request_body: PayloadState,

	/// The Response Headers (Data Plane).
	/// Populated by Upstream/Terminator. Sent to Client.
	pub response_headers: HeaderMap,

	/// The Response Body (Data Plane).
	/// Populated by FetchUpstream or Terminator. Sent to Client.
	pub response_body: PayloadState,

	/// A signaling channel to send the Final Response Headers back to the Protocol Adapter.
	pub response_tx: Option<oneshot::Sender<Response<()>>>,

	/// Protocol-specific extension data (HTTP, DNS, gRPC, etc.).
	/// Use `http_data()` / `http_data_mut()` helpers to access HTTP-specific fields.
	pub protocol_data: Option<Box<dyn ProtocolData>>,
}

impl Container {
	/// Creates a new Container with no protocol-specific data.
	pub fn new(
		kv: KvStore,
		request_headers: HeaderMap,
		request_body: PayloadState,
		response_headers: HeaderMap,
		response_body: PayloadState,
		response_tx: Option<oneshot::Sender<Response<()>>>,
	) -> Self {
		Self {
			kv,
			request_headers,
			request_body,
			response_headers,
			response_body,
			response_tx,
			protocol_data: None,
		}
	}

	/// Creates a new Container with HTTP protocol data (for WebSocket support).
	pub fn new_with_http(
		kv: KvStore,
		request_headers: HeaderMap,
		request_body: PayloadState,
		response_headers: HeaderMap,
		response_body: PayloadState,
		response_tx: Option<oneshot::Sender<Response<()>>>,
	) -> Self {
		let mut container = Self::new(
			kv,
			request_headers,
			request_body,
			response_headers,
			response_body,
			response_tx,
		);
		container.protocol_data = Some(Box::new(HttpProtocolData::new()));
		container
	}

	/// Gets a reference to HTTP protocol data (if present).
	///
	/// Returns None if Container was not created with HTTP protocol support.
	pub fn http_data(&self) -> Option<&HttpProtocolData> {
		self
			.protocol_data
			.as_ref()?
			.as_any()
			.downcast_ref::<HttpProtocolData>()
	}

	/// Gets a mutable reference to HTTP protocol data (if present).
	///
	/// Returns None if Container was not created with HTTP protocol support.
	pub fn http_data_mut(&mut self) -> Option<&mut HttpProtocolData> {
		self
			.protocol_data
			.as_mut()?
			.as_any_mut()
			.downcast_mut::<HttpProtocolData>()
	}

	/// Deprecated: Access via `container.http_data()?.client_upgrade` instead.
	///
	/// Gets the client-side WebSocket upgrade handle.
	#[deprecated(
		since = "0.6.9",
		note = "Use container.http_data()?.client_upgrade to access this field"
	)]
	pub fn get_client_upgrade(&self) -> Option<&OnUpgrade> {
		self.http_data()?.client_upgrade.as_ref()
	}

	/// Deprecated: Access via `container.http_data_mut()?.client_upgrade = Some(...)` instead.
	///
	/// Sets the client-side WebSocket upgrade handle.
	#[deprecated(
		since = "0.6.9",
		note = "Use container.http_data_mut()?.client_upgrade = Some(...) to set this field"
	)]
	pub fn set_client_upgrade(&mut self, upgrade: OnUpgrade) {
		if let Some(data) = self.http_data_mut() {
			data.client_upgrade = Some(upgrade);
		}
	}

	/// Deprecated: Access via `container.http_data()?.upstream_upgrade` instead.
	///
	/// Gets the upstream-side WebSocket upgrade handle.
	#[deprecated(
		since = "0.6.9",
		note = "Use container.http_data()?.upstream_upgrade to access this field"
	)]
	pub fn get_upstream_upgrade(&self) -> Option<&OnUpgrade> {
		self.http_data()?.upstream_upgrade.as_ref()
	}

	/// Deprecated: Access via `container.http_data_mut()?.upstream_upgrade = Some(...)` instead.
	///
	/// Sets the upstream-side WebSocket upgrade handle.
	#[deprecated(
		since = "0.6.9",
		note = "Use container.http_data_mut()?.upstream_upgrade = Some(...) to set this field"
	)]
	pub fn set_upstream_upgrade(&mut self, upgrade: OnUpgrade) {
		if let Some(data) = self.http_data_mut() {
			data.upstream_upgrade = Some(upgrade);
		}
	}

	/// Triggers Lazy Buffering for the REQUEST Body.
	pub async fn force_buffer_request(&mut self) -> Result<&Bytes> {
		self.request_body.force_buffer().await
	}

	/// Triggers Lazy Buffering for the RESPONSE Body.
	pub async fn force_buffer_response(&mut self) -> Result<&Bytes> {
		self.response_body.force_buffer().await
	}
}