fix(proxy): only route GET to dfdaemon, bypass other methods

dragonfly-client/src/proxy/mod.rs

@@ -381,24 +381,34 @@ pub async fn http_handler(
     }
 
     // If find the matching rule, proxy the request via the dfdaemon.
+    // Only GET requests are routed to P2P; other methods (HEAD/PUT/POST/DELETE)
+    // fall through to direct proxy to avoid data loss.
     let request_uri = request.uri();
     if let Some(rule) = find_matching_rule(
         config.proxy.rules.as_deref(),
         url::Url::parse(&request_uri.to_string()).or_err(ErrorType::ParseError)?,
     ) {
-        info!(
-            "proxy HTTP request via dfdaemon by rule config: {:?}",
+        if request.method() == Method::GET {
+            info!(
+                "proxy HTTP request via dfdaemon by rule config: {:?}",
+                request
+            );
+
+            return proxy_via_dfdaemon(
+                config,
+                task,
+                &rule,
+                request,
+                remote_ip,
+                dfdaemon_download_client,
+            )
+            .await;
+        }
+
+        debug!(
+            "proxy HTTP request bypassing dfdaemon for non-GET method: {:?}",
             request
         );
-        return proxy_via_dfdaemon(
-            config,
-            task,
-            &rule,
-            request,
-            remote_ip,
-            dfdaemon_download_client,
-        )
-        .await;
     }
 
     // If the request header contains the X-Dragonfly-Use-P2P header, proxy the request via the
@@ -408,29 +418,39 @@ pub async fn http_handler(
             "proxy HTTP request via dfdaemon by X-Dragonfly-Use-P2P header: {:?}",
             request
         );
-        return proxy_via_dfdaemon(
-            config,
-            task,
-            &Rule::default(),
-            request,
-            remote_ip,
-            dfdaemon_download_client,
-        )
-        .await;
+
+        if request.method() == Method::GET {
+            return proxy_via_dfdaemon(
+                config,
+                task,
+                &Rule::default(),
+                request,
+                remote_ip,
+                dfdaemon_download_client,
+            )
+            .await;
+        }
+
+        debug!(
+            "proxy HTTP request bypassing dfdaemon for non-GET method: {:?}",
+            request
+        );
     }
 
     if request.uri().scheme().cloned() == Some(http::uri::Scheme::HTTPS) {
         info!(
             "proxy HTTPS request directly to remote server: {:?}",
             request
         );
+
         return proxy_via_https(request, registry_cert).await;
     }
 
     info!(
         "proxy HTTP request directly to remote server: {:?}",
         request
     );
+
     return proxy_via_http(request).await;
 }
 
@@ -617,56 +637,76 @@ pub async fn upgraded_handler(
     }
 
     // If find the matching rule, proxy the request via the dfdaemon.
+    // Only GET requests are routed to P2P; other methods (HEAD/PUT/POST/DELETE)
+    // fall through to direct proxy to avoid data loss.
     let request_uri = request.uri();
     if let Some(rule) = find_matching_rule(
         config.proxy.rules.as_deref(),
         url::Url::parse(&request_uri.to_string()).or_err(ErrorType::ParseError)?,
     ) {
-        info!(
-            "proxy HTTPS request via dfdaemon by rule config: {:?}",
+        if request.method() == Method::GET {
+            info!(
+                "proxy HTTPS request via dfdaemon by rule config: {:?}",
+                request,
+            );
+
+            return proxy_via_dfdaemon(
+                config,
+                task,
+                &rule,
+                request,
+                remote_ip,
+                dfdaemon_download_client,
+            )
+            .await;
+        }
+
+        debug!(
+            "proxy HTTPS request bypassing dfdaemon for non-GET method: {:?}",
             request,
         );
-        return proxy_via_dfdaemon(
-            config,
-            task,
-            &rule,
-            request,
-            remote_ip,
-            dfdaemon_download_client,
-        )
-        .await;
     }
 
     // If the request header contains the X-Dragonfly-Use-P2P header, proxy the request via the
     // dfdaemon.
     if header::get_use_p2p(request.headers()) {
-        info!(
-            "proxy HTTP request via dfdaemon by X-Dragonfly-Use-P2P header: {:?}",
+        if request.method() == Method::GET {
+            info!(
+                "proxy HTTP request via dfdaemon by X-Dragonfly-Use-P2P header: {:?}",
+                request,
+            );
+
+            return proxy_via_dfdaemon(
+                config,
+                task,
+                &Rule::default(),
+                request,
+                remote_ip,
+                dfdaemon_download_client,
+            )
+            .await;
+        }
+
+        debug!(
+            "proxy HTTPS request bypassing dfdaemon for non-GET method: {:?}",
             request,
         );
-        return proxy_via_dfdaemon(
-            config,
-            task,
-            &Rule::default(),
-            request,
-            remote_ip,
-            dfdaemon_download_client,
-        )
-        .await;
     }
 
     if request.uri().scheme().cloned() == Some(http::uri::Scheme::HTTPS) {
         info!(
             "proxy HTTPS request directly to remote server: {:?}",
             request,
         );
+
         return proxy_via_https(request, registry_cert).await;
     }
 
     info!(
         "proxy HTTP request directly to remote server: {:?}",
         request,
     );
+
     return proxy_via_http(request).await;
 }