feat(smart-proxy): add hot-reloadable global ingress security policy across Rust and TypeScript proxy layers

2026-04-26 15:11:10 +00:00
parent 8fa3a51b03
commit af4908b63f
53 changed files with 2350 additions and 1196 deletions
@@ -1,8 +1,8 @@
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::sync::Arc;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
 use tokio_util::sync::CancellationToken;
-use std::sync::Arc;
-use std::sync::atomic::{AtomicU64, Ordering};
 use tracing::debug;

 use rustproxy_metrics::MetricsCollector;
@@ -87,7 +87,12 @@ pub async fn forward_bidirectional_with_timeouts(
    if let Some(data) = initial_data {
        backend.write_all(data).await?;
        if let Some(ref ctx) = metrics {
-            ctx.collector.record_bytes(data.len() as u64, 0, ctx.route_id.as_deref(), ctx.source_ip.as_deref());
+            ctx.collector.record_bytes(
+                data.len() as u64,
+                0,
+                ctx.route_id.as_deref(),
+                ctx.source_ip.as_deref(),
+            );
        }
    }

@@ -123,14 +128,17 @@ pub async fn forward_bidirectional_with_timeouts(
            total += n as u64;
            la1.store(start.elapsed().as_millis() as u64, Ordering::Relaxed);
            if let Some(ref ctx) = metrics_c2b {
-                ctx.collector.record_bytes(n as u64, 0, ctx.route_id.as_deref(), ctx.source_ip.as_deref());
+                ctx.collector.record_bytes(
+                    n as u64,
+                    0,
+                    ctx.route_id.as_deref(),
+                    ctx.source_ip.as_deref(),
+                );
            }
        }
        // Graceful shutdown with timeout (sends TCP FIN / TLS close_notify)
-        let _ = tokio::time::timeout(
-            std::time::Duration::from_secs(2),
-            backend_write.shutdown(),
-        ).await;
+        let _ =
+            tokio::time::timeout(std::time::Duration::from_secs(2), backend_write.shutdown()).await;
        total
    });

@@ -154,14 +162,17 @@ pub async fn forward_bidirectional_with_timeouts(
            total += n as u64;
            la2.store(start.elapsed().as_millis() as u64, Ordering::Relaxed);
            if let Some(ref ctx) = metrics_b2c {
-                ctx.collector.record_bytes(0, n as u64, ctx.route_id.as_deref(), ctx.source_ip.as_deref());
+                ctx.collector.record_bytes(
+                    0,
+                    n as u64,
+                    ctx.route_id.as_deref(),
+                    ctx.source_ip.as_deref(),
+                );
            }
        }
        // Graceful shutdown with timeout (sends TCP FIN / TLS close_notify)
-        let _ = tokio::time::timeout(
-            std::time::Duration::from_secs(2),
-            client_write.shutdown(),
-        ).await;
+        let _ =
+            tokio::time::timeout(std::time::Duration::from_secs(2), client_write.shutdown()).await;
        total
    });