filters

package
v0.21.86 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 7, 2024 License: Apache-2.0, MIT Imports: 6 Imported by: 73

Documentation

Overview

Package filters contains definitions for skipper filtering and a default, built-in set of filters.

Filters are used to augment both the inbound request's attributes before forwarding it to the route endpoint, and the outbound response's attributes before returning it to the original client.

Filter Specification and Filter Instances

Filter implementations are based on filter specifications that provide a filter name and a 'factory' method to create filter instances. The filter name is used to identify a filter in a route definition. The filter specifications can be used by multiple routes, while the filter instances belong to a single route. Filter instances are created while the route definitions are parsed and initialized, based on the specifications stored in the filter registry. Different filter instances can be created with different parameters.

Filtering and FilterContext

Once a route is identified during request processing, a context object is created that is unique to the request, holding the current request, the response (once it is available), and some further information and state related to the current flow.

Each filter in a route is called twice, once for the request in the order of their position in the route definition, and once for the response in reverse order.

Handling Requests with Filters

Filters can handle the requests themselves, meaning that they can set the response status, headers and send any particular response body. In this case, it is the filter's responsibility to mark the request as served to avoid generating the default response.

If a filter replaces the response body, it is the filter's responsibility to close the original body.

Example
package main

import (
	"github.com/zalando/skipper/filters"
	"github.com/zalando/skipper/filters/builtin"
	"github.com/zalando/skipper/proxy"
	"github.com/zalando/skipper/routing"
	"github.com/zalando/skipper/routing/testdataclient"
	"log"
)

type customSpec struct{ name string }
type customFilter struct{ prefix string }

func (s *customSpec) Name() string {
	return s.name
}

// a specification can be used to create filter instances with different config
func (s *customSpec) CreateFilter(config []interface{}) (filters.Filter, error) {
	if len(config) == 0 {
		return nil, filters.ErrInvalidFilterParameters
	}

	prefix, ok := config[0].(string)
	if !ok {
		return nil, filters.ErrInvalidFilterParameters
	}

	return &customFilter{prefix}, nil
}

// a simple filter logging the request URLs
func (f *customFilter) Request(ctx filters.FilterContext) {
	log.Println(f.prefix, ctx.Request().URL)
}

func (f *customFilter) Response(_ filters.FilterContext) {}

func main() {
	// create registry
	registry := builtin.MakeRegistry()

	// create and register the filter specification
	spec := &customSpec{name: "customFilter"}
	registry.Register(spec)

	// create simple data client, with route entries referencing 'customFilter',
	// and clipping part of the request path:
	dataClient, err := testdataclient.NewDoc(`

		ui: Path("/ui/*page") ->
			customFilter("ui request") ->
			modPath("^/[^/]*", "") ->
			"https://ui.example.org";

		api: Path("/api/*resource") ->
			customFilter("api request") ->
			modPath("^/[^/]*", "") ->
			"https://api.example.org"`)

	if err != nil {
		log.Fatal(err)
	}

	// create routing object:
	rt := routing.New(routing.Options{
		FilterRegistry: registry,
		DataClients:    []routing.DataClient{dataClient}})
	defer rt.Close()

	// create http.Handler:
	p := proxy.New(rt, proxy.OptionsNone)
	defer p.Close()
}
Output:

Index

Examples

Constants

View Source
const (
	// DynamicBackendHostKey is the key used in the state bag to pass host to the proxy.
	DynamicBackendHostKey = "backend:dynamic:host"

	// DynamicBackendSchemeKey is the key used in the state bag to pass scheme to the proxy.
	DynamicBackendSchemeKey = "backend:dynamic:scheme"

	// DynamicBackendURLKey is the key used in the state bag to pass url to the proxy.
	DynamicBackendURLKey = "backend:dynamic:url"

	// BackendIsProxyKey is the key used in the state bag to notify proxy that the backend is also a proxy.
	BackendIsProxyKey = "backend:isproxy"

	// BackendTimeout is the key used in the state bag to configure backend timeout in proxy
	BackendTimeout = "backend:timeout"

	// ReadTimeout is the key used in the state bag to configure read request body timeout in proxy
	ReadTimeout = "read:timeout"

	// WriteTimeout is the key used in the state bag to configure write response body timeout in proxy
	WriteTimeout = "write:timeout"

	// BackendRatelimit is the key used in the state bag to configure backend ratelimit in proxy
	BackendRatelimit = "backend:ratelimit"
)
View Source
const (
	BackendIsProxyName                         = "backendIsProxy"
	CommentName                                = "comment"
	AnnotateName                               = "annotate"
	ModRequestHeaderName                       = "modRequestHeader"
	SetRequestHeaderName                       = "setRequestHeader"
	AppendRequestHeaderName                    = "appendRequestHeader"
	DropRequestHeaderName                      = "dropRequestHeader"
	ModResponseHeaderName                      = "modResponseHeader"
	SetResponseHeaderName                      = "setResponseHeader"
	AppendResponseHeaderName                   = "appendResponseHeader"
	DropResponseHeaderName                     = "dropResponseHeader"
	SetContextRequestHeaderName                = "setContextRequestHeader"
	AppendContextRequestHeaderName             = "appendContextRequestHeader"
	SetContextResponseHeaderName               = "setContextResponseHeader"
	AppendContextResponseHeaderName            = "appendContextResponseHeader"
	CopyRequestHeaderName                      = "copyRequestHeader"
	CopyResponseHeaderName                     = "copyResponseHeader"
	ModPathName                                = "modPath"
	SetPathName                                = "setPath"
	RedirectToName                             = "redirectTo"
	RedirectToLowerName                        = "redirectToLower"
	StaticName                                 = "static"
	StripQueryName                             = "stripQuery"
	PreserveHostName                           = "preserveHost"
	StatusName                                 = "status"
	CompressName                               = "compress"
	DecompressName                             = "decompress"
	SetQueryName                               = "setQuery"
	DropQueryName                              = "dropQuery"
	InlineContentName                          = "inlineContent"
	InlineContentIfStatusName                  = "inlineContentIfStatus"
	FlowIdName                                 = "flowId"
	XforwardName                               = "xforward"
	XforwardFirstName                          = "xforwardFirst"
	RandomContentName                          = "randomContent"
	RepeatContentName                          = "repeatContent"
	RepeatContentHexName                       = "repeatContentHex"
	WrapContentName                            = "wrapContent"
	WrapContentHexName                         = "wrapContentHex"
	BackendTimeoutName                         = "backendTimeout"
	ReadTimeoutName                            = "readTimeout"
	WriteTimeoutName                           = "writeTimeout"
	BlockName                                  = "blockContent"
	BlockHexName                               = "blockContentHex"
	LatencyName                                = "latency"
	BandwidthName                              = "bandwidth"
	ChunksName                                 = "chunks"
	BackendLatencyName                         = "backendLatency"
	BackendBandwidthName                       = "backendBandwidth"
	BackendChunksName                          = "backendChunks"
	TarpitName                                 = "tarpit"
	AbsorbName                                 = "absorb"
	AbsorbSilentName                           = "absorbSilent"
	UniformRequestLatencyName                  = "uniformRequestLatency"
	UniformResponseLatencyName                 = "uniformResponseLatency"
	NormalRequestLatencyName                   = "normalRequestLatency"
	NormalResponseLatencyName                  = "normalResponseLatency"
	HistogramRequestLatencyName                = "histogramRequestLatency"
	HistogramResponseLatencyName               = "histogramResponseLatency"
	LogBodyName                                = "logBody"
	LogHeaderName                              = "logHeader"
	TeeName                                    = "tee"
	TeenfName                                  = "teenf"
	TeeLoopbackName                            = "teeLoopback"
	SedName                                    = "sed"
	SedDelimName                               = "sedDelim"
	SedRequestName                             = "sedRequest"
	SedRequestDelimName                        = "sedRequestDelim"
	BasicAuthName                              = "basicAuth"
	WebhookName                                = "webhook"
	OAuthTokeninfoAnyScopeName                 = "oauthTokeninfoAnyScope"
	OAuthTokeninfoAllScopeName                 = "oauthTokeninfoAllScope"
	OAuthTokeninfoAnyKVName                    = "oauthTokeninfoAnyKV"
	OAuthTokeninfoAllKVName                    = "oauthTokeninfoAllKV"
	OAuthTokenintrospectionAnyClaimsName       = "oauthTokenintrospectionAnyClaims"
	OAuthTokenintrospectionAllClaimsName       = "oauthTokenintrospectionAllClaims"
	OAuthTokenintrospectionAnyKVName           = "oauthTokenintrospectionAnyKV"
	OAuthTokenintrospectionAllKVName           = "oauthTokenintrospectionAllKV"
	SecureOAuthTokenintrospectionAnyClaimsName = "secureOauthTokenintrospectionAnyClaims"
	SecureOAuthTokenintrospectionAllClaimsName = "secureOauthTokenintrospectionAllClaims"
	SecureOAuthTokenintrospectionAnyKVName     = "secureOauthTokenintrospectionAnyKV"
	SecureOAuthTokenintrospectionAllKVName     = "secureOauthTokenintrospectionAllKV"
	ForwardTokenName                           = "forwardToken"
	ForwardTokenFieldName                      = "forwardTokenField"
	OAuthGrantName                             = "oauthGrant"
	GrantCallbackName                          = "grantCallback"
	GrantLogoutName                            = "grantLogout"
	GrantClaimsQueryName                       = "grantClaimsQuery"
	JwtValidationName                          = "jwtValidation"
	JwtMetricsName                             = "jwtMetrics"
	OAuthOidcUserInfoName                      = "oauthOidcUserInfo"
	OAuthOidcAnyClaimsName                     = "oauthOidcAnyClaims"
	OAuthOidcAllClaimsName                     = "oauthOidcAllClaims"
	OidcClaimsQueryName                        = "oidcClaimsQuery"
	DropRequestCookieName                      = "dropRequestCookie"
	DropResponseCookieName                     = "dropResponseCookie"
	RequestCookieName                          = "requestCookie"
	ResponseCookieName                         = "responseCookie"
	JsCookieName                               = "jsCookie"
	ConsecutiveBreakerName                     = "consecutiveBreaker"
	RateBreakerName                            = "rateBreaker"
	DisableBreakerName                         = "disableBreaker"
	AdmissionControlName                       = "admissionControl"
	ClientRatelimitName                        = "clientRatelimit"
	RatelimitName                              = "ratelimit"
	ClusterClientRatelimitName                 = "clusterClientRatelimit"
	ClusterRatelimitName                       = "clusterRatelimit"
	ClusterLeakyBucketRatelimitName            = "clusterLeakyBucketRatelimit"
	BackendRateLimitName                       = "backendRatelimit"
	RatelimitFailClosedName                    = "ratelimitFailClosed"
	LuaName                                    = "lua"
	CorsOriginName                             = "corsOrigin"
	HeaderToQueryName                          = "headerToQuery"
	QueryToHeaderName                          = "queryToHeader"
	DisableAccessLogName                       = "disableAccessLog"
	EnableAccessLogName                        = "enableAccessLog"
	AuditLogName                               = "auditLog"
	UnverifiedAuditLogName                     = "unverifiedAuditLog"
	SetDynamicBackendHostFromHeader            = "setDynamicBackendHostFromHeader"
	SetDynamicBackendSchemeFromHeader          = "setDynamicBackendSchemeFromHeader"
	SetDynamicBackendUrlFromHeader             = "setDynamicBackendUrlFromHeader"
	SetDynamicBackendHost                      = "setDynamicBackendHost"
	SetDynamicBackendScheme                    = "setDynamicBackendScheme"
	SetDynamicBackendUrl                       = "setDynamicBackendUrl"
	ApiUsageMonitoringName                     = "apiUsageMonitoring"
	FifoName                                   = "fifo"
	FifoWithBodyName                           = "fifoWithBody"
	LifoName                                   = "lifo"
	LifoGroupName                              = "lifoGroup"
	RfcPathName                                = "rfcPath"
	RfcHostName                                = "rfcHost"
	BearerInjectorName                         = "bearerinjector"
	SetRequestHeaderFromSecretName             = "setRequestHeaderFromSecret"
	TracingBaggageToTagName                    = "tracingBaggageToTag"
	StateBagToTagName                          = "stateBagToTag"
	TracingTagName                             = "tracingTag"
	TracingTagFromResponseName                 = "tracingTagFromResponse"
	TracingSpanNameName                        = "tracingSpanName"
	OriginMarkerName                           = "originMarker"
	FadeInName                                 = "fadeIn"
	EndpointCreatedName                        = "endpointCreated"
	ConsistentHashKeyName                      = "consistentHashKey"
	ConsistentHashBalanceFactorName            = "consistentHashBalanceFactor"
	OpaAuthorizeRequestName                    = "opaAuthorizeRequest"
	OpaAuthorizeRequestWithBodyName            = "opaAuthorizeRequestWithBody"
	OpaServeResponseName                       = "opaServeResponse"
	OpaServeResponseWithReqBodyName            = "opaServeResponseWithReqBody"
	TLSName                                    = "tlsPassClientCertificates"

	// Undocumented filters
	HealthCheckName        = "healthcheck"
	SetFastCgiFilenameName = "setFastCgiFilename"
	DisableRatelimitName   = "disableRatelimit"
	UnknownRatelimitName   = "unknownRatelimit"
)

All Skipper filter names

Variables

View Source
var ErrInvalidFilterParameters = errors.New("invalid filter parameters")

ErrInvalidFilterParameters is used in case of invalid filter parameters.

Functions

This section is empty.

Types

type Filter

type Filter interface {
	// The Request method is called while processing the incoming request.
	Request(FilterContext)

	// The Response method is called while processing the response to be
	// returned.
	Response(FilterContext)
}

Filters are created by the Spec components, optionally using filter specific settings. When implementing filters, it needs to be taken into consideration, that filter instances are route specific and not request specific, so any state stored with a filter is shared between all requests for the same route and can cause concurrency issues.

type FilterCloser added in v0.16.2

type FilterCloser interface {
	Filter
	io.Closer
}

FilterCloser are Filters that need to cleanup resources after filter termination. For example Filters, that create a goroutine for some reason need to cleanup their goroutine or they would leak goroutines.

type FilterContext

type FilterContext interface {
	// The response writer object belonging to the incoming request. Used by
	// filters that handle the requests themselves.
	// Deprecated: use Response() or Serve()
	ResponseWriter() http.ResponseWriter

	// The incoming request object. It is forwarded to the route endpoint
	// with its properties changed by the filters.
	Request() *http.Request

	// The response object. It is returned to the client with its
	// properties changed by the filters.
	Response() *http.Response

	// The copy (deep) of the original incoming request or nil if the
	// implementation does not provide it.
	//
	// The object received from this method contains an empty body, and all
	// payload related properties have zero value.
	OriginalRequest() *http.Request

	// The copy (deep) of the original incoming response or nil if the
	// implementation does not provide it.
	//
	// The object received from this method contains an empty body, and all
	// payload related properties have zero value.
	OriginalResponse() *http.Response

	// This method is deprecated. A FilterContext implementation should flag this state
	// internally
	Served() bool

	// This method is deprecated. You should call Serve providing the desired response
	MarkServed()

	// Serve a request with the provided response. It can be used by filters that handle the requests
	// themselves. FilterContext implementations should flag this state and prevent the filter chain
	// from continuing
	Serve(*http.Response)

	// Provides the wildcard parameter values from the request path by their
	// name as the key.
	PathParam(string) string

	// Provides a read-write state bag, unique to a request and shared by all
	// the filters in the route.
	StateBag() map[string]interface{}

	// Gives filters access to the backend url specified in the route or an empty
	// value in case it's a shunt, loopback. In case of dynamic backend is empty.
	BackendUrl() string

	// Returns the host that will be set for the outgoing proxy request as the
	// 'Host' header.
	OutgoingHost() string

	// Allows explicitly setting the Host header to be sent to the backend, overriding the
	// strategy used by the implementation, which can be either the Host header from the
	// incoming request or the host fragment of the backend url.
	//
	// Filters that need to modify the outgoing 'Host' header, need to use
	// this method instead of setting the Request().Headers["Host"] value.
	// (The requestHeader filter automatically detects if the header name
	// is 'Host' and calls this method.)
	SetOutgoingHost(string)

	// Allow filters to collect metrics other than the default metrics (Filter Request, Filter Response methods)
	Metrics() Metrics

	// Allow filters to add Tags, Baggage to the trace or set the ComponentName.
	//
	// Deprecated: OpenTracing is deprecated, see https://github.com/zalando/skipper/issues/2104.
	// Use opentracing.SpanFromContext(ctx.Request().Context()).Tracer() to get the Tracer.
	Tracer() opentracing.Tracer

	// Allow filters to create their own spans
	//
	// Deprecated: OpenTracing is deprecated, see https://github.com/zalando/skipper/issues/2104.
	// Filter spans should be children of the request span,
	// use opentracing.SpanFromContext(ctx.Request().Context()) to get it.
	ParentSpan() opentracing.Span

	// Returns a clone of the FilterContext including a brand new request object.
	// The stream body of the new request is shared with the original.
	// Whenever the request body of the original request is read, the body of the
	// new request body is written.
	// The StateBag and filterMetrics object are not preserved in the new context.
	// Therefore, you can't access state bag values set in the previous context.
	Split() (FilterContext, error)

	// Performs a new route lookup and executes the matched route if any
	Loopback()

	Logger() FilterContextLogger
}

FilterContext object providing state and information that is unique to a request.

type FilterContextLogger added in v0.16.15

type FilterContextLogger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warnf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
}

FilterContextLogger is the logger which logs messages with additional context information.

type Metrics added in v0.9.119

type Metrics interface {
	// MeasureSince adds values to a timer with a custom key.
	MeasureSince(key string, start time.Time)

	// IncCounter increments a custom counter identified by its key.
	IncCounter(key string)

	// IncCounterBy increments a custom counter identified by its key by a certain value.
	IncCounterBy(key string, value int64)

	// IncFloatCounterBy increments a custom counter identified by its key by a certain
	// float (decimal) value. IMPORTANT: Not all Metrics implementation support float
	// counters. In that case, a call to IncFloatCounterBy is dropped.
	IncFloatCounterBy(key string, value float64)
}

Metrics provides possibility to use custom metrics from filter implementations. The custom metrics will be exposed by the common metrics endpoint exposed by the proxy, where they can be accessed by the custom key prefixed by the filter name and the string 'custom'. E.g: <filtername>.custom.<customkey>.

type Registry

type Registry map[string]Spec

Registry used to lookup Spec objects while initializing routes.

func (Registry) Register

func (r Registry) Register(s Spec)

Registers a filter specification.

type Spec

type Spec interface {
	// Name gives the name of the Spec. It is used to identify filters in a route definition.
	Name() string

	// CreateFilter creates a Filter instance. Called with the parameters in the route
	// definition while initializing a route.
	CreateFilter(config []interface{}) (Filter, error)
}

Spec objects are specifications for filters. When initializing the routes, the Filter instances are created using the Spec objects found in the registry.

Directories

Path Synopsis
Package accesslog provides request filters that give the ability to override AccessLogDisabled setting.
Package accesslog provides request filters that give the ability to override AccessLogDisabled setting.
Package apiusagemonitoring provides filters gathering metrics around API calls
Package apiusagemonitoring provides filters gathering metrics around API calls
Package auth provides authentication related filters.
Package auth provides authentication related filters.
Package builtin provides a small, generic set of filters.
Package builtin provides a small, generic set of filters.
Package circuit provides filters to control the circuit breaker settings on the route level.
Package circuit provides filters to control the circuit breaker settings on the route level.
Package cookie implements filters to append to requests or responses.
Package cookie implements filters to append to requests or responses.
Package cors implements the origin header for CORS.
Package cors implements the origin header for CORS.
Package diag provides a set of network throttling filters for diagnostic purpose.
Package diag provides a set of network throttling filters for diagnostic purpose.
Package filtertest implements mock versions of the Filter, Spec and FilterContext interfaces used during tests.
Package filtertest implements mock versions of the Filter, Spec and FilterContext interfaces used during tests.
Package flowid implements a filter used for identifying incoming requests through their complete lifecycle for logging and monitoring or else.
Package flowid implements a filter used for identifying incoming requests through their complete lifecycle for logging and monitoring or else.
Package log provides a request logging filter, usable also for audit logging.
Package log provides a request logging filter, usable also for audit logging.
Package ratelimit provides filters to control the rate limiter settings on the route level.
Package ratelimit provides filters to control the rate limiter settings on the route level.
Package scheduler implements filter logic that changes the http request scheduling behavior of the proxy.
Package scheduler implements filter logic that changes the http request scheduling behavior of the proxy.
Package sed provides stream editor filters for request and response payload.
Package sed provides stream editor filters for request and response payload.
Package serve provides a wrapper of net/http.Handler to be used as a filter.
Package serve provides a wrapper of net/http.Handler to be used as a filter.
Package tee provides a unix-like tee feature for routing.
Package tee provides a unix-like tee feature for routing.
Package tracing provides filters to instrument distributed tracing.
Package tracing provides filters to instrument distributed tracing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL