Merged main branch

.bleep

@@ -1 +1 @@
-f70d8b77a4085cbe11b9559317f6d6e7e49914db
+f123f5e43e9ada31a0e541b917ea674527fd06a3

.github/workflows/build.yml

@@ -6,8 +6,7 @@ jobs:
   pingora:
     strategy:
       matrix:
-        # TODO: add nightly
-        toolchain: [1.78, 1.72]
+        toolchain: [nightly, 1.72, 1.80.0]
     runs-on: ubuntu-latest
     # Only run on "pull_request" event for external PRs. This is to avoid
     # duplicate builds for PRs created from internal branches.
@@ -46,7 +45,9 @@ jobs:
         run: cargo test --verbose --doc
 
       - name: Run cargo clippy
-        run: cargo clippy --all-targets --all -- --deny=warnings
+        run: |
+          [[ ${{ matrix.toolchain }} == nightly ]] || cargo clippy --all-targets --all -- --allow=unknown-lints --deny=warnings
 
       - name: Run cargo audit
-        uses: actions-rust-lang/audit@v1
+        run: |
+          [[ ${{ matrix.toolchain }} == nightly ]] || (cargo install cargo-audit && cargo audit)

CHANGELOG.md

@@ -2,6 +2,36 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.3.0](https://github.com/cloudflare/pingora/compare/0.2.0...0.3.0) - 2024-07-12
+
+### 🚀 Features
+- Add support for HTTP modules. This feature allows users to import modules written by 3rd parties.
+- Add `request_body_filter`. Now request body can be inspected and modified.
+- Add H2c support.
+- Add TCP fast open support.
+- Add support for server side TCP keep-alive.
+- Add support to get TCP_INFO.
+- Add support to set DSCP.
+- Add `or_err()`/`or_err_with` API to convert `Options` to `pingora::Error`.
+- Add `or_fail()` API to convert `impl std::error::Error` to `pingora::Error`.
+- Add the API to track socket read and write pending time.
+- Compression: allow setting level per algorithm.
+
+### 🐛 Bug Fixes
+- Fixed a panic when using multiple H2 streams in the same H2 connection to upstreams.
+- Pingora now respects the `Connection` header it sends to upstream.
+- Accept-Ranges header is now removed when response is compressed.
+- Fix ipv6_only socket flag.
+- A new H2 connection is opened now if the existing connection returns GOAWAY with graceful shutdown error.
+- Fix a FD mismatch error when 0.0.0.0 is used as the upstream IP
+
+### ⚙️ Changes and Miscellaneous Tasks
+- Dependency: replace `structopt` with `clap`
+- Rework the API of HTTP modules
+- Optimize remove_header() API call
+- UDS parsing now requires the path to have `unix:` prefix. The support for the path without prefix is deprecated and will be removed on the next release.
+- Other minor API changes
+
 ## [0.2.0](https://github.com/cloudflare/pingora/compare/0.1.1...0.2.0) - 2024-05-10
 
 ### 🚀 Features

docs/quick_start.md

@@ -237,7 +237,7 @@ take advantage of with single-line change.
 
 ```rust
 fn main() {
-    let mut my_server = Server::new(Some(Opt::default())).unwrap();
+    let mut my_server = Server::new(Some(Opt::parse_args())).unwrap();
     ...
 }
 ```

docs/user_guide/index.md

@@ -20,6 +20,7 @@ In this guide, we will cover the most used features, operations and settings of
 * [Examples: take control of the request](modify_filter.md)
 * [Connection pooling and reuse](pooling.md)
 * [Handling failures and failover](failover.md)
+* [RateLimiter quickstart](rate_limiter.md)
 
 ## Advanced topics (WIP)
 * [Pingora internals](internals.md)

docs/user_guide/rate_limiter.md

@@ -0,0 +1,167 @@
+# **RateLimiter quickstart**
+Pingora provides a crate `pingora-limits` which provides a simple and easy to use rate limiter for your application. Below is an example of how you can use [`Rate`](https://docs.rs/pingora-limits/latest/pingora_limits/rate/struct.Rate.html) to create an application that uses multiple limiters to restrict the rate at which requests can be made on a per-app basis (determined by a request header).
+
+## Steps
+1. Add the following dependencies to your `Cargo.toml`:
+   ```toml
+   async-trait="0.1"
+   pingora = { version = "0.3", features = [ "lb" ] }
+   pingora-limits = "0.3.0"
+   once_cell = "1.19.0"
+   ```
+2. Declare a global rate limiter map to store the rate limiter for each client. In this example, we use `appid`.
+3. Override the `request_filter` method in the `ProxyHttp` trait to implement rate limiting.
+   1. Retrieve the client appid from header.
+   2. Retrieve the current window requests from the rate limiter map. If there is no rate limiter for the client, create a new one and insert it into the map.
+   3. If the current window requests exceed the limit, return 429 and set RateLimiter associated headers.
+   4. If the request is not rate limited, return `Ok(false)` to continue the request.
+
+## Example
+```rust
+use async_trait::async_trait;
+use once_cell::sync::Lazy;
+use pingora::http::ResponseHeader;
+use pingora::prelude::*;
+use pingora_limits::rate::Rate;
+use std::sync::Arc;
+use std::time::Duration;
+
+fn main() {
+    let mut server = Server::new(Some(Opt::default())).unwrap();
+    server.bootstrap();
+    let mut upstreams = LoadBalancer::try_from_iter(["1.1.1.1:443", "1.0.0.1:443"]).unwrap();
+    // Set health check
+    let hc = TcpHealthCheck::new();
+    upstreams.set_health_check(hc);
+    upstreams.health_check_frequency = Some(Duration::from_secs(1));
+    // Set background service
+    let background = background_service("health check", upstreams);
+    let upstreams = background.task();
+    // Set load balancer
+    let mut lb = http_proxy_service(&server.configuration, LB(upstreams));
+    lb.add_tcp("0.0.0.0:6188");
+
+    // let rate = Rate
+    server.add_service(background);
+    server.add_service(lb);
+    server.run_forever();
+}
+
+pub struct LB(Arc<LoadBalancer<RoundRobin>>);
+
+impl LB {
+    pub fn get_request_appid(&self, session: &mut Session) -> Option<String> {
+        match session
+            .req_header()
+            .headers
+            .get("appid")
+            .map(|v| v.to_str())
+        {
+            None => None,
+            Some(v) => match v {
+                Ok(v) => Some(v.to_string()),
+                Err(_) => None,
+            },
+        }
+    }
+}
+
+// Rate limiter
+static RATE_LIMITER: Lazy<Rate> = Lazy::new(|| Rate::new(Duration::from_secs(1)));
+
+// max request per second per client
+static MAX_REQ_PER_SEC: isize = 1;
+
+#[async_trait]
+impl ProxyHttp for LB {
+    type CTX = ();
+
+    fn new_ctx(&self) {}
+
+    async fn upstream_peer(
+        &self,
+        _session: &mut Session,
+        _ctx: &mut Self::CTX,
+    ) -> Result<Box<HttpPeer>> {
+        let upstream = self.0.select(b"", 256).unwrap();
+        // Set SNI
+        let peer = Box::new(HttpPeer::new(upstream, true, "one.one.one.one".to_string()));
+        Ok(peer)
+    }
+
+    async fn upstream_request_filter(
+        &self,
+        _session: &mut Session,
+        upstream_request: &mut RequestHeader,
+        _ctx: &mut Self::CTX,
+    ) -> Result<()>
+    where
+        Self::CTX: Send + Sync,
+    {
+        upstream_request
+            .insert_header("Host", "one.one.one.one")
+            .unwrap();
+        Ok(())
+    }
+
+    async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<bool>
+    where
+        Self::CTX: Send + Sync,
+    {
+        let appid = match self.get_request_appid(session) {
+            None => return Ok(false), // no client appid found, skip rate limiting
+            Some(addr) => addr,
+        };
+
+        // retrieve the current window requests
+        let curr_window_requests = RATE_LIMITER.observe(&appid, 1);
+        if curr_window_requests > MAX_REQ_PER_SEC {
+            // rate limited, return 429
+            let mut header = ResponseHeader::build(429, None).unwrap();
+            header
+                .insert_header("X-Rate-Limit-Limit", MAX_REQ_PER_SEC.to_string())
+                .unwrap();
+            header.insert_header("X-Rate-Limit-Remaining", "0").unwrap();
+            header.insert_header("X-Rate-Limit-Reset", "1").unwrap();
+            session.set_keepalive(None);
+            session
+                .write_response_header(Box::new(header), true)
+                .await?;
+            return Ok(true);
+        }
+        Ok(false)
+    }
+}
+```
+
+## Testing
+To use the example above, 
+
+1. Run your program with `cargo run`. 
+2. Verify the program is working with a few executions of ` curl localhost:6188 -H "appid:1" -v`
+   - The first request should work and any later requests that arrive within 1s of a previous request should fail with: 
+     ```
+     *   Trying 127.0.0.1:6188...
+     * Connected to localhost (127.0.0.1) port 6188 (#0)
+     > GET / HTTP/1.1
+     > Host: localhost:6188
+     > User-Agent: curl/7.88.1
+     > Accept: */*
+     > appid:1
+     > 
+     < HTTP/1.1 429 Too Many Requests
+     < X-Rate-Limit-Limit: 1
+     < X-Rate-Limit-Remaining: 0
+     < X-Rate-Limit-Reset: 1
+     < Date: Sun, 14 Jul 2024 20:29:02 GMT
+     < Connection: close
+     < 
+     * Closing connection 0
+     ```
+
+## Complete Example
+You can run the pre-made example code in the [`pingora-proxy` examples folder](https://github.com/cloudflare/pingora/tree/main/pingora-proxy/examples/rate_limiter.rs) with 
+
+```
+cargo run --example rate_limiter
+```

pingora-boringssl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pingora-boringssl"
-version = "0.2.0"
+version = "0.3.0"
 authors = ["Yuchen Wu <yuchen@cloudflare.com>"]
 license = "Apache-2.0"
 edition = "2021"

pingora-cache/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pingora-cache"
-version = "0.2.0"
+version = "0.3.0"
 authors = ["Yuchen Wu <yuchen@cloudflare.com>"]
 license = "Apache-2.0"
 edition = "2021"
@@ -17,12 +17,12 @@ name = "pingora_cache"
 path = "src/lib.rs"
 
 [dependencies]
-pingora-core = { version = "0.2.0", path = "../pingora-core", default-features = false }
-pingora-error = { version = "0.2.0", path = "../pingora-error" }
-pingora-header-serde = { version = "0.2.0", path = "../pingora-header-serde" }
-pingora-http = { version = "0.2.0", path = "../pingora-http" }
-pingora-lru = { version = "0.2.0", path = "../pingora-lru" }
-pingora-timeout = { version = "0.2.0", path = "../pingora-timeout" }
+pingora-core = { version = "0.3.0", path = "../pingora-core", default-features = false }
+pingora-error = { version = "0.3.0", path = "../pingora-error" }
+pingora-header-serde = { version = "0.3.0", path = "../pingora-header-serde" }
+pingora-http = { version = "0.3.0", path = "../pingora-http" }
+pingora-lru = { version = "0.3.0", path = "../pingora-lru" }
+pingora-timeout = { version = "0.3.0", path = "../pingora-timeout" }
 http = { workspace = true }
 indexmap = "1"
 once_cell = { workspace = true }

pingora-cache/src/eviction/lru.rs

@@ -32,6 +32,7 @@ use std::time::SystemTime;
 ///
 /// - Space optimized in-memory LRU (see [pingora_lru]).
 /// - Instead of a single giant LRU, this struct shards the assets into `N` independent LRUs.
+///
 /// This allows [EvictionManager::save()] not to lock the entire cache manager while performing
 /// serialization.
 pub struct Manager<const N: usize>(Lru<CompactCacheKey, N>);

pingora-cache/src/key.rs

@@ -130,7 +130,7 @@ impl CacheKey {
 
 /// Storage optimized cache key to keep in memory or in storage
 // 16 bytes + 8 bytes (+16 * u8) + user_tag.len() + 16 Bytes (Box<str>)
-#[derive(Debug, Deserialize, Serialize, Clone, Hash, PartialEq, Eq)]
+#[derive(Debug, Deserialize, Serialize, Clone, Hash, PartialEq, Eq, PartialOrd, Ord)]
 pub struct CompactCacheKey {
     pub primary: HashBinary,
     // save 8 bytes for non-variance but waste 8 bytes for variance vs, store flat 16 bytes