feat(anubis): enable pprof endpoints on the metrics server

Closes: #1366
Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/actions/spelling/expect.txt

@@ -253,7 +253,6 @@ oci
 OCOB
 ogtag
 oklch
-oldstable
 omgili
 omgilibot
 openai

.github/workflows/go.yml

@@ -12,11 +12,6 @@ permissions:
 
 jobs:
   go_tests:
-    strategy:
-      matrix:
-        go_version:
-          - oldstable
-          - stable
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
@@ -31,11 +26,10 @@ jobs:
 
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          node-version: "latest"
-
-      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+          node-version: "24.11.0"
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
         with:
-          go-version: ${{ matrix.go_version }}
+          go-version: "stable"
 
       - name: Cache playwright binaries
         uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3

cmd/anubis/main.go

@@ -17,6 +17,7 @@ import (
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"net/http/pprof"
 	"net/url"
 	"os"
 	"os/signal"
@@ -522,6 +523,11 @@ func metricsServer(ctx context.Context, lg slog.Logger, done func()) {
 	defer done()
 
 	mux := http.NewServeMux()
+	mux.HandleFunc("GET /debug/pprof/", pprof.Index)
+	mux.HandleFunc("GET /debug/pprof/cmdline", pprof.Cmdline)
+	mux.HandleFunc("GET /debug/pprof/profile", pprof.Profile)
+	mux.HandleFunc("GET /debug/pprof/symbol", pprof.Symbol)
+	mux.HandleFunc("GET /debug/pprof/trace", pprof.Trace)
 	mux.Handle("/metrics", promhttp.Handler())
 	mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		st, ok := internal.GetHealth("anubis")

docs/docs/CHANGELOG.md

@@ -11,12 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Expose [pprof endpoints](https://pkg.go.dev/net/http/pprof) on the metrics listener to enable profiling Anubis in production.
 - fix: prevent nil pointer panic in challenge validation when threshold rules match during PassChallenge (#1463)
 - Instruct reverse proxies to not cache error pages.
 - Fixed mixed tab/space indentation in Caddy documentation code block
 
 <!-- This changes the project to: -->
-- Fix CEL internal errors when iterating `headers`/`query` map wrappers by implementing map iterators for `HTTPHeaders` and `URLValues` ([#1465](https://github.com/TecharoHQ/anubis/pull/1465)).
 
 ## v1.25.0: Necron
 

lib/policy/celchecker_test.go

@@ -1,44 +0,0 @@
-package policy
-
-import (
-	"net/http"
-	"testing"
-
-	"github.com/TecharoHQ/anubis/internal/dns"
-	"github.com/TecharoHQ/anubis/lib/config"
-	"github.com/TecharoHQ/anubis/lib/store/memory"
-)
-
-func newTestDNS(t *testing.T) *dns.Dns {
-	t.Helper()
-
-	ctx := t.Context()
-	memStore := memory.New(ctx)
-	cache := dns.NewDNSCache(300, 300, memStore)
-	return dns.New(ctx, cache)
-}
-
-func TestCELChecker_MapIterationWrappers(t *testing.T) {
-	cfg := &config.ExpressionOrList{
-		Expression: `headers.exists(k, k == "Accept") && query.exists(k, k == "format")`,
-	}
-
-	checker, err := NewCELChecker(cfg, newTestDNS(t))
-	if err != nil {
-		t.Fatalf("creating CEL checker failed: %v", err)
-	}
-
-	req, err := http.NewRequest(http.MethodGet, "https://example.com/?format=json", nil)
-	if err != nil {
-		t.Fatalf("making request failed: %v", err)
-	}
-	req.Header.Set("Accept", "application/json")
-
-	got, err := checker.Check(req)
-	if err != nil {
-		t.Fatalf("checking expression failed: %v", err)
-	}
-	if !got {
-		t.Fatal("expected expression to evaluate true")
-	}
-}

lib/policy/expressions/http_headers.go

@@ -66,9 +66,7 @@ func (h HTTPHeaders) Get(key ref.Val) ref.Val {
 	return result
 }
 
-func (h HTTPHeaders) Iterator() traits.Iterator {
-	return newMapIterator(h.Header)
-}
+func (h HTTPHeaders) Iterator() traits.Iterator { panic("TODO(Xe): implement me") }
 
 func (h HTTPHeaders) IsZeroValue() bool {
 	return len(h.Header) == 0

lib/policy/expressions/map_iterator.go

@@ -1,60 +0,0 @@
-package expressions
-
-import (
-	"errors"
-	"maps"
-	"reflect"
-	"slices"
-
-	"github.com/google/cel-go/common/types"
-	"github.com/google/cel-go/common/types/ref"
-	"github.com/google/cel-go/common/types/traits"
-)
-
-var ErrNotImplemented = errors.New("expressions: not implemented")
-
-type stringSliceIterator struct {
-	keys []string
-	idx  int
-}
-
-func (s *stringSliceIterator) Value() any {
-	return s
-}
-
-func (s *stringSliceIterator) ConvertToNative(typeDesc reflect.Type) (any, error) {
-	return nil, ErrNotImplemented
-}
-
-func (s *stringSliceIterator) ConvertToType(typeValue ref.Type) ref.Val {
-	return types.NewErr("can't convert from %q to %q", types.IteratorType, typeValue)
-}
-
-func (s *stringSliceIterator) Equal(other ref.Val) ref.Val {
-	return types.NewErr("can't compare %q to %q", types.IteratorType, other.Type())
-}
-
-func (s *stringSliceIterator) Type() ref.Type {
-	return types.IteratorType
-}
-
-func (s *stringSliceIterator) HasNext() ref.Val {
-	return types.Bool(s.idx < len(s.keys))
-}
-
-func (s *stringSliceIterator) Next() ref.Val {
-	if s.HasNext() != types.True {
-		return nil
-	}
-
-	val := s.keys[s.idx]
-	s.idx++
-	return types.String(val)
-}
-
-func newMapIterator(m map[string][]string) traits.Iterator {
-	return &stringSliceIterator{
-		keys: slices.Collect(maps.Keys(m)),
-		idx:  0,
-	}
-}

lib/policy/expressions/url_values.go

@@ -1,6 +1,7 @@
 package expressions
 
 import (
+	"errors"
 	"net/url"
 	"reflect"
 	"strings"
@@ -10,6 +11,8 @@ import (
 	"github.com/google/cel-go/common/types/traits"
 )
 
+var ErrNotImplemented = errors.New("expressions: not implemented")
+
 // URLValues is a type wrapper to expose url.Values into CEL programs.
 type URLValues struct {
 	url.Values
@@ -66,9 +69,7 @@ func (u URLValues) Get(key ref.Val) ref.Val {
 	return result
 }
 
-func (u URLValues) Iterator() traits.Iterator {
-	return newMapIterator(u.Values)
-}
+func (u URLValues) Iterator() traits.Iterator { panic("TODO(Xe): implement me") }
 
 func (u URLValues) IsZeroValue() bool {
 	return len(u.Values) == 0