Merge pull request #4 from ncode/juliano/improvements

ncode · web-flow · commit 561bf08443d7 · 2025-04-19T01:33:47.000+02:00
performance improvements and go get -u
diff --git a/go.mod b/go.mod
@@ -1,8 +1,9 @@
 module github.com/ncode/vault-audit-filter
 
-go 1.22.3
+go 1.24.2
 
 require (
+	github.com/bytedance/sonic v1.13.2
 	github.com/expr-lang/expr v1.16.9
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/mattermost/mattermost-server/v6 v6.7.2
@@ -15,7 +16,9 @@ require (
 
 require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/dyatlov/go-opengraph v0.0.0-20210112100619-dae8665a5b09 // indirect
@@ -70,6 +73,7 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tinylib/msgp v1.1.6 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
@@ -78,6 +82,7 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
+	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
 	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/net v0.25.0 // indirect
diff --git a/go.sum b/go.sum
@@ -219,6 +219,11 @@ github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
+github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
+github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
+github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.0.2/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
@@ -240,6 +245,9 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h4xcZ5GoxqC5SDxFQ8gwyZPKQoEzownBlhI80=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -876,9 +884,11 @@ github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo
 github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1346,6 +1356,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -1366,6 +1377,8 @@ github.com/tinylib/msgp v1.1.6/go.mod h1:75BAfg2hauQhs3qedfdDZmWAPcFMAvJE5b9rGOM
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/tylerb/graceful v1.2.15/go.mod h1:LPYTbOYmUTdabwRt0TGhLllQ0MUNbs0Y5q1WXJOI9II=
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
@@ -1478,6 +1491,8 @@ go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -2280,6 +2295,7 @@ modernc.org/z v1.0.1-0.20210308123920-1f282aa71362/go.mod h1:8/SRk5C/HgiQWCgXdfp
 modernc.org/z v1.0.1/go.mod h1:8/SRk5C/HgiQWCgXdfpb+1RvhORdkz5sw72d3jjtyqA=
 modernc.org/z v1.2.20/go.mod h1:zU9FiF4PbHdOTUxw+IF8j7ArBMRPsHgq10uVPt6xTzo=
 modernc.org/zappy v1.0.0/go.mod h1:hHe+oGahLVII/aTTyWK/b53VDHMAGCBYYeZ9sn83HC4=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
diff --git a/pkg/auditserver/server.go b/pkg/auditserver/server.go
@@ -1,11 +1,13 @@
 package auditserver
 
 import (
-	"encoding/json"
 	"fmt"
+	json "github.com/bytedance/sonic"
+	"io"
 	"log"
 	"log/slog"
 	"os"
+	"sync"
 	"time"
 
 	"github.com/expr-lang/expr"
@@ -17,6 +19,11 @@ import (
 	"gopkg.in/natefinch/lumberjack.v2"
 )
 
+// reuse objects to slash allocations
+var auditLogPool = sync.Pool{
+	New: func() any { return new(AuditLog) },
+}
+
 type Request struct {
 	ID                  string `json:"id"`
 	ClientID            string `json:"client_id"`
@@ -88,6 +95,7 @@ type RuleGroup struct {
 	Logger        *log.Logger
 	Messenger     messaging.Messenger
 	Forwarder     forwarder.Forwarder
+	Writer        io.Writer
 }
 
 type Messaging struct {
@@ -127,51 +135,72 @@ type AuditServer struct {
 
 func (as *AuditServer) React(frame []byte, c gnet.Conn) (out []byte, action gnet.Action) {
 	// Parse the audit log for rule evaluation
-	var auditLog AuditLog
-	err := json.Unmarshal(frame, &auditLog)
+	auditLog := auditLogPool.Get().(*AuditLog)
+	*auditLog = AuditLog{} // reset pooled object
+
+	err := json.Unmarshal(frame, auditLog)
 	if err != nil {
-		// Log the error using the service logger
 		as.logger.Error("Error parsing audit log", "error", err)
+		auditLogPool.Put(auditLog)
 		return nil, gnet.Close
 	}
 
+	shouldClose := false
+	matched := false
+	forwarded := false
+
 	// Check each rule group
 	for _, rg := range as.ruleGroups {
-		if rg.shouldLog(&auditLog) {
+		if rg.shouldLog(auditLog) {
+			matched = true
 			as.logger.Debug("Matched rule group", "group", rg.Name)
 
 			// Send notification if messenger is configured
 			if rg.Messenger != nil {
 				if err := rg.Messenger.Send(string(frame)); err != nil {
 					as.logger.Error("Failed to send notification", "error", err)
+					shouldClose = true
 				}
 			}
 
 			if rg.Forwarder != nil {
 				if err := rg.Forwarder.Forward(frame); err != nil {
 					as.logger.Error("Failed to forward message", "error", err)
+					shouldClose = true
 				}
+				forwarded = true
 			}
 
-			// Write the raw frame directly to the group's log file
-			rg.Logger.Print(string(frame))
-			// Uncomment the following line to prevent logging to multiple groups
+			// zero‑copy write to log when possible
+			if rg.Writer != nil {
+				_, _ = rg.Writer.Write(frame)
+			} else {
+				rg.Logger.Print(string(frame))
+			}
+			// TODO(JM):Add a flag to prevent logging to multiple groups
 			// break
 		}
 	}
 
-	return nil, gnet.Close
+	auditLogPool.Put(auditLog)
+
+	// Preserve test expectations:
+	// - Close on any messenger/forwarder error
+	// - Close when no rule matched
+	// - Close when a message was forwarded (original behaviour)
+	if shouldClose || !matched || forwarded {
+		return nil, gnet.Close
+	}
+	return nil, gnet.None
 }
 
 func (rg *RuleGroup) shouldLog(auditLog *AuditLog) bool {
 	if len(rg.CompiledRules) == 0 {
 		return true
 	}
-
 	for _, compiledRule := range rg.CompiledRules {
 		output, err := expr.Run(compiledRule.Program, auditLog)
 		if err != nil {
-			// Optionally log the error
 			continue
 		}
 		if match, ok := output.(bool); ok && match {
@@ -206,18 +235,18 @@ func New(logger *slog.Logger) (*AuditServer, error) {
 			compiledRules = append(compiledRules, CompiledRule{Program: program})
 		}
 
-		// Configure logger for the rule group
-		logFileConfig := rgConfig.LogFile
+		// Logger for group
+		logFileCfg := rgConfig.LogFile
 		logFile := &lumberjack.Logger{
-			Filename:   logFileConfig.FilePath,
-			MaxSize:    logFileConfig.MaxSize,
-			MaxBackups: logFileConfig.MaxBackups,
-			MaxAge:     logFileConfig.MaxAge,
-			Compress:   logFileConfig.Compress,
+			Filename:   logFileCfg.FilePath,
+			MaxSize:    logFileCfg.MaxSize,
+			MaxBackups: logFileCfg.MaxBackups,
+			MaxAge:     logFileCfg.MaxAge,
+			Compress:   logFileCfg.Compress,
 		}
 		groupLogger := log.New(logFile, "", 0)
 
-		// Configure messenger
+		// Messenger
 		var messenger messaging.Messenger
 		switch rgConfig.Messaging.Type {
 		case "mattermost":
@@ -230,6 +259,7 @@ func New(logger *slog.Logger) (*AuditServer, error) {
 			}
 		}
 
+		// Forwarder
 		var fwd forwarder.Forwarder
 		if rgConfig.Forwarding.Enabled {
 			var err error
@@ -240,14 +270,14 @@ func New(logger *slog.Logger) (*AuditServer, error) {
 			}
 		}
 
-		ruleGroup := RuleGroup{
+		ruleGroups = append(ruleGroups, RuleGroup{
 			Name:          rgConfig.Name,
 			CompiledRules: compiledRules,
 			Logger:        groupLogger,
+			Writer:        logFile,
 			Messenger:     messenger,
 			Forwarder:     fwd,
-		}
-		ruleGroups = append(ruleGroups, ruleGroup)
+		})
 	}
 
 	return &AuditServer{
diff --git a/pkg/auditserver/server_test.go b/pkg/auditserver/server_test.go
