Charon/backend/internal/caddy/validator.go

package caddy

import (
	"encoding/json"
	"fmt"
	"net"
	"strconv"
	"strings"
)

// Validate performs pre-flight validation on a Caddy config before applying it.
func Validate(cfg *Config) error {
	if cfg == nil {
		return fmt.Errorf("config cannot be nil")
	}

	if cfg.Apps.HTTP == nil {
		return nil // Empty config is valid
	}

	// Track seen hosts to detect duplicates
	seenHosts := make(map[string]bool)

	for serverName, server := range cfg.Apps.HTTP.Servers {
		if len(server.Listen) == 0 {
			return fmt.Errorf("server %s has no listen addresses", serverName)
		}

		// Validate listen addresses
		for _, addr := range server.Listen {
			if err := validateListenAddr(addr); err != nil {
				return fmt.Errorf("invalid listen address %s in server %s: %w", addr, serverName, err)
			}
		}

		// Validate routes
		for i, route := range server.Routes {
			if err := validateRoute(route, seenHosts); err != nil {
				return fmt.Errorf("invalid route %d in server %s: %w", i, serverName, err)
			}
		}
	}

	// Validate JSON marshalling works
	if _, err := jsonMarshalValidate(cfg); err != nil {
		return fmt.Errorf("config cannot be marshalled to JSON: %w", err)
	}

	return nil
}

// allow tests to override JSON marshalling to simulate errors
var jsonMarshalValidate = json.Marshal

func validateListenAddr(addr string) error {
	// Strip network type prefix if present (tcp/, udp/)
	if idx := strings.Index(addr, "/"); idx != -1 {
		addr = addr[idx+1:]
	}

	// Parse host:port
	host, portStr, err := net.SplitHostPort(addr)
	if err != nil {
		return fmt.Errorf("invalid address format: %w", err)
	}

	// Validate port
	port, err := strconv.Atoi(portStr)
	if err != nil {
		return fmt.Errorf("invalid port: %w", err)
	}
	if port < 1 || port > 65535 {
		return fmt.Errorf("port %d out of range (1-65535)", port)
	}

	// Validate host (allow empty for wildcard binding)
	if host != "" && net.ParseIP(host) == nil {
		return fmt.Errorf("invalid IP address: %s", host)
	}

	return nil
}

func validateRoute(route *Route, seenHosts map[string]bool) error {
	if len(route.Handle) == 0 {
		return fmt.Errorf("route has no handlers")
	}

	// Check for duplicate host matchers
	for _, match := range route.Match {
		for _, host := range match.Host {
			if seenHosts[host] {
				return fmt.Errorf("duplicate host matcher: %s", host)
			}
			seenHosts[host] = true
		}
	}

	// Validate handlers
	for i, handler := range route.Handle {
		if err := validateHandler(handler); err != nil {
			return fmt.Errorf("invalid handler %d: %w", i, err)
		}
	}

	return nil
}

func validateHandler(handler Handler) error {
	handlerType, ok := handler["handler"].(string)
	if !ok {
		return fmt.Errorf("handler missing 'handler' field")
	}

	switch handlerType {
	case "reverse_proxy":
		return validateReverseProxy(handler)
	case "file_server", "static_response":
		return nil // Accept other common handlers
	default:
		// Unknown handlers are allowed (Caddy is extensible)
		return nil
	}
}

func validateReverseProxy(handler Handler) error {
	upstreams, ok := handler["upstreams"].([]map[string]any)
	if !ok {
		return fmt.Errorf("reverse_proxy missing upstreams")
	}

	if len(upstreams) == 0 {
		return fmt.Errorf("reverse_proxy has no upstreams")
	}

	for i, upstream := range upstreams {
		dial, ok := upstream["dial"].(string)
		if !ok || dial == "" {
			return fmt.Errorf("upstream %d missing dial address", i)
		}

		// Validate dial address format (host:port)
		if _, _, err := net.SplitHostPort(dial); err != nil {
			return fmt.Errorf("upstream %d has invalid dial address %s: %w", i, dial, err)
		}
	}

	return nil
}