vane 0.9.2

A flow-based reverse proxy with multi-layer routing and programmable pipelines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

/* src/api/handlers/ports.rs */

use crate::api::response;
use crate::api::schemas::ports::{
	PortCreated, PortCreatedResponse, PortDetail, PortDetailResponse, PortInfo, PortListResponse,
	ProtocolStatus,
};
use crate::api::utils::config_file;
use crate::common::{config::file_loader, net::port_utils};
use crate::ingress::state::Protocol;
use crate::layers::l4::fs as transport_fs;
use axum::{extract::Path, http::StatusCode, response::IntoResponse};
use tokio::fs;

// --- Handlers ---

/// List all ports
#[utoipa::path(
    get,
    path = "/ports",
    responses(
        (status = 200, description = "List of ports", body = PortListResponse)
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn list_ports_handler() -> impl IntoResponse {
	let config_dir = file_loader::get_config_dir();
	let mut ports = Vec::new();

	let config = crate::config::get();
	let tcp_map = config.listeners.tcp.snapshot().await;
	let udp_map = config.listeners.udp.snapshot().await;

	// Read from filesystem (source of truth for configuration)
	let mut entries = match fs::read_dir(&config_dir).await {
		Ok(entries) => entries,
		Err(e) => {
			return response::error(
				StatusCode::INTERNAL_SERVER_ERROR,
				format!("Failed to read config directory: {e}"),
			);
		}
	};

	while let Ok(Some(entry)) = entries.next_entry().await {
		if let Ok(metadata) = entry.metadata().await {
			if !metadata.is_dir() {
				continue;
			}
		} else {
			continue;
		}

		if let Some(name) = entry.file_name().to_str()
			&& name.starts_with('[')
			&& name.ends_with(']')
			&& let Ok(port_num) = name[1..name.len() - 1].parse::<u16>()
		{
			// Check active state from runtime memory
			let port_str = port_num.to_string();
			let active = tcp_map.contains_key(&port_str) || udp_map.contains_key(&port_str);

			let mut protocols = Vec::new();
			let tcp_dir = config_dir.join(name).join("tcp");
			if fs::metadata(&tcp_dir).await.is_ok() {
				protocols.push("tcp".to_owned());
			}
			let udp_dir = config_dir.join(name).join("udp");
			if fs::metadata(&udp_dir).await.is_ok() {
				protocols.push("udp".to_owned());
			}

			ports.push(PortInfo {
				port: port_num,
				protocols,
				active,
			});
		}
	}

	ports.sort_by_key(|p| p.port);
	response::success(ports)
}

/// Get port details
#[utoipa::path(
    get,
    path = "/ports/{port}",
    params(
        ("port" = u16, Path, description = "Port number")
    ),
    responses(
        (status = 200, description = "Port details", body = PortDetailResponse),
        (status = 404, description = "Port not configured")
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn get_port_handler(Path(port): Path<u16>) -> impl IntoResponse {
	let port_dir = file_loader::get_config_dir().join(format!("[{port}]"));
	if fs::metadata(&port_dir).await.is_err() {
		return response::error(StatusCode::NOT_FOUND, format!("Port {port} not configured"));
	}

	// Runtime status
	let config = crate::config::get();
	let port_str = port.to_string();

	// TCP Info
	let tcp_path = port_dir.join("tcp");
	let tcp = if fs::metadata(&tcp_path).await.is_ok() {
		let config_res = config_file::find_config::<serde_json::Value>(&tcp_path).await;
		let source_format = match config_res {
			config_file::ConfigFileResult::Single { format, .. } => Some(format),
			_ => None,
		};

		let active = config.listeners.get_tcp(&port_str).is_some();

		Some(ProtocolStatus {
			active,
			source_format,
		})
	} else {
		None
	};

	// UDP Info
	let udp_path = port_dir.join("udp");
	let udp = if fs::metadata(&udp_path).await.is_ok() {
		let config_res = config_file::find_config::<serde_json::Value>(&udp_path).await;
		let source_format = match config_res {
			config_file::ConfigFileResult::Single { format, .. } => Some(format),
			_ => None,
		};

		let active = config.listeners.get_udp(&port_str).is_some();

		Some(ProtocolStatus {
			active,
			source_format,
		})
	} else {
		None
	};

	response::success(PortDetail { port, tcp, udp })
}

/// Create port
#[utoipa::path(
    post,
    path = "/ports/{port}",
    params(
        ("port" = u16, Path, description = "Port number")
    ),
    responses(
        (status = 201, description = "Port created", body = PortCreatedResponse),
        (status = 400, description = "Invalid port"),
        (status = 409, description = "Port already exists")
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn create_port_handler(Path(port): Path<u16>) -> impl IntoResponse {
	if !port_utils::is_valid_port(port) {
		return response::error(StatusCode::BAD_REQUEST, "Invalid port number".into());
	}
	let port_dir = file_loader::get_config_dir().join(format!("[{port}]"));
	if fs::metadata(&port_dir).await.is_ok() {
		return response::error(StatusCode::CONFLICT, format!("Port {port} already exists"));
	}
	match fs::create_dir(&port_dir).await {
		Ok(_) => response::created(PortCreated {
			port,
			created: true,
		}),
		Err(e) => response::error(StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
	}
}

/// Delete port
#[utoipa::path(
    delete,
    path = "/ports/{port}",
    params(
        ("port" = u16, Path, description = "Port number")
    ),
    responses(
        (status = 204, description = "Port deleted"),
        (status = 404, description = "Port not found")
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn delete_port_handler(Path(port): Path<u16>) -> impl IntoResponse {
	let port_dir = file_loader::get_config_dir().join(format!("[{port}]"));
	if fs::metadata(&port_dir).await.is_err() {
		return response::error(StatusCode::NOT_FOUND, format!("Port {port} not found"));
	}
	match fs::remove_dir_all(&port_dir).await {
		Ok(_) => StatusCode::NO_CONTENT.into_response(),
		Err(e) => response::error(StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
	}
}

// Note: create_protocol_listener and delete_protocol_listener were in the router
// but strict adhering to API Spec might suggest managing them via the flow endpoint creation implicitly?
// However, the spec lists `POST /ports/{port}` but not explicit `POST /ports/{port}/{protocol}`
// except for Flow.
// Let's check spec again.
// Spec says: POST /ports/{port} creates the directory.
// Flow endpoints manipulate the config files.
// The intermediate directory `tcp/` or `udp/` inside `[port]/` needs to be created.
// It seems `POST /ports/{port}/{protocol}/flow` handles creating the file.
// But we might need explicit endpoints for creating protocol dirs if they are separate?
// Looking at `src/ingress/api.rs`, `post_protocol_handler` creates the directory listener.
// In the new design, `post_flow_handler` writes the file.
// If the parent directory (e.g., `tcp`) doesn't exist, `write_json` might fail or we should ensure it exists.
// Let's keep `post_protocol_handler` (create dir) logic, but maybe it's implicitly handled?
// Wait, `transport_fs::create_protocol_listener` does more than just mkdir, it triggers hot swap watcher logic?
// No, watcher watches the root.
// Let's keep the explicit protocol management for now, but API Spec didn't explicitly list `POST /ports/{port}/{protocol}` as a public API.
// It listed `POST /ports/{port}/{protocol}/flow`.
// If I assume `POST flow` creates the config, does it also ensure the protocol is enabled?
// Yes, `find_config` checks for file existence.
// So `POST /ports/{port}/{protocol}` might be redundant if we just use Flow API.
// BUT, the directory `tcp` or `udp` must exist for the watcher to scan it?
// Vane's loader logic: `[8080]/tcp/config.json`.
// So yes, `tcp` is a directory.

// Let's implement `POST /ports/{port}/{protocol}` as "Enable Protocol" (mkdir)
// and `DELETE` as "Disable Protocol" (rmdir).

/// Enable protocol for port
#[utoipa::path(
    post,
    path = "/ports/{port}/{protocol}",
    params(
        ("port" = u16, Path, description = "Port number"),
        ("protocol" = String, Path, description = "Protocol (tcp/udp)")
    ),
    responses(
        (status = 201, description = "Protocol enabled"),
        (status = 400, description = "Invalid protocol")
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn enable_protocol_handler(
	Path((port, protocol_str)): Path<(u16, String)>,
) -> impl IntoResponse {
	let protocol = match protocol_str.as_str() {
		"tcp" => Protocol::Tcp,
		"udp" => Protocol::Udp,
		_ => return response::error(StatusCode::BAD_REQUEST, "Invalid protocol".into()),
	};

	// We use the existing logic from transport_fs to create the directory
	match transport_fs::create_protocol_listener(port, &protocol).await {
		Ok(_) => StatusCode::CREATED.into_response(),
		Err(e) => response::error(StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
	}
}

/// Disable protocol for port
#[utoipa::path(
    delete,
    path = "/ports/{port}/{protocol}",
    params(
        ("port" = u16, Path, description = "Port number"),
        ("protocol" = String, Path, description = "Protocol (tcp/udp)")
    ),
    responses(
        (status = 204, description = "Protocol disabled"),
        (status = 400, description = "Invalid protocol")
    ),
    tag = "ports",
    security(("bearer_auth" = []))
)]
pub async fn disable_protocol_handler(
	Path((port, protocol_str)): Path<(u16, String)>,
) -> impl IntoResponse {
	let protocol = match protocol_str.as_str() {
		"tcp" => Protocol::Tcp,
		"udp" => Protocol::Udp,
		_ => return response::error(StatusCode::BAD_REQUEST, "Invalid protocol".into()),
	};
	match transport_fs::delete_protocol_listener(port, &protocol).await {
		Ok(_) => StatusCode::NO_CONTENT.into_response(),
		Err(e) => response::error(StatusCode::INTERNAL_SERVER_ERROR, e.to_string()),
	}
}