RubyGems - itsi - Versions diffs - 0.1.11 → 0.1.12 - Mend

itsi 0.1.11 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

data/crates/itsi_server/src/ruby_types/mod.rs ADDED Viewed

@@ -0,0 +1,55 @@
+use magnus::{value::Lazy, Module, RClass, RModule};
+pub mod itsi_body_proxy;
+pub mod itsi_grpc_request;
+pub mod itsi_grpc_response;
+pub mod itsi_grpc_stream;
+pub mod itsi_http_request;
+pub mod itsi_http_response;
+pub mod itsi_server;
+pub static ITSI_MODULE: Lazy<RModule> = Lazy::new(|ruby| ruby.define_module("Itsi").unwrap());
+pub static ITSI_SERVER: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("Server", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_SERVER_CONFIG: Lazy<RModule> =
+    Lazy::new(|ruby| ruby.get_inner(&ITSI_SERVER).const_get("Config").unwrap());
+pub static ITSI_REQUEST: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("HttpRequest", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_RESPONSE: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("HttpResponse", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_BODY_PROXY: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("BodyProxy", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_GRPC_REQUEST: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("GrpcRequest", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_GRPC_STREAM: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("GrpcStream", ruby.class_object())
+        .unwrap()
+});
+pub static ITSI_GRPC_RESPONSE: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&ITSI_MODULE)
+        .define_class("GrpcResponse", ruby.class_object())
+        .unwrap()
+});

data/crates/itsi_server/src/server/bind.rs CHANGED Viewed

@@ -31,13 +31,21 @@ pub struct Bind {
     pub tls_config: Option<ItsiTlsAcceptor>,
 }
+impl Bind {
+    pub fn listener_address_string(&self) -> String {
+        match &self.address {
+            BindAddress::Ip(ip) => format!("tcp://{}:{}", ip.to_canonical(), self.port.unwrap()),
+            BindAddress::UnixSocket(path) => {
+                format!("unix://{}", path.as_path().to_str().unwrap())
+            }
+        }
+    }
+}
 impl std::fmt::Debug for Bind {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match &self.address {
             BindAddress::Ip(ip) => match self.protocol {
-                BindProtocol::Unix | BindProtocol::Unixs => {
-                    write!(f, "{}://{}", self.protocol, ip)
-                }
                 BindProtocol::Https if self.port == Some(443) => {
                     write!(f, "{}://{}", self.protocol, ip)
                 }
@@ -158,8 +166,8 @@ fn resolve_hostname(hostname: &str) -> Option<IpAddr> {
         .to_socket_addrs()
         .ok()?
         .find_map(|addr| {
-            if addr.is_ipv6() {
-                Some(addr.ip()) // Prefer IPv6
+            if addr.is_ipv4() {
+                Some(addr.ip()) // Prefer IPv4
             } else {
                 None
             }

data/crates/itsi_server/src/server/byte_frame.rs ADDED Viewed

@@ -0,0 +1,32 @@
+use std::ops::Deref;
+use bytes::Bytes;
+#[derive(Debug)]
+pub enum ByteFrame {
+    Data(Bytes),
+    End(Bytes),
+    Empty,
+}
+impl Deref for ByteFrame {
+    type Target = Bytes;
+    fn deref(&self) -> &Self::Target {
+        match self {
+            ByteFrame::Data(data) => data,
+            ByteFrame::End(data) => data,
+            ByteFrame::Empty => unreachable!(),
+        }
+    }
+}
+impl From<ByteFrame> for Bytes {
+    fn from(frame: ByteFrame) -> Self {
+        match frame {
+            ByteFrame::Data(data) => data,
+            ByteFrame::End(data) => data,
+            ByteFrame::Empty => unreachable!(),
+        }
+    }
+}

data/crates/itsi_server/src/server/cache_store.rs ADDED Viewed

@@ -0,0 +1,74 @@
+use async_trait::async_trait;
+use redis::aio::ConnectionManager;
+use redis::{Client, RedisError, Script};
+use std::sync::Arc;
+use std::time::Duration;
+#[derive(Debug)]
+pub enum CacheError {
+    RedisError(RedisError),
+    // Other error variants as needed.
+}
+/// A general-purpose cache trait with an atomic “increment with timeout” operation.
+#[async_trait]
+pub trait CacheStore: Send + Sync + std::fmt::Debug {
+    /// Increments the counter associated with `key` and sets (or extends) its expiration.
+    /// Returns the new counter value.
+    async fn increment(&self, key: &str, timeout: Duration) -> Result<u64, CacheError>;
+}
+/// A Redis-backed cache store using an async connection manager.
+/// This uses a TLS-enabled connection when the URL is prefixed with "rediss://".
+#[derive(Clone)]
+pub struct RedisCacheStore {
+    connection: Arc<ConnectionManager>,
+}
+impl std::fmt::Debug for RedisCacheStore {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("RedisCacheStore").finish()
+    }
+}
+impl RedisCacheStore {
+    /// Constructs a new RedisCacheStore.
+    ///
+    /// Use a connection URL like "rediss://host:port" to enable TLS (with rustls under the hood).
+    /// This constructor is async because it sets up the connection manager.
+    pub async fn new(connection_url: &str) -> Result<Self, CacheError> {
+        let client = Client::open(connection_url).map_err(CacheError::RedisError)?;
+        let connection_manager = ConnectionManager::new(client)
+            .await
+            .map_err(CacheError::RedisError)?;
+        Ok(Self {
+            connection: Arc::new(connection_manager),
+        })
+    }
+}
+#[async_trait]
+impl CacheStore for RedisCacheStore {
+    async fn increment(&self, key: &str, timeout: Duration) -> Result<u64, CacheError> {
+        let timeout_secs = timeout.as_secs();
+        // Lua script to:
+        // 1. INCR the key.
+        // 2. If the key doesn't have a TTL, set it.
+        let script = r#"
+            local current = redis.call('INCR', KEYS[1])
+            if redis.call('TTL', KEYS[1]) < 0 then
+                redis.call('EXPIRE', KEYS[1], ARGV[1])
+            end
+            return current
+        "#;
+        let script = Script::new(script);
+        // The ConnectionManager is cloneable and can be used concurrently.
+        let mut connection = (*self.connection).clone();
+        let value: i64 = script
+            .key(key)
+            .arg(timeout_secs)
+            .invoke_async(&mut connection)
+            .await
+            .map_err(CacheError::RedisError)?;
+        Ok(value as u64)
+    }
+}

data/crates/itsi_server/src/server/itsi_service.rs ADDED Viewed

@@ -0,0 +1,172 @@
+use super::listener::ListenerInfo;
+use super::middleware_stack::CompressionAlgorithm;
+use super::middleware_stack::MiddlewareLayer;
+use super::request_job::RequestJob;
+use super::serve_strategy::single_mode::RunningPhase;
+use super::types::HttpRequest;
+use super::types::HttpResponse;
+use crate::ruby_types::itsi_server::itsi_server_config::ServerParams;
+use chrono;
+use chrono::Local;
+use either::Either;
+use hyper::service::Service;
+use itsi_error::ItsiError;
+use regex::Regex;
+use std::sync::OnceLock;
+use std::{future::Future, ops::Deref, pin::Pin, sync::Arc};
+use tokio::sync::watch::{self};
+#[derive(Clone)]
+pub struct ItsiService {
+    pub inner: Arc<IstiServiceInner>,
+}
+impl Deref for ItsiService {
+    type Target = Arc<IstiServiceInner>;
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+pub struct IstiServiceInner {
+    pub sender: async_channel::Sender<RequestJob>,
+    pub server_params: Arc<ServerParams>,
+    pub listener: Arc<ListenerInfo>,
+    pub addr: String,
+    pub shutdown_channel: watch::Receiver<RunningPhase>,
+}
+#[derive(Clone)]
+pub struct RequestContext {
+    inner: Arc<RequestContextInner>,
+}
+impl Deref for RequestContext {
+    type Target = Arc<RequestContextInner>;
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+impl Deref for RequestContextInner {
+    type Target = ItsiService;
+    fn deref(&self) -> &Self::Target {
+        &self.service
+    }
+}
+pub struct RequestContextInner {
+    pub request_id: i128,
+    pub service: ItsiService,
+    pub matching_pattern: Option<Arc<Regex>>,
+    pub compression_method: OnceLock<CompressionAlgorithm>,
+    pub origin: OnceLock<Option<String>>,
+    pub start_time: chrono::DateTime<chrono::Utc>,
+    pub request: Option<Arc<HttpRequest>>,
+    pub request_start_time: OnceLock<chrono::DateTime<Local>>,
+    pub if_none_match: OnceLock<Option<String>>,
+    pub etag_value: OnceLock<Option<String>>,
+}
+impl RequestContext {
+    fn new(service: ItsiService, matching_pattern: Option<Arc<Regex>>) -> Self {
+        RequestContext {
+            inner: Arc::new(RequestContextInner {
+                request_id: rand::random::<i128>(),
+                service,
+                matching_pattern,
+                compression_method: OnceLock::new(),
+                origin: OnceLock::new(),
+                start_time: chrono::Utc::now(),
+                request: None,
+                request_start_time: OnceLock::new(),
+                if_none_match: OnceLock::new(),
+                etag_value: OnceLock::new(),
+            }),
+        }
+    }
+    pub fn set_compression_method(&self, method: CompressionAlgorithm) {
+        self.inner.compression_method.set(method).unwrap();
+    }
+    pub fn set_origin(&self, origin: Option<String>) {
+        self.inner.origin.set(origin).unwrap();
+    }
+    pub fn set_if_none_match(&self, value: Option<String>) {
+        self.inner.if_none_match.set(value).unwrap();
+    }
+    pub fn get_if_none_match(&self) -> Option<String> {
+        self.inner.if_none_match.get().cloned().flatten()
+    }
+    pub fn request_id(&self) -> String {
+        self.inner.request_id.to_string()
+    }
+    pub fn track_start_time(&self) {
+        self.inner
+            .request_start_time
+            .get_or_init(chrono::Local::now);
+    }
+    pub fn start_time(&self) -> Option<chrono::DateTime<Local>> {
+        self.inner.request_start_time.get().cloned()
+    }
+    pub fn get_response_time(&self) -> Option<chrono::TimeDelta> {
+        self.inner
+            .request_start_time
+            .get()
+            .map(|instant| Local::now() - instant)
+    }
+}
+impl Service<HttpRequest> for ItsiService {
+    type Response = HttpResponse;
+    type Error = ItsiError;
+    type Future = Pin<Box<dyn Future<Output = itsi_error::Result<HttpResponse>> + Send>>;
+    // This is called once per incoming Request.
+    fn call(&self, req: HttpRequest) -> Self::Future {
+        let params = self.server_params.clone();
+        let self_clone = self.clone();
+        Box::pin(async move {
+            let mut req = req;
+            let mut resp: Option<HttpResponse> = None;
+            let (stack, matching_pattern) = params.middleware.get().unwrap().stack_for(&req);
+            let mut context = RequestContext::new(self_clone, matching_pattern);
+            let mut depth = 0;
+            for (index, elm) in stack.iter().enumerate() {
+                match elm.before(req, &mut context).await {
+                    Ok(Either::Left(r)) => req = r,
+                    Ok(Either::Right(r)) => {
+                        resp = Some(r);
+                        depth = index;
+                        break;
+                    }
+                    Err(e) => return Err(e.into()),
+                }
+            }
+            let mut resp = match resp {
+                Some(r) => r,
+                None => {
+                    return Err(ItsiError::InternalServerError(
+                        "No response returned from middleware stack".to_string(),
+                    ))
+                }
+            };
+            for elm in stack.iter().rev().skip(stack.len() - depth - 1) {
+                resp = elm.after(resp, &mut context).await;
+            }
+            Ok(resp)
+        })
+    }
+}

data/crates/itsi_server/src/server/lifecycle_event.rs CHANGED Viewed

@@ -3,7 +3,10 @@ pub enum LifecycleEvent {
     Start,
     Shutdown,
     Restart,
+    Reload,
     IncreaseWorkers,
     DecreaseWorkers,
     ForceShutdown,
+    PrintInfo,
+    ChildTerminated,
 }

data/crates/itsi_server/src/server/listener.rs CHANGED Viewed

@@ -6,7 +6,9 @@ use super::tls::ItsiTlsAcceptor;
 use itsi_error::{ItsiError, Result};
 use itsi_tracing::info;
 use socket2::{Domain, Protocol, Socket, Type};
+use std::fmt::Display;
 use std::net::{IpAddr, SocketAddr, TcpListener};
+use std::os::fd::{AsRawFd, FromRawFd, RawFd};
 use std::sync::Arc;
 use std::{os::unix::net::UnixListener, path::PathBuf};
 use tokio::net::TcpListener as TokioTcpListener;
@@ -241,6 +243,32 @@ impl std::fmt::Display for SockAddr {
         }
     }
 }
+impl Display for Listener {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Listener::Tcp(listener) | Listener::TcpTls((listener, _)) => write!(
+                f,
+                "{}",
+                listener
+                    .local_addr()
+                    .map(|addr| addr.to_string())
+                    .unwrap_or_else(|_| "".to_string())
+            ),
+            Listener::Unix(listener) | Listener::UnixTls((listener, _)) => write!(
+                f,
+                "{}",
+                listener
+                    .local_addr()
+                    .map(|addr| addr
+                        .as_pathname()
+                        .map(|path| path.to_str().unwrap_or("").to_owned())
+                        .unwrap_or_default())
+                    .unwrap_or_else(|_| "".to_string())
+            ),
+        }
+    }
+}
 impl Listener {
     pub fn into_tokio_listener(self) -> TokioListener {
@@ -261,6 +289,58 @@ impl Listener {
             ),
         }
     }
+    /// Handover information when using exec to hand over the listener to a replacement process.
+    pub fn handover(&self) -> Result<(String, i32)> {
+        match self {
+            Listener::Tcp(listener) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("tcp://{}:{}", addr.ip().to_canonical(), addr.port()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::TcpTls((listener, _)) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("tcp://{}:{}", addr.ip().to_canonical(), addr.port()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::Unix(listener) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("unix://{}", addr.as_pathname().unwrap().to_str().unwrap()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::UnixTls((listener, _)) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("unix://{}", addr.as_pathname().unwrap().to_str().unwrap()),
+                    listener.as_raw_fd(),
+                ))
+            }
+        }
+    }
+    pub fn inherit_fd(bind: Bind, fd: RawFd) -> Result<Self> {
+        let bound = match bind.address {
+            BindAddress::Ip(_) => match bind.protocol {
+                BindProtocol::Http => Listener::Tcp(revive_tcp_socket(fd)?),
+                BindProtocol::Https => {
+                    let tcp_listener = revive_tcp_socket(fd)?;
+                    Listener::TcpTls((tcp_listener, bind.tls_config.unwrap()))
+                }
+                _ => unreachable!(),
+            },
+            BindAddress::UnixSocket(_) => match bind.tls_config {
+                Some(tls_config) => Listener::UnixTls((revive_unix_socket(fd)?, tls_config)),
+                None => Listener::Unix(revive_unix_socket(fd)?),
+            },
+        };
+        Ok(bound)
+    }
 }
 impl TryFrom<Bind> for Listener {
@@ -285,6 +365,27 @@ impl TryFrom<Bind> for Listener {
     }
 }
+fn revive_tcp_socket(fd: RawFd) -> Result<TcpListener> {
+    let socket = unsafe { Socket::from_raw_fd(fd) };
+    socket.set_reuse_port(true).ok();
+    socket.set_reuse_address(true).ok();
+    socket.set_nonblocking(true).ok();
+    socket.set_nodelay(true).ok();
+    socket.set_recv_buffer_size(262_144).ok();
+    socket.set_cloexec(true)?;
+    socket.listen(1024)?;
+    Ok(socket.into())
+}
+fn revive_unix_socket(fd: RawFd) -> Result<UnixListener> {
+    let socket = unsafe { Socket::from_raw_fd(fd) };
+    socket.set_nonblocking(true).ok();
+    socket.listen(1024)?;
+    socket.set_cloexec(true)?;
+    Ok(socket.into())
+}
 fn connect_tcp_socket(addr: IpAddr, port: u16) -> Result<TcpListener> {
     let domain = match addr {
         IpAddr::V4(_) => Domain::IPV4,
@@ -297,7 +398,7 @@ fn connect_tcp_socket(addr: IpAddr, port: u16) -> Result<TcpListener> {
     socket.set_nonblocking(true).ok();
     socket.set_nodelay(true).ok();
     socket.set_recv_buffer_size(262_144).ok();
-    info!("Binding to {:?}", socket_address);
+    socket.set_only_v6(false).ok();
     socket.bind(&socket_address.into())?;
     socket.listen(1024)?;
     Ok(socket.into())
@@ -310,7 +411,6 @@ fn connect_unix_socket(path: &PathBuf) -> Result<UnixListener> {
     let socket_address = socket2::SockAddr::unix(path)?;
-    info!("Binding to {:?}", path);
     socket.bind(&socket_address)?;
     socket.listen(1024)?;

data/crates/itsi_server/src/server/middleware_stack/middleware.rs ADDED Viewed

@@ -0,0 +1,153 @@
+use super::middlewares::*;
+use crate::server::{
+    itsi_service::RequestContext,
+    types::{HttpRequest, HttpResponse},
+};
+use async_trait::async_trait;
+use either::Either;
+use magnus::error::Result;
+use std::cmp::Ordering;
+#[derive(Debug)]
+pub enum Middleware {
+    AllowList(AllowList),
+    AuthAPIKey(AuthAPIKey),
+    AuthBasic(AuthBasic),
+    AuthJwt(Box<AuthJwt>),
+    CacheControl(CacheControl),
+    Compression(Compression),
+    Cors(Box<Cors>),
+    DenyList(DenyList),
+    ETag(ETag),
+    IntrusionProtection(IntrusionProtection),
+    LogRequests(LogRequests),
+    Proxy(Proxy),
+    RateLimit(RateLimit),
+    Redirect(Redirect),
+    RequestHeaders(RequestHeaders),
+    ResponseHeaders(ResponseHeaders),
+    RubyApp(RubyApp),
+    StaticAssets(StaticAssets),
+}
+#[async_trait]
+impl MiddlewareLayer for Middleware {
+    /// Called just once, to initialize the middleware state.
+    async fn initialize(&self) -> Result<()> {
+        match self {
+            Middleware::DenyList(filter) => filter.initialize().await,
+            Middleware::AllowList(filter) => filter.initialize().await,
+            Middleware::AuthBasic(filter) => filter.initialize().await,
+            Middleware::AuthJwt(filter) => filter.initialize().await,
+            Middleware::AuthAPIKey(filter) => filter.initialize().await,
+            Middleware::IntrusionProtection(filter) => filter.initialize().await,
+            Middleware::RateLimit(filter) => filter.initialize().await,
+            Middleware::RequestHeaders(filter) => filter.initialize().await,
+            Middleware::ResponseHeaders(filter) => filter.initialize().await,
+            Middleware::CacheControl(filter) => filter.initialize().await,
+            Middleware::Cors(filter) => filter.initialize().await,
+            Middleware::ETag(filter) => filter.initialize().await,
+            Middleware::StaticAssets(filter) => filter.initialize().await,
+            Middleware::Compression(filter) => filter.initialize().await,
+            Middleware::LogRequests(filter) => filter.initialize().await,
+            Middleware::Redirect(filter) => filter.initialize().await,
+            Middleware::Proxy(filter) => filter.initialize().await,
+            Middleware::RubyApp(filter) => filter.initialize().await,
+        }
+    }
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut RequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        match self {
+            Middleware::DenyList(filter) => filter.before(req, context).await,
+            Middleware::AllowList(filter) => filter.before(req, context).await,
+            Middleware::AuthBasic(filter) => filter.before(req, context).await,
+            Middleware::AuthJwt(filter) => filter.before(req, context).await,
+            Middleware::AuthAPIKey(filter) => filter.before(req, context).await,
+            Middleware::IntrusionProtection(filter) => filter.before(req, context).await,
+            Middleware::RequestHeaders(filter) => filter.before(req, context).await,
+            Middleware::ResponseHeaders(filter) => filter.before(req, context).await,
+            Middleware::RateLimit(filter) => filter.before(req, context).await,
+            Middleware::CacheControl(filter) => filter.before(req, context).await,
+            Middleware::Cors(filter) => filter.before(req, context).await,
+            Middleware::ETag(filter) => filter.before(req, context).await,
+            Middleware::StaticAssets(filter) => filter.before(req, context).await,
+            Middleware::Compression(filter) => filter.before(req, context).await,
+            Middleware::LogRequests(filter) => filter.before(req, context).await,
+            Middleware::Redirect(filter) => filter.before(req, context).await,
+            Middleware::Proxy(filter) => filter.before(req, context).await,
+            Middleware::RubyApp(filter) => filter.before(req, context).await,
+        }
+    }
+    async fn after(&self, res: HttpResponse, context: &mut RequestContext) -> HttpResponse {
+        match self {
+            Middleware::DenyList(filter) => filter.after(res, context).await,
+            Middleware::AllowList(filter) => filter.after(res, context).await,
+            Middleware::AuthBasic(filter) => filter.after(res, context).await,
+            Middleware::AuthJwt(filter) => filter.after(res, context).await,
+            Middleware::AuthAPIKey(filter) => filter.after(res, context).await,
+            Middleware::IntrusionProtection(filter) => filter.after(res, context).await,
+            Middleware::RateLimit(filter) => filter.after(res, context).await,
+            Middleware::RequestHeaders(filter) => filter.after(res, context).await,
+            Middleware::ResponseHeaders(filter) => filter.after(res, context).await,
+            Middleware::CacheControl(filter) => filter.after(res, context).await,
+            Middleware::Cors(filter) => filter.after(res, context).await,
+            Middleware::ETag(filter) => filter.after(res, context).await,
+            Middleware::StaticAssets(filter) => filter.after(res, context).await,
+            Middleware::Compression(filter) => filter.after(res, context).await,
+            Middleware::LogRequests(filter) => filter.after(res, context).await,
+            Middleware::Redirect(filter) => filter.after(res, context).await,
+            Middleware::Proxy(filter) => filter.after(res, context).await,
+            Middleware::RubyApp(filter) => filter.after(res, context).await,
+        }
+    }
+}
+impl Middleware {
+    fn variant_order(&self) -> usize {
+        match self {
+            Middleware::DenyList(_) => 0,
+            Middleware::AllowList(_) => 1,
+            Middleware::IntrusionProtection(_) => 2,
+            Middleware::Redirect(_) => 3,
+            Middleware::LogRequests(_) => 4,
+            Middleware::CacheControl(_) => 5,
+            Middleware::RequestHeaders(_) => 6,
+            Middleware::ResponseHeaders(_) => 7,
+            Middleware::AuthBasic(_) => 8,
+            Middleware::AuthJwt(_) => 9,
+            Middleware::AuthAPIKey(_) => 10,
+            Middleware::RateLimit(_) => 11,
+            Middleware::ETag(_) => 12,
+            Middleware::Compression(_) => 13,
+            Middleware::Proxy(_) => 14,
+            Middleware::Cors(_) => 15,
+            Middleware::StaticAssets(_) => 16,
+            Middleware::RubyApp(_) => 17,
+        }
+    }
+}
+impl PartialEq for Middleware {
+    fn eq(&self, other: &Self) -> bool {
+        self.variant_order() == other.variant_order()
+    }
+}
+impl Eq for Middleware {}
+impl PartialOrd for Middleware {
+    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
+        Some(self.variant_order().cmp(&other.variant_order()))
+    }
+}
+impl Ord for Middleware {
+    fn cmp(&self, other: &Self) -> Ordering {
+        self.variant_order().cmp(&other.variant_order())
+    }
+}