lolly

xfy/lolly

Author	SHA1	Message	Date
xfy	047e033af5	feat(accesslog): add deterministic sampling with sample_rate config Add logging.access.sample_rate config (0.0-1.0) for deterministic request sampling. 5xx errors are always logged; 2xx/3xx/4xx follow the configured rate. Uses atomic.Uint64 counter for lock-free, zero-allocation sampling decisions. Includes test updates to verify: - sample_rate=1.0 logs all requests - sample_rate=0.0 logs only 5xx - 5xx are always logged regardless of rate	2026-06-11 14:42:55 +08:00
xfy	445401c40f	perf(accesslog): add sample_rate for access log to reduce CPU and allocations Add configurable access log sampling via : - 0.0-1.0 range; defaults to 1.0 (record all) for backward compatibility - Uses lock-free atomic counter for deterministic sampling - Non-2xx responses always logged regardless of sample rate Benchmark results (combined format, /dev/null): Full logging: ~2245 ns/op, 1987 B/op, 17 allocs/op 10% sampling: ~1593 ns/op, 1633 B/op, 6 allocs/op Improvement: -29% latency, -65% allocations/op This addresses the top application-layer CPU hotspot identified in the v0.4.0 profile (LogAccess at 16.36% cumulative CPU).	2026-06-11 13:53:41 +08:00
xfy	197d0d2344	perf(security): reduce GeoIP lookups and deduplicate trusted proxy check - Check(): single GeoIP LookupCountry call, result reused for both deny and allow checks. Removed goto label for structured flow. - getClientIP(): single trusted proxy CIDR scan gates both X-Forwarded-For and X-Real-IP processing.	2026-06-04 11:09:29 +08:00
xfy	e535b9062c	perf(gzip_static): pre-build extension set, use BytesContainsFold - Pre-build extSet map for O(1) extension lookup instead of linear scan - Replace bytes.ToLower allocation in supportsEncoding with utils.BytesContainsFold for case-insensitive encoding detection	2026-06-04 11:09:20 +08:00
xfy	e5fa9fe9de	perf(compression): pre-compute MIME type byte slices for isCompressible Add typesBytes and typesWildcardPrefix fields to Middleware, built once at construction. isCompressible now uses pre-converted byte slices instead of allocating []byte(t) per comparison per request.	2026-06-04 11:09:08 +08:00
xfy	f7997ab5c4	perf(security): eliminate fnv.New64a() allocation in SlidingWindowLimiter.getBucket Same inline FNV-1a optimization as RateLimiter.	2026-06-04 10:45:41 +08:00
xfy	bc6bfb5ac3	perf(security): eliminate fnv.New64a() allocation in RateLimiter.getShard Replaces hash/fnv.New64a() + Write() + Sum64() with inline FNV-1a. Removes 2 allocations per rate-limited request.	2026-06-04 10:45:25 +08:00
xfy	7f08b1387d	test(security): 添加安全中间件覆盖测试（覆盖率 75.9% → 88.5%）新建 internal/middleware/security/coverage_test.go，覆盖： headers.go 全部函数（原 0% → 100%）： - applySecurityHeaders: 安全头部应用 - 应各种安全头部配置 Argon2id 密码哈希测试（原 0% → 100%）： - authenticateArgon2id: Argon2id 认证 - parseArgon2idHash: 哈希解析（有效/无效格式） - parseUint32/parseUint8: 参数解析 GeoIPLookup.Close 测试（原 0% → 80%）： - 关闭已初始化的 GeoIP 查找器 - 重复关闭安全性注：GeoIP 数据库加载和网络认证等函数需要外部资源，由 integration 测试覆盖。	2026-06-04 08:33:49 +08:00
xfy	6612819f3a	chore: remove stale AGENTS.md files, rewrite root AGENTS.md	2026-06-03 23:47:29 +08:00
xfy	6f17bbad7e	chore: remove trailing blank lines and clean up whitespace	2026-06-03 18:08:34 +08:00
xfy	a919369ca4	refactor: remove dead code package internal/middleware/limitrate	2026-06-03 17:39:03 +08:00
xfy	1a6b5f9166	Merge origin/master into master	2026-06-03 16:36:23 +08:00
xfy	2734b04d8f	refactor: remove 16.8k lines of dead code across all internal packages - Delete unused files: tempfile subsystem, matcher variants, server/internal - Remove 200+ unused functions across proxy, ssl, lua, http2/3, stream, variable - Fix proxy test type errors (backgroundRefresh ctx→Request) - Move bench/tools mock backend into internal/testutil - Remove corresponding test functions for all deleted code	2026-06-03 16:15:43 +08:00
Sonetto	5dec128510	Merge pull request #3 from xfy911/improve-comments docs: add comprehensive documentation comments	2026-06-03 15:41:36 +08:00
xfy911	a136b07bb9	docs: add documentation comments for exported constants and variables - Fix gjson/gjson.go package comments and constant documentation - Fix internal/config/config.go constant documentation - Fix internal/utils/httperror.go variable documentation - Fix internal/matcher/matcher.go constant documentation - Fix internal/middleware/compression/compression.go constant documentation - Fix internal/middleware/limitrate/limitrate.go constant documentation - Fix internal/middleware/rewrite/rewrite.go constant documentation - Fix internal/middleware/security/access.go and auth.go constant documentation - Fix internal/ssl/client_verify.go constant documentation - Fix internal/variable/builtin.go and ssl.go constant documentation - Fix internal/lua/api_log.go HTTP and log level constant documentation - Fix internal/benchmark/tools/tools.go constant documentation - Include author attribution (xfy)	2026-06-03 15:28:53 +08:00
xfy911	fc1de2d445	docs: add documentation comments for more exported constants and variables - Add comments for ssl/client_verify.go verification modes - Add comments for security/auth.go hash algorithms - Add comments for rewrite/rewrite.go flags - Add comments for compression/compression.go algorithms - Add comments for limitrate/limitrate.go strategies - Include author attribution (xfy)	2026-06-03 15:28:53 +08:00
xfy911	396a466de1	docs: add documentation comments for exported constants and variables - Add comments for lua/api_log.go HTTP status codes and log levels - Add comments for variable/builtin.go and ssl.go constants - Add comments for utils/httperror.go error variables - Add comments for matcher/matcher.go location types - Add comments for compression/compression.go algorithms - Include author attribution (xfy)	2026-06-03 15:28:53 +08:00
xfy911	c33adeb296	docs(middleware/limitrate): add package comments for rate limiter - Add package documentation for limitrate and writer files - Include author attribution (xfy)	2026-06-03 15:28:53 +08:00
xfy	bc0bc5fbbb	refactor: remove unused security header preset functions and tests	2026-06-03 13:49:57 +08:00
xfy	e3c6cb61f0	refactor: remove unused bodylimit.formatSize function and test	2026-06-03 13:48:10 +08:00
xfy	25d93c25fa	refactor: remove unused code and fix formatting - Remove unused benchmark/tools package - Make ValidAlgorithms private (validAlgorithms) in loadbalance - Remove dead code (_ = result) in lua/api_socket_tcp.go - Fix code formatting with goimports Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 16:58:45 +08:00
xfy	edc135ae5f	refactor(utils): enhance ParseCIDR to support single IP Enhance parseCIDR in utils/ipallowlist.go to support single IP addresses (without CIDR prefix) and ensure IP is in canonical form. This matches the functionality previously in access.go. - Add ParseCIDR as public function supporting CIDR and single IP - Update access.go to use utils.ParseCIDR instead of local implementation - Remove duplicate parseCIDR function from access.go - Update tests to use utils.ParseCIDR Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-08 18:20:09 +08:00
xfy	5593a729b8	perf(compression): use bytes operations to avoid string allocation - Replace strings.ToLower(string(...)) with bytes.ToLower - Reduces memory allocation in hot path for Accept-Encoding checks Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-30 15:59:42 +08:00
xfy	d269940d8b	style: fix formatting issues - Add missing newlines at end of files - Fix indentation in ssl.go - Remove extra blank lines Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-30 13:42:53 +08:00
xfy	f145a8770e	refactor: modernize code with Go 1.22+ features Apply modern Go patterns across the codebase: - Replace `interface{}` with `any` (Go 1.18+) - Use `for range n` instead of `for i := 0; i < n; i++` (Go 1.22+) - Replace `sort.Slice` with `slices.Sort` from slices package - Simplify sync.WaitGroup patterns with errgroup where appropriate - Add Makefile targets for modernize analyzer Total: 84 files updated, net reduction of 79 lines Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-30 10:37:45 +08:00
xfy	e7306a0c72	perf: optimize ConsistentHash and RateLimiter for better concurrency - ConsistentHash: reuse main hash ring in SelectExcludingByKey instead of rebuilding per call, reducing memory allocation from 369KB to 1.8KB (99.5%) - RateLimiter: replace single RWMutex with 16-segment sharded locks to reduce lock contention in high-concurrency scenarios - TLS SessionTickets: add warning log when KeyFile is empty to alert users about session invalidation after restart Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-30 10:23:19 +08:00
xfy	ecb020fed9	refactor(security): extract auth_request defaults helper Extract applyDefaults function to unify configuration initialization logic between NewAuthRequest and UpdateConfig methods. Eliminates ~20 lines of duplicate default value setting code. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 18:22:02 +08:00
xfy	bc9b7ba616	refactor(security): merge access Update methods - 新增 UpdateList(target string, cidrs []string) 统一更新方法 - UpdateAllowList/UpdateDenyList 改为包装调用 - 消除约 15 行重复代码，保持向后兼容 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 18:20:14 +08:00
xfy	f82e363f58	refactor: 提取 Lua ngx 表 helpers 和统一验证函数 Batch 1 续： - 新增 lua/helpers.go：GetOrCreateNgxTable/GetOrCreateNgxSubTable - 重构 compression：提取 resettableWriteCloser 接口和 compressorPool - 新增 validate.go：ValidateNonNegativeInt64/Duration/NoNullByte/PathTraversal - 消除约 120 行重复代码 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 17:00:11 +08:00
xfy	6ac5fda431	test(compression): gzip writer 池化效果测试对比新建 vs 池化复用： - New: 20 allocs/op (每次新建 Writer) - Pool: 3 allocs/op (池化复用，目标 ≤2) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 10:43:12 +08:00
xfy	cf2fcca7e8	refactor: 提取公共逻辑、消除重复代码、加强错误处理 - 提取 App 公共逻辑到 app_common.go，消除 app.go/app_windows.go 重复定义 - 提取 Server 生命周期/中间件/路由逻辑到独立文件（lifecycle.go/middleware_builder.go/router.go） - 提取 Proxy 缓存处理/头部修改/目标选择到独立模块 - 提取 CheckIPAccess/CheckTokenAuth 到 utils/httperror.go，消除 status/purge 重复实现 - 修复 stream 双向转发：任一方向完成立即关闭双端，避免连接泄漏 - 修复 SSL/TLS 中静默忽略错误的问题，添加日志记录 - 统一日志消息为英文 💘 Generated with Crush Assisted-by: GLM 5.1 via Crush <crush@charm.land>	2026-04-28 18:00:48 +08:00
xfy	6f6a8f0455	refactor(adapter): 提取 HTTP/2/3 适配器公共逻辑为 CommonAdapter 将 http2 和 http3 适配器中重复的 sync.Pool 管理、流式请求体处理、上下文重置等逻辑提取到 internal/adapter 包，通过 struct embedding 复用。同时简化 ConnLimiter 直接实现 middleware.Middleware 接口，移除冗余 wrapper。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-28 17:06:41 +08:00
xfy	179090fa34	fix(security): 修复 2 个 CRITICAL + 6 个 HIGH 安全与代码质量问题安全修复: - ConnLimiter Acquire() TOCTOU 竞态: atomic.AddInt64 替代 loadInt64+addInt64 - Cache Purge token 时序侧信道: 改用 subtle.ConstantTimeCompare - Lua Cosocket SSRF: 新增 ip_guard 两层 IP 检查（字面量+解析后），拒绝私有/回环地址 - X-Accel-Redirect 路径遍历: urlpath.Clean + 前缀拒绝（/internal/ /admin/） - CRLF 注入: containsCRLF 校验变量展开后的 header 值，logging.Warn 可观测 - Proxy URI 注入: bytes.ContainsAny 检查 path 中的 @\r\n 危险字符代码质量: - disk_cache.go Set() 7 处静默 return 改为 logging.Error 日志记录 - config.go 从 2392 行拆分为 9 个按域文件（config/server/proxy/security/ssl/cache/performance/monitoring/variable）验证: go build + vet + golangci-lint(0 issues) + test(83.2% 无回归) + race detector 全部通过 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-28 10:13:47 +08:00
xfy	f507fe0951	fix(compression): 跳过已有 Content-Encoding 的响应压缩当上游处理器（如 gzip_static）已设置 Content-Encoding 时，跳过压缩避免双重编码导致数据损坏。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-24 17:57:45 +08:00
xfy	4f24dd7fd7	perf(compression): 预压缩文件存在性缓存，避免重复 os.Stat 使用 sync.Map 缓存预压缩文件的存在性检查结果，与 nginx gzip_static 行为一致采用永不过期策略，减少高频请求下的文件系统调用开销。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-24 13:13:40 +08:00
xfy	1e38fe9e90	fix: 显式忽略不需要处理的错误返回值对 os.Remove、conn.Close 等清理操作的返回值使用 _ 忽略，避免 errcheck 静态检查告警。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-24 10:41:35 +08:00
xfy	2bdc8f3b3b	refactor(handler,middleware,server): 增强预压缩配置灵活性 - NewGzipStatic 增加 precompressedExtensions 参数，支持自定义预压缩扩展名 - SetGzipStatic 分离源文件扩展名和预压缩扩展名参数 - 更新相关测试用例 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 13:35:03 +08:00
xfy	9f7090df67	test(handler,middleware,server,ssl,proxy): 扩展测试覆盖率 - handler: 添加 sendfile 和 static 处理器测试 - middleware/security: 添加访问控制、认证、请求头、限流测试 - server: 添加池、pprof、清理、状态、升级、vhost 测试 - ssl: 添加客户端验证、OCSP、SSL 测试 - proxy: 添加代理覆盖率补充测试 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 10:42:05 +08:00
xfy	91f954936e	refactor(server,middleware): 提取常量提高代码可读性 - ratelimit: 使用 accessUnknown 常量替代硬编码字符串 - testutil: 提取 testListenAddr 常量 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-22 10:41:48 +08:00
xfy	a832e48656	test(middleware): 添加 limitrate 中间件测试 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-21 08:12:34 +08:00
xfy	bca0ee147e	feat(middleware): 添加 limit_rate 响应速率限制中间件基于令牌桶算法实现响应速率限制，支持： - 速率和突发流量配置 - 大文件特殊处理策略 - 线程安全的令牌桶实现 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 18:08:24 +08:00
xfy	13bfc090f7	docs(middleware): 为中间件模块添加标准化 godoc 注释 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 11:23:03 +08:00
xfy	2458ac1ed1	docs: 为其余模块添加标准化 godoc 注释为剩余模块添加完整文档注释： - app: 应用生命周期管理 - cache: 文件缓存 - config: 配置加载器 - handler: 静态文件处理和错误页面 - http2/http3: HTTP/2 和 HTTP/3 适配器 - loadbalance: 负载均衡算法和均衡器 - middleware: bodylimit、compression、rewrite、security - mimeutil: MIME 类型检测 - netutil: URL 处理工具 - resolver: DNS 解析器 - server: 服务器升级处理 - ssl: SSL/TLS 和 OCSP - stream: 流处理 - testutil: 测试工具 - variable: 变量池和 SSL 变量 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 10:59:53 +08:00
xfy	5f5717d6a4	test: 添加各模块覆盖率补充测试 - middleware/security: access 中间件覆盖率测试 - proxy: proxy 核心功能覆盖率测试 - server: server 扩展功能测试 - stream: stream 处理覆盖率测试 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 08:27:25 +08:00
xfy	584ca9170d	test(lua,security): 优化测试代码错误返回值处理 - api_socket_tcp_test.go: 使用空白标识符忽略非关键错误返回值 - auth_test.go: 使用空白标识符忽略不需要的 hash 返回值 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 18:24:05 +08:00
xfy	3bdecd87eb	test(security): 扩展认证和 GeoIP 中间件测试 - auth_test: 扩展 Basic/JWT/IP 白名单测试 - geoip_test: 扩展 GeoIP 限制和数据库加载测试 - 提高安全中间件测试覆盖率 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 18:12:29 +08:00
xfy	8ed800271d	test: 迁移基准测试循环到 Go 1.24 b.Loop() API - 所有 *_bench_test.go 文件从 for i := 0; i < b.N; i++ 改为 for b.Loop() - 部分测试文件从 for i := 0; i < N; ... 改为 for range N 或 for i := range N - 涵盖模块: cache, handler, http2, http3, loadbalance, logging, lua, middleware/accesslog, middleware/bodylimit, middleware/rewrite, middleware/security, netutil, resolver, server, ssl, stream Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 13:50:15 +08:00
xfy	326eedc729	perf(proxy,logging,compression): 使用零拷贝字节路径减少内存分配 - proxy: headersPool sync.Pool 复用 header map，容量 20 - proxy: buildCacheKeyHash 使用池化 map 替代 make(map[string]string) - proxy: ServeHTTP 目标 URI 构造使用 []byte append + SetRequestURIBytes - headers: X-Forwarded-For 构造使用 []byte append + SetBytesKV - logging: Str() 改为 Bytes() 零拷贝日志字段 - compression: Process() 直接操作 []byte，使用 bytes.Contains/Equal/HasPrefix - compression: isCompressible() 签名从 string 改为 []byte Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 13:50:15 +08:00
xfy	9cbc380de5	perf(http3,compression): 对象池化和流式压缩优化 http3: - Adapter 添加 ctxPool 复用 RequestCtx - resetContext 方法重置状态避免污染 compression: - 大响应(>64KB)使用 SetBodyStreamWriter 流式压缩 - 消除 compressed buffer 分配，降低内存峰值 - 新增 streamGzip/streamBrotli 流式方法 - 添加流式压缩测试验证功能正确性 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 11:09:26 +08:00
xfy	5b92e30b59	fix(middleware/bodylimit): 添加 BodyStream nil 检查防止空指针在设置 body stream 限制前检查 stream 是否为 nil，避免在无请求体的请求上调用 SetBodyStream 导致异常。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-15 14:20:58 +08:00

1 2 3

102 Commits