wip

davidor · davidor · commit 31ce2e97d592 · 2017-11-23T19:06:25.000+01:00
diff --git a/gateway/src/apicast/policy/headers.lua b/gateway/src/apicast/policy/headers.lua
@@ -0,0 +1,101 @@
+--- Headers policy
+-- This policy allows to include custom headers that will be sent to the
+-- upstream as well as delete headers included in the request that should not
+-- be sent to the upstream.
+-- Similarly, this policy also allows to add and delete headers of the
+-- response.
+
+local ipairs = ipairs
+
+local policy = require('apicast.policy')
+local _M = policy.new('Headers policy')
+
+local new = _M.new
+
+local function set_request_header(header, value)
+  ngx.req.clear_header(header)
+
+  if value and value ~= '' then
+    ngx.req.set_header(header, value)
+  end
+end
+
+local function add_request_header(header, value)
+  local current_value = ngx.req.get_headers()[header]
+
+  local new_value
+  if current_value then
+    new_value = current_value .. ', ' .. value
+  else
+    new_value = value
+  end
+
+  ngx.req.set_header(header, new_value)
+end
+
+local function set_resp_header(header, value)
+  ngx.header[header] = nil
+
+  if value and value ~= "" then
+    ngx.header[header] = value
+  end
+end
+
+local function add_resp_header(header, value)
+  local current_value = ngx.header[header]
+
+  local new_value
+  if current_value then
+    new_value = current_value .. ', ' .. value
+  else
+    new_value = value
+  end
+
+  ngx.header[header] = new_value
+end
+
+local command_functions = {
+  request = { add = add_request_header, set = set_request_header },
+  response = { add = add_resp_header, set = set_resp_header }
+}
+
+-- header_type can be 'request' or 'response'
+local function run_commands(commands, header_type)
+  for _, command in ipairs(commands) do
+    command_functions[header_type][command.op](command.header, command.value)
+  end
+end
+
+-- Initialize the config so we do not have to check for nulls in the rest of
+-- the code
+local function init_config(config)
+  local res = config or {}
+  res.request = res.request or {}
+  res.response = res.response or {}
+  return res
+end
+
+-- TODO: write documentation
+--- Initialize a Headers policy
+-- @tparam[opt] table config
+-- @field[opt] request
+-- @field[opt] response
+function _M.new(config)
+  local self = new()
+  self.config = init_config(config)
+  return self
+end
+
+function _M:rewrite()
+  run_commands(self.config.request, 'request')
+end
+
+function _M:header_filter()
+  -- Clear the headers we set in the rewrite phase that were only set for the
+  -- upstream.
+  -- TODO
+
+  run_commands(self.config.response, 'response')
+end
+
+return _M
diff --git a/t/apicast-policy-headers.t b/t/apicast-policy-headers.t
@@ -0,0 +1,297 @@
+use lib 't';
+use TestAPIcastBlackbox 'no_plan';
+
+repeat_each(1);
+run_tests();
+
+__DATA__
+
+TODO: Verify that all the headers added in the request are not received in the final response.
+
+=== TEST 1: 'set' operation in request headers
+We test 3 things:
+1) Set op with a header that does not exist creates it with the given value.
+2) Set op with a header that exists, clears it and sets the given value.
+3) Set op with an empty value clears the header.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          { "name": "apicast.policy.apicast" },
+          {
+            "name": "apicast.policy.headers",
+            "configuration":
+              {
+                "request":
+                  [
+                    { "op": "set", "header": "New-Header", "value": "config_value_nh" },
+                    { "op": "set", "header": "Existing-Header", "value": "config_value_eh" },
+                    { "op": "set", "header": "Header-To-Delete", "value": "" }
+                  ]
+              }
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      local expected = "service_token=token-value&service_id=42&usage%5Bhits%5D=2&user_key=value"
+      local args = ngx.var.args
+      if args == expected then
+        ngx.exit(200)
+      else
+        ngx.log(ngx.ERR, expected, ' did not match: ', args)
+        ngx.exit(403)
+      end
+    }
+  }
+--- upstream
+  location / {
+     content_by_lua_block {
+       if ngx.req.get_headers()['New-Header'] ~= 'config_value_nh' then
+         ngx.log(ngx.ERR, "The header 'New-Header' does not have the correct value")
+       elseif ngx.req.get_headers()['Existing-Header'] ~= 'config_value_eh' then
+         ngx.log(ngx.ERR, "The header 'Existing-Header' does not have the correct value")
+       elseif ngx.req.get_headers()['Header-To-Delete'] then
+         ngx.log(ngx.ERR, "Received unexpected 'Header-To-Delete' header")
+       else
+         ngx.say('yay, api backend');
+       end
+     }
+  }
+--- request
+GET /?user_key=value
+Existing-Header: request_value_eh
+Header-To-Delete: request_value_htd
+--- response_body
+yay, api backend
+--- response_headers
+New-Header:
+Existing-Header:
+Header-To-Delete:
+--- error_code: 200
+--- no_error_log
+[error]
+
+=== TEST 2: 'add' operation in request headers
+We test 2 things:
+1) Add op with a header that does not exist creates it with the given value.
+2) Add op with a header that exists, appends the given value to the existing one.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          { "name": "apicast.policy.apicast" },
+          {
+            "name": "apicast.policy.headers",
+            "configuration":
+              {
+                "request":
+                  [
+                    { "op": "add", "header": "New-Header", "value": "config_value_nh" },
+                    { "op": "add", "header": "Existing-Header", "value": "config_value_eh" }
+                  ]
+              }
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      local expected = "service_token=token-value&service_id=42&usage%5Bhits%5D=2&user_key=value"
+      local args = ngx.var.args
+      if args == expected then
+        ngx.exit(200)
+      else
+        ngx.log(ngx.ERR, expected, ' did not match: ', args)
+        ngx.exit(403)
+      end
+    }
+  }
+--- upstream
+  location / {
+     content_by_lua_block {
+       if ngx.req.get_headers()['New-Header'] ~= 'config_value_nh' then
+         ngx.log(ngx.ERR, "The header 'New-Header' does not have the correct value")
+       elseif ngx.req.get_headers()['Existing-Header'] ~= 'request_value_eh, config_value_eh' then
+         ngx.log(ngx.ERR, "The header 'Existing-Header' does not have the correct value")
+       else
+         ngx.say('yay, api backend');
+       end
+     }
+  }
+--- request
+GET /?user_key=value
+Existing-Header: request_value_eh
+--- response_body
+yay, api backend
+--- response_headers
+New-Header:
+Existing-Header:
+Header-To-Delete:
+--- error_code: 200
+--- no_error_log
+[error]
+
+=== TEST 3: 'set' operation in response headers
+We test 3 things:
+1) Set op with a header that does not exit creates it with the given value.
+2) Set op with a header that exists, clears it and sets the given value.
+3) Set op with an empty value clears the header.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          { "name": "apicast.policy.apicast" },
+          {
+            "name": "apicast.policy.headers",
+            "configuration":
+              {
+                "response":
+                  [
+                    { "op": "set", "header": "New-Header", "value": "config_value_nh" },
+                    { "op": "set", "header": "Existing-Header", "value": "config_value_eh" },
+                    { "op": "set", "header": "Header-To-Delete", "value": "" }
+                  ]
+              }
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      local expected = "service_token=token-value&service_id=42&usage%5Bhits%5D=2&user_key=value"
+      local args = ngx.var.args
+      if args == expected then
+        ngx.exit(200)
+      else
+        ngx.log(ngx.ERR, expected, ' did not match: ', args)
+        ngx.exit(403)
+      end
+    }
+  }
+--- upstream
+  location / {
+     content_by_lua_block {
+       ngx.header['Existing-Header'] = 'upstream_value_eh'
+       ngx.header['Header-To-Delete'] = 'upstream_value_htd'
+       ngx.say('yay, api backend')
+     }
+  }
+--- request
+GET /?user_key=value
+--- response_body
+yay, api backend
+--- response_headers
+New-Header: config_value_nh
+Existing-Header: config_value_eh
+Header-To-Delete:
+--- error_code: 200
+--- no_error_log
+[error]
+
+=== TEST 4: 'add' operation in response headers
+We test 2 things:
+1) Add op with a header that does not exist creates it with the given value.
+2) Add op with a header that exists, appends the given value to the existing one.
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "backend_authentication_type": "service_token",
+      "backend_authentication_value": "token-value",
+      "proxy": {
+        "policy_chain": [
+          { "name": "apicast.policy.apicast" },
+          {
+            "name": "apicast.policy.headers",
+            "configuration":
+              {
+                "response":
+                  [
+                    { "op": "add", "header": "New-Header", "value": "config_value_nh" },
+                    { "op": "add", "header": "Existing-Header", "value": "config_value_eh" }
+                  ]
+              }
+          }
+        ],
+        "api_backend": "http://test:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      local expected = "service_token=token-value&service_id=42&usage%5Bhits%5D=2&user_key=value"
+      local args = ngx.var.args
+      if args == expected then
+        ngx.exit(200)
+      else
+        ngx.log(ngx.ERR, expected, ' did not match: ', args)
+        ngx.exit(403)
+      end
+    }
+  }
+--- upstream
+  location / {
+     content_by_lua_block {
+       ngx.header['Existing-Header'] = 'upstream_value_eh'
+       ngx.say('yay, api backend')
+     }
+  }
+--- request
+GET /?user_key=value
+--- response_body
+yay, api backend
+--- response_headers
+New-Header: config_value_nh
+Existing-Header: upstream_value_eh, config_value_eh
+Header-To-Delete:
+--- error_code: 200
+--- no_error_log
+[error]
