Optimized docker detection structure

- Merged #202 and optimized UI elements
- Added HSTS headers toggle
- Added permission policy injector in dynamicproxy
- Fixed slow search LAN ip detection
- Optimized UI for HTTP reverse proxy rules
- Added wip permission policy and load balancer

src/mod/dynamicproxy/customHeader.go

@@ -1,5 +1,7 @@
 package dynamicproxy
 
+import "strconv"
+
 /*
 	CustomHeader.go
 
@@ -17,8 +19,9 @@ func (ept *ProxyEndpoint) SplitInboundOutboundHeaders() ([][]string, [][]string)
 	}
 
 	//Use pre-allocation for faster performance
+	//Downstream +2 for Permission Policy and HSTS
 	upstreamHeaders := make([][]string, len(ept.UserDefinedHeaders))
-	downstreamHeaders := make([][]string, len(ept.UserDefinedHeaders))
+	downstreamHeaders := make([][]string, len(ept.UserDefinedHeaders)+2)
 	upstreamHeaderCounter := 0
 	downstreamHeaderCounter := 0
 
@@ -42,5 +45,17 @@ func (ept *ProxyEndpoint) SplitInboundOutboundHeaders() ([][]string, [][]string)
 		}
 	}
 
+	//Check if the endpoint require HSTS headers
+	if ept.HSTSMaxAge > 0 {
+		downstreamHeaders[downstreamHeaderCounter] = []string{"Strict-Transport-Security", "max-age=" + strconv.Itoa(int(ept.HSTSMaxAge))}
+		downstreamHeaderCounter++
+	}
+
+	//Check if the endpoint require Permission Policy
+	if ept.EnablePermissionPolicyHeader && ept.PermissionPolicy != nil {
+		downstreamHeaders[downstreamHeaderCounter] = ept.PermissionPolicy.ToKeyValueHeader()
+		downstreamHeaderCounter++
+	}
+
 	return upstreamHeaders, downstreamHeaders
 }

src/mod/dynamicproxy/permissionpolicy/permissionpolicy.go

@@ -108,13 +108,8 @@ func GetDefaultPermissionPolicy() *PermissionsPolicy {
 	}
 }
 
-// InjectPermissionPolicyHeader inject the permission policy into headers
-func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
-	//Keep the original Permission Policy if exists, or there are no policy given
-	if policy == nil || w.Header().Get("Permissions-Policy") != "" {
-		return
-	}
-
+// ToKeyValueHeader convert a permission policy struct into a key value string header
+func (policy *PermissionsPolicy) ToKeyValueHeader() []string {
 	policyHeader := []string{}
 
 	// Helper function to add policy directives
@@ -187,7 +182,16 @@ func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPoli
 
 	// Join the directives and set the header
 	policyHeaderValue := strings.Join(policyHeader, ", ")
-
-	//Inject the new policy into the header
-	w.Header().Set("Permissions-Policy", policyHeaderValue)
+	return []string{"Permissions-Policy", policyHeaderValue}
+}
+
+// InjectPermissionPolicyHeader inject the permission policy into headers
+func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
+	//Keep the original Permission Policy if exists, or there are no policy given
+	if policy == nil || w.Header().Get("Permissions-Policy") != "" {
+		return
+	}
+	headerKV := policy.ToKeyValueHeader()
+	//Inject the new policy into the header
+	w.Header().Set(headerKV[0], headerKV[1])
 }

src/mod/dynamicproxy/typedef.go

@@ -8,6 +8,7 @@ import (
 
 	"imuslab.com/zoraxy/mod/access"
 	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
+	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
 	"imuslab.com/zoraxy/mod/dynamicproxy/redirection"
 	"imuslab.com/zoraxy/mod/geodb"
 	"imuslab.com/zoraxy/mod/statistic"
@@ -118,7 +119,10 @@ type ProxyEndpoint struct {
 	VirtualDirectories []*VirtualDirectoryEndpoint
 
 	//Custom Headers
-	UserDefinedHeaders []*UserDefinedHeader //Custom headers to append when proxying requests from this endpoint
+	UserDefinedHeaders           []*UserDefinedHeader                //Custom headers to append when proxying requests from this endpoint
+	HSTSMaxAge                   int64                               //HSTS max age, set to 0 for disable HSTS headers
+	EnablePermissionPolicyHeader bool                                //Enable injection of permission policy header
+	PermissionPolicy             *permissionpolicy.PermissionsPolicy //Permission policy header
 
 	//Authentication
 	RequireBasicAuth        bool                      //Set to true to request basic auth before proxy