pangu http通过ctemplate重写reject页面（403/404/451）。

plugin/business/pangu-http/CMakeLists.txt

@@ -1,3 +1,3 @@
 add_library(pangu-http pangu_logger.cpp pangu_http.cpp)
-target_link_libraries(pangu-http common http librdkafka-static)
-target_link_libraries(pangu-http cjson)
+target_link_libraries(pangu-http common http)
+target_link_libraries(pangu-http librdkafka-static ctemplate-static cjson)

plugin/business/pangu-http/pangu_http.cpp

@@ -12,6 +12,7 @@
 #include <event2/event.h>
 #include <event2/buffer.h>
 
+#include <ctemplate/template.h>
 
 #include <assert.h>
 #include <time.h>
@@ -54,6 +55,7 @@ struct pangu_rt
 	int log_level;
 	int thread_num;
 	int scan_table_id[__SCAN_TABLE_MAX];
+	ctemplate::Template* tpl_403,*tpl_404,*tpl_451; 
 	char* reject_page;
 	int page_size;
 };
@@ -146,6 +148,15 @@ void pangu_http_init(struct tfe_proxy * proxy)
 			goto error_out;
 		}
 	}
+	
+	char page_path[256];
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./template/HTTP403.html");
+	g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./template/HTTP404.html");
+	g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./template/HTTP451.html");
+	g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);	
+	
 	TFE_LOG_INFO(NULL, "Pangu HTTP init success.");
 	return;
 	
@@ -301,13 +312,36 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t* hit_rules,
 	return prior_action;
 }
 //https://github.com/AndiDittrich/HttpErrorPages
-static void html_generate(const char* enforce_para, char** page_buff,size_t *page_size)
+static void html_generate(int cfg_id, int status_code,
+										char** page_buff,size_t *page_size)
 {
-	*page_buff=g_pangu_rt->reject_page;
-	*page_size=g_pangu_rt->page_size;
+	ctemplate::TemplateDictionary dict("pg_page_dict");
+	dict.SetIntValue("cfg_id", cfg_id);
+	std::string output;
+	ctemplate::Template* tpl=NULL;
+	switch(status_code)
+	{
+		case 403:
+			tpl=g_pangu_rt->tpl_403;
+			break;
+		case 404:
+			tpl=g_pangu_rt->tpl_404;
+			break;
+		case 451:
+			tpl=g_pangu_rt->tpl_451;
+			break;
+		default:
+			return;
+	}
+	tpl->Expand(&output, &dict);
+	//todo: do I need to delete dict?
+	*page_size=output.length();
+	*page_buff=ALLOC(char, *page_size);
+	memcpy(*page_buff,output.c_str(), *page_size);
 }
 static void html_free(char** page_buff)
 {
+	FREE(page_buff);
 	return;
 }
 static int is_http_request(uint64_t events)
@@ -668,13 +702,13 @@ static void http_reject(const struct tfe_http_session * session, uint64_t events
 	if(ret!=1)
 	{
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s", 
-								ctx->enforce_rules->config_id, ctx->enforce_para);
+								ctx->enforce_rules[0].config_id, ctx->enforce_para);
 		goto error_out;
 	}
 	to_write_sess=tfe_http_session_allow_write(session);
 	response=tfe_http_session_response_create(to_write_sess, resp_code);
 	
-	html_generate(ctx->enforce_para, &page_buff, &page_size);
+	html_generate(ctx->enforce_rules[0].config_id, resp_code, &page_buff, &page_size);
 	_wrap_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8");
 	snprintf(cont_len_str,sizeof(cont_len_str), "%lu", page_size);
 	_wrap_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str);
@@ -691,12 +725,12 @@ static void http_redirect(const struct tfe_http_session * session, uint64_t even
 	char* url=NULL;
 	struct tfe_http_half* response=NULL;
 	struct tfe_http_session* to_write=NULL;
-	url=ALLOC(char, ctx->enforce_rules->serv_def_len);
+	url=ALLOC(char, ctx->enforce_rules[0].serv_def_len);
 	ret=sscanf(ctx->enforce_para,"code=%d%[^;];url=%*[^;];",&resp_code,url);
 	if(ret!=2)
 	{
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid redirect rule %d paramter %s", 
-								ctx->enforce_rules->config_id, ctx->enforce_para);
+								ctx->enforce_rules[0].config_id, ctx->enforce_para);
 		goto error_out;
 	}
 	
@@ -827,7 +861,7 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 
 {
 	struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme;
-	struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=1};
+	struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce};
 	if(ctx->action!=PG_ACTION_NONE)
 	{
 		pangu_log_send(g_pangu_rt->send_logger, &log_msg);

plugin/business/pangu-http/pangu_logger.cpp

@@ -224,7 +224,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 			cJSON_AddStringToObject(common_obj,resp_fields[i].log_filed_name, tmp_val);
 		}
 	}
-	for(int i=0; i<log_msg->result_num; i++)
+	for(size_t i=0; i<log_msg->result_num; i++)
 	{
 		if(log_msg->result[i].do_log==0)
 		{

plugin/business/pangu-http/pangu_logger.h

@@ -9,7 +9,7 @@ struct pangu_log
     const struct tfe_stream *stream;
 	const struct tfe_http_session* http;
     const Maat_rule_t*result;
-    int result_num;
+    size_t result_num;
 };
 struct pangu_logger;
 struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* section, void* local_logger);

plugin/business/pangu-http/template/HTTP403.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>We've got some trouble | 403 - Access Denied</title>
+    <style type="text/css">html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}body,html{width:100%;height:100%;background-color:#21232a}body{color:#fff;text-align:center;text-shadow:0 2px 4px rgba(0,0,0,.5);padding:0;min-height:100%;-webkit-box-shadow:inset 0 0 100px rgba(0,0,0,.8);box-shadow:inset 0 0 100px rgba(0,0,0,.8);display:table;font-family:"Open Sans",Arial,sans-serif}h1{font-family:inherit;font-weight:500;line-height:1.1;color:inherit;font-size:36px}h1 small{font-size:68%;font-weight:400;line-height:1;color:#777}a{text-decoration:none;color:#fff;font-size:inherit;border-bottom:dotted 1px #707070}.lead{color:silver;font-size:21px;line-height:1.4}.cover{display:table-cell;vertical-align:middle;padding:0 20px}footer{position:fixed;width:100%;height:40px;left:0;bottom:0;color:#a0a0a0;font-size:14px}</style>
+</head>
+<body>
+    <div class="cover"><h1>Access Denied <small>Error 403</small></h1><p class="lead">The requested resource requires an authentication (TFE-{{cfg_id}}).</p></div>
+    
+</body>
+</html>

plugin/business/pangu-http/template/HTTP404.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>We've got some trouble | 404 - Resource not found</title>
+    <style type="text/css">html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}body,html{width:100%;height:100%;background-color:#21232a}body{color:#fff;text-align:center;text-shadow:0 2px 4px rgba(0,0,0,.5);padding:0;min-height:100%;-webkit-box-shadow:inset 0 0 100px rgba(0,0,0,.8);box-shadow:inset 0 0 100px rgba(0,0,0,.8);display:table;font-family:"Open Sans",Arial,sans-serif}h1{font-family:inherit;font-weight:500;line-height:1.1;color:inherit;font-size:36px}h1 small{font-size:68%;font-weight:400;line-height:1;color:#777}a{text-decoration:none;color:#fff;font-size:inherit;border-bottom:dotted 1px #707070}.lead{color:silver;font-size:21px;line-height:1.4}.cover{display:table-cell;vertical-align:middle;padding:0 20px}footer{position:fixed;width:100%;height:40px;left:0;bottom:0;color:#a0a0a0;font-size:14px}</style>
+</head>
+<body>
+    <div class="cover"><h1>Resource not found <small>Error 404 </small></h1><p class="lead">The requested resource could not be found but may be available again in the future (TFE-{{cfg_id}}).</p></div>
+    
+</body>
+</html>

plugin/business/pangu-http/template/HTTP451.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>We've got some trouble | 451 - Unavailable For Legal Reasons</title>
+    <style type="text/css">html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}body,html{width:100%;height:100%;background-color:#21232a}body{color:#fff;text-align:center;text-shadow:0 2px 4px rgba(0,0,0,.5);padding:0;min-height:100%;-webkit-box-shadow:inset 0 0 100px rgba(0,0,0,.8);box-shadow:inset 0 0 100px rgba(0,0,0,.8);display:table;font-family:"Open Sans",Arial,sans-serif}h1{font-family:inherit;font-weight:500;line-height:1.1;color:inherit;font-size:36px}h1 small{font-size:68%;font-weight:400;line-height:1;color:#777}a{text-decoration:none;color:#fff;font-size:inherit;border-bottom:dotted 1px #707070}.lead{color:silver;font-size:21px;line-height:1.4}.cover{display:table-cell;vertical-align:middle;padding:0 20px}footer{position:fixed;width:100%;height:40px;left:0;bottom:0;color:#a0a0a0;font-size:14px}</style>
+</head>
+<body>
+    <div class="cover"><h1>Unavailable For Legal Reasons <small>Error 451</small></h1><p class="lead">This request may not be serviced due to the regulations of your residency (TFE-{{cfg_id}}).</p></div>
+    
+</body>
+</html>