feat: add expr engine; support anonymous object

Author: mrhaoxx

go.mod

@@ -19,6 +19,8 @@ require (
 	gvisor.dev/gvisor v0.0.0-20250820192457-dde98974cb6c
 )
 
+require github.com/expr-lang/expr v1.17.6
+
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect

go.sum

@@ -9,6 +9,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
 github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/expr-lang/expr v1.17.6 h1:1h6i8ONk9cexhDmowO/A64VPxHScu7qfSl2k8OlINec=
+github.com/expr-lang/expr v1.17.6/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=

http/expr.go

@@ -0,0 +1,114 @@
+package http
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/expr-lang/expr"
+	"github.com/expr-lang/expr/ast"
+	"github.com/expr-lang/expr/vm"
+	"github.com/mrhaoxx/OpenNG/utils"
+)
+
+type exprbased struct {
+	*vm.Program
+}
+
+type MethodAsFuncPatcher struct{}
+
+func (MethodAsFuncPatcher) Visit(node *ast.Node) {
+	call, ok := (*node).(*ast.CallNode)
+	if !ok {
+		return
+	}
+	m, ok := call.Callee.(*ast.MemberNode)
+	if !ok || !m.Method {
+		return
+	}
+	var name string
+	switch p := m.Property.(type) {
+	case *ast.StringNode:
+		name = p.Value
+	case *ast.IdentifierNode:
+		name = p.Value
+	default:
+		return
+	}
+
+	if t := m.Node.Type(); t != nil {
+		if meth, ok := t.MethodByName(name); ok && meth.Type.NumOut() > 0 {
+			return
+		}
+	}
+
+	newCall := &ast.CallNode{
+		Callee:    &ast.IdentifierNode{Value: "__call"},
+		Arguments: append([]ast.Node{m.Node, &ast.StringNode{Value: name}}, call.Arguments...),
+	}
+	ast.Patch(node, newCall)
+
+	(*node).SetType(reflect.TypeOf((*any)(nil)).Elem())
+}
+
+var caller = expr.Function(
+	"__call",
+	func(params ...any) (any, error) {
+		recv := params[0]
+		method := params[1].(string)
+		args := params[2:]
+
+		if recv == nil {
+			return nil, nil
+		}
+
+		v := reflect.ValueOf(recv)
+		m := v.MethodByName(method)
+		if !m.IsValid() {
+			return nil, fmt.Errorf("no such method: %s", method)
+		}
+
+		in := make([]reflect.Value, len(args))
+		for i, a := range args {
+			in[i] = reflect.ValueOf(a)
+		}
+		out := m.Call(in)
+
+		switch len(out) {
+		case 0:
+			return true, nil
+		case 1:
+			return out[0].Interface(), nil
+		default:
+			if err, ok := out[len(out)-1].Interface().(error); ok && err != nil {
+				return nil, err
+			}
+			return out[0].Interface(), nil
+		}
+	},
+	new(func(any, string, ...any) any),
+)
+
+func NewExprbased(expression string) (*exprbased, error) {
+	program, err := expr.Compile(expression, expr.Env(&HttpCtx{}), expr.AsBool(), expr.Patch(MethodAsFuncPatcher{}),
+		caller)
+
+	if err != nil {
+		return nil, err
+	}
+	return &exprbased{
+		Program: program,
+	}, nil
+}
+
+func (e *exprbased) HandleHTTP(ctx *HttpCtx) Ret {
+	output, err := expr.Run(e.Program, ctx)
+	if err != nil {
+		panic(err)
+	}
+	ret, _ := output.(bool)
+	return Ret(ret)
+}
+
+func (e *exprbased) Hosts() utils.GroupRegexp {
+	return nil
+}

http/http.go

@@ -51,8 +51,8 @@ func (c *HttpCtx) Redirect(url string, code int) {
 	http.Redirect(c.Resp, c.Req, url, code)
 }
 
-func (c *HttpCtx) WriteString(s string) {
-	io.WriteString(c.Resp, s)
+func (c *HttpCtx) WriteString(s string) (n int, err error) {
+	return io.WriteString(c.Resp, s)
 }
 
 func (c *HttpCtx) SetCookie(k *http.Cookie) {
@@ -174,6 +174,7 @@ func (h *Midware) head(rw http.ResponseWriter, r *http.Request, conn *tcp.Conn)
 		writer:         nil,
 		stdrw:          rw,
 		acceptEncoding: r.Header.Get("Accept-Encoding"),
+		HeaderRef:      rw.Header(),
 	}
 
 	r.Header.Del("Accept-Encoding") // we don't want the backend to encode. WE DO IT.
@@ -207,6 +208,8 @@ type NgResponseWriter struct {
 	writer io.Writer
 	stdrw  http.ResponseWriter
 
+	HeaderRef http.Header
+
 	acceptEncoding string
 
 	code     int
@@ -241,13 +244,13 @@ func (w *NgResponseWriter) Header() http.Header {
 
 func (w *NgResponseWriter) BypassEncoding() {
 	if w.acceptEncoding != "" {
-		w.Header().Set("Accept-Encoding", w.acceptEncoding)
+		w.HeaderRef.Set("Accept-Encoding", w.acceptEncoding)
 		w.acceptEncoding = ""
 	}
 }
 
 func (w *NgResponseWriter) initForWrite() {
-	w.Header().Set("Server", utils.ServerSign)
+	w.HeaderRef.Set("Server", utils.ServerSign)
 	switch w.code {
 	case StatusSwitchingProtocols: // do nothing
 		return
@@ -256,11 +259,11 @@ func (w *NgResponseWriter) initForWrite() {
 		w.code = StatusOK
 		fallthrough
 	default: // init encode
-		if w.Header().Get("Content-Encoding") == "" &&
+		if w.HeaderRef.Get("Content-Encoding") == "" &&
 			w.acceptEncoding != "" { // if the content hasn't encoded,then we encode it here
-			ContentLength, _ := strconv.ParseUint(w.Header().Get("Content-Length"), 10, 64)         // get the content length
-			ContentType := w.Header().Get("Content-Type")                                           // get the content type
-			IsDownloading := strings.HasPrefix(w.Header().Get("Content-Disposition"), "attachment") // check if this request is a download action
+			ContentLength, _ := strconv.ParseUint(w.HeaderRef.Get("Content-Length"), 10, 64)         // get the content length
+			ContentType := w.HeaderRef.Get("Content-Type")                                           // get the content type
+			IsDownloading := strings.HasPrefix(w.HeaderRef.Get("Content-Disposition"), "attachment") // check if this request is a download action
 			switch {
 			case IsDownloading: // don't encode if is downloading
 			// case ContentLength <= 1024: // don't encode if size too small
@@ -281,8 +284,8 @@ func (w *NgResponseWriter) initForWrite() {
 		}
 	}
 	if w.encoding != EncodingRAW {
-		w.Header().Add("Content-Encoding", w.encoding.String())
-		w.Header().Del("Content-Length") // delete the content length that is no more correct after the encode
+		w.HeaderRef.Add("Content-Encoding", w.encoding.String())
+		w.HeaderRef.Del("Content-Length") // delete the content length that is no more correct after the encode
 
 		_w := encoderpool[w.encoding].Get().(io.Writer) //get encoder from pool
 		_w.(reSetter).Reset(w.stdrw)                    // reset the encoder

http/midware.go

@@ -1,7 +1,6 @@
 package http
 
 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -166,7 +165,7 @@ func (h *Midware) Process(RequestCtx *HttpCtx) {
 			}
 
 			if RequestCtx.Resp.code == 0 {
-				RequestCtx.Resp.ErrorPage(http.StatusInternalServerError, fmt.Sprintf("Panic: %v", err))
+				RequestCtx.Resp.ErrorPage(http.StatusInternalServerError, "Internal Server Error")
 			}
 		}
 	}()
@@ -231,7 +230,7 @@ func NewHttpMidware(sni []string) *Midware {
 	hmw.bufferedLookupForHost = utils.NewBufferedLookup(func(s string) []*ServiceStruct {
 		ret := make([]*ServiceStruct, 0)
 		for _, r := range hmw.current {
-			if r.Hosts.MatchString(s) {
+			if r.Hosts == nil || r.Hosts.MatchString(s) {
 				ret = append(ret, r)
 			}
 		}

tcp/expr.go

@@ -0,0 +1,109 @@
+package tcp
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/expr-lang/expr"
+	"github.com/expr-lang/expr/ast"
+	"github.com/expr-lang/expr/vm"
+)
+
+type exprbased struct {
+	*vm.Program
+}
+
+type MethodAsFuncPatcher struct{}
+
+func (MethodAsFuncPatcher) Visit(node *ast.Node) {
+	call, ok := (*node).(*ast.CallNode)
+	if !ok {
+		return
+	}
+	m, ok := call.Callee.(*ast.MemberNode)
+	if !ok || !m.Method {
+		return
+	}
+	var name string
+	switch p := m.Property.(type) {
+	case *ast.StringNode:
+		name = p.Value
+	case *ast.IdentifierNode:
+		name = p.Value
+	default:
+		return
+	}
+
+	if t := m.Node.Type(); t != nil {
+		if meth, ok := t.MethodByName(name); ok && meth.Type.NumOut() > 0 {
+			return
+		}
+	}
+
+	newCall := &ast.CallNode{
+		Callee:    &ast.IdentifierNode{Value: "__call"},
+		Arguments: append([]ast.Node{m.Node, &ast.StringNode{Value: name}}, call.Arguments...),
+	}
+	ast.Patch(node, newCall)
+
+	(*node).SetType(reflect.TypeOf((*any)(nil)).Elem())
+}
+
+var caller = expr.Function(
+	"__call",
+	func(params ...any) (any, error) {
+		recv := params[0]
+		method := params[1].(string)
+		args := params[2:]
+
+		if recv == nil {
+			return nil, nil
+		}
+
+		v := reflect.ValueOf(recv)
+		m := v.MethodByName(method)
+		if !m.IsValid() {
+			return nil, fmt.Errorf("no such method: %s", method)
+		}
+
+		in := make([]reflect.Value, len(args))
+		for i, a := range args {
+			in[i] = reflect.ValueOf(a)
+		}
+		out := m.Call(in)
+
+		switch len(out) {
+		case 0:
+			return true, nil
+		case 1:
+			return out[0].Interface(), nil
+		default:
+			if err, ok := out[len(out)-1].Interface().(error); ok && err != nil {
+				return nil, err
+			}
+			return out[0].Interface(), nil
+		}
+	},
+	new(func(any, string, ...any) any),
+)
+
+func NewExprbased(expression string) (*exprbased, error) {
+	program, err := expr.Compile(expression, expr.Env(&Conn{}), expr.AsInt(), expr.Patch(MethodAsFuncPatcher{}),
+		caller)
+
+	if err != nil {
+		return nil, err
+	}
+	return &exprbased{
+		Program: program,
+	}, nil
+}
+
+func (e *exprbased) Handle(ctx *Conn) SerRet {
+	output, err := expr.Run(e.Program, ctx)
+	if err != nil {
+		panic(err)
+	}
+	ret, _ := output.(int)
+	return SerRet(ret)
+}

ui/builtin.go

@@ -511,6 +511,16 @@ var _builtin_refs_assertions = map[string]Assert{
 			},
 		},
 	},
+	"builtin::http::expr": {
+		Type:     "string",
+		Required: true,
+		Desc:     "expression-based authentication backend",
+	},
+	"builtin::tcp::expr": {
+		Type:     "string",
+		Required: true,
+		Desc:     "expression-based TCP backend",
+	},
 	"builtin::auth::knocked": {
 		Type: "map",
 		Sub: AssertMap{
@@ -1385,6 +1395,24 @@ var _builtin_refs = map[string]Inst{
 
 		return policyd, nil
 	},
+	"builtin::http::expr": func(spec *ArgNode) (any, error) {
+		expression := spec.ToString()
+
+		zlog.Debug().
+			Str("expression", expression).
+			Msg("new http expr backend")
+
+		return http.NewExprbased(expression)
+	},
+	"builtin::tcp::expr": func(spec *ArgNode) (any, error) {
+		expression := spec.ToString()
+
+		zlog.Debug().
+			Str("expression", expression).
+			Msg("new tcp expr backend")
+
+		return tcp.NewExprbased(expression)
+	},
 	"builtin::auth::knocked": func(spec *ArgNode) (any, error) {
 		timeout := spec.MustGet("timeout").ToDuration()
 

ui/parser.go

@@ -216,6 +216,14 @@ func (node *ArgNode) IfCompatibleAndConvert(assertions Assert) bool {
 			node.Type = "ptr"
 			return true
 		}
+		if node.Type == "map" {
+			if m, ok := node.Value.(map[string]*ArgNode); ok {
+				if _, ok := m["kind"]; ok {
+					node.Type = "ptr"
+					return true
+				}
+			}
+		}
 	case "duration":
 		if node.Type == "string" {
 			if dur, err := time.ParseDuration(node.Value.(string)); err == nil {