feat(forwarder/sniffer): add HTTP request body rewriting, deprecate rewriteBody in favor of rewriteResponseBody
- Add RewriteRequestBody field to HTTPNodeConfig (yaml: rewriteRequestBody) - Add RewriteRequestBody field to HTTPNodeSettings in core chain - Add rewriteReqBody function symmetric to rewriteRespBody in sniffer_rewrite.go - Wire up rewriteReqBody call in httpRoundTrip before body wrapping for recording - Add new RewriteResponseBody config field, deprecate old RewriteBody - Parse both RewriteRequestBody and RewriteResponseBody in node config parsing - Add 10 test cases covering nil, skip, content-type filter, and chained rewrites - Bump core dependency to v0.4.1 - Fix: clone response header map in internal/util/sniffing/sniffer_http.go
This commit is contained in:
@@ -290,6 +290,7 @@ func (h *Sniffer) httpRoundTrip(ctx context.Context, rw, cc io.ReadWriteCloser,
|
||||
|
||||
var responseHeader map[string]string
|
||||
var respBodyRewrites []chain.HTTPBodyRewriteSettings
|
||||
var reqBodyRewrites []chain.HTTPBodyRewriteSettings
|
||||
if httpSettings := node.Options().HTTP; httpSettings != nil {
|
||||
if auther := httpSettings.Auther; auther != nil {
|
||||
username, password, _ := req.BasicAuth()
|
||||
@@ -325,6 +326,14 @@ func (h *Sniffer) httpRoundTrip(ctx context.Context, rw, cc io.ReadWriteCloser,
|
||||
|
||||
responseHeader = httpSettings.ResponseHeader
|
||||
respBodyRewrites = httpSettings.RewriteResponseBody
|
||||
reqBodyRewrites = httpSettings.RewriteRequestBody
|
||||
}
|
||||
|
||||
// Rewrite request body before wrapping for recording,
|
||||
// so the recorder sees the rewritten content.
|
||||
if err = rewriteReqBody(req, reqBodyRewrites...); err != nil {
|
||||
log.Errorf("rewrite request body: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
if bodySize := clampBodySize(h.RecorderOptions); bodySize > 0 && req.Body != nil {
|
||||
|
||||
@@ -90,3 +90,38 @@ func drainBody(b io.ReadCloser) (body []byte, err error) {
|
||||
return buf.Bytes(), nil
|
||||
}
|
||||
|
||||
func rewriteReqBody(req *http.Request, rewrites ...chain.HTTPBodyRewriteSettings) error {
|
||||
if req == nil || len(rewrites) == 0 || req.Body == nil || req.ContentLength <= 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
if encoding := req.Header.Get("Content-Encoding"); encoding != "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
body, err := drainBody(req.Body)
|
||||
if err != nil || body == nil {
|
||||
return err
|
||||
}
|
||||
|
||||
contentType, _, _ := strings.Cut(req.Header.Get("Content-Type"), ";")
|
||||
for _, rewrite := range rewrites {
|
||||
rewriteType := rewrite.Type
|
||||
if rewriteType == "" {
|
||||
rewriteType = "text/html"
|
||||
}
|
||||
if rewriteType != "*" && !strings.Contains(rewriteType, contentType) {
|
||||
continue
|
||||
}
|
||||
|
||||
if rewrite.Pattern != nil {
|
||||
body = rewrite.Pattern.ReplaceAll(body, rewrite.Replacement)
|
||||
}
|
||||
}
|
||||
|
||||
req.Body = io.NopCloser(bytes.NewReader(body))
|
||||
req.ContentLength = int64(len(body))
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -47,6 +47,143 @@ func (m *mockBypass) IsWhitelist() bool { return m.whitelist }
|
||||
// Pure Function Tests
|
||||
// =============================================================================
|
||||
|
||||
func TestRewriteReqBody(t *testing.T) {
|
||||
hello := []byte("hello world")
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
req *http.Request
|
||||
rewrites []chain.HTTPBodyRewriteSettings
|
||||
wantBody string
|
||||
wantCL int64
|
||||
}{
|
||||
{
|
||||
name: "nil request",
|
||||
},
|
||||
{
|
||||
name: "no rewrites",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
},
|
||||
wantBody: "hello world",
|
||||
wantCL: 11,
|
||||
},
|
||||
{
|
||||
name: "nil body skipped",
|
||||
req: &http.Request{
|
||||
Body: nil,
|
||||
ContentLength: 11,
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "",
|
||||
wantCL: 11,
|
||||
},
|
||||
{
|
||||
name: "zero content length skipped",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: 0,
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "hello world",
|
||||
wantCL: 0,
|
||||
},
|
||||
{
|
||||
name: "content-encoding skips rewrite",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
Header: http.Header{"Content-Encoding": {"gzip"}},
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "hello world",
|
||||
wantCL: 11,
|
||||
},
|
||||
{
|
||||
name: "content type does not match default text/html",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
Header: http.Header{"Content-Type": {"text/plain"}},
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "hello world",
|
||||
wantCL: 11,
|
||||
},
|
||||
{
|
||||
name: "content type match replacement",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
Header: http.Header{"Content-Type": {"text/html"}},
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Type: "text/html", Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "hi world",
|
||||
wantCL: 8,
|
||||
},
|
||||
{
|
||||
name: "wildcard type matches everything",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
Header: http.Header{"Content-Type": {"application/json"}},
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Type: "*", Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
},
|
||||
wantBody: "hi world",
|
||||
wantCL: 8,
|
||||
},
|
||||
{
|
||||
name: "multiple rewrites applied in order",
|
||||
req: &http.Request{
|
||||
Body: io.NopCloser(bytes.NewReader(hello)),
|
||||
ContentLength: int64(len(hello)),
|
||||
Header: http.Header{"Content-Type": {"text/html"}},
|
||||
},
|
||||
rewrites: []chain.HTTPBodyRewriteSettings{
|
||||
{Type: "text/html", Pattern: regexp.MustCompile("hello"), Replacement: []byte("hi")},
|
||||
{Type: "text/html", Pattern: regexp.MustCompile("world"), Replacement: []byte("there")},
|
||||
},
|
||||
wantBody: "hi there",
|
||||
wantCL: 8,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.req != nil {
|
||||
_ = rewriteReqBody(tt.req, tt.rewrites...)
|
||||
if tt.req.Body != nil {
|
||||
body, _ := io.ReadAll(tt.req.Body)
|
||||
tt.req.Body.Close()
|
||||
if string(body) != tt.wantBody {
|
||||
t.Errorf("body = %q, want %q", string(body), tt.wantBody)
|
||||
}
|
||||
} else if tt.wantBody != "" {
|
||||
t.Errorf("body = nil, want %q", tt.wantBody)
|
||||
}
|
||||
if tt.req.ContentLength != tt.wantCL {
|
||||
t.Errorf("ContentLength = %d, want %d", tt.req.ContentLength, tt.wantCL)
|
||||
}
|
||||
} else {
|
||||
_ = rewriteReqBody(nil) // should not panic
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestClampBodySize(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
||||
@@ -216,7 +216,7 @@ func (h *Sniffer) httpRoundTrip(ctx context.Context, rw, cc io.ReadWriteCloser,
|
||||
xio.SetReadDeadline(cc, time.Time{})
|
||||
|
||||
ro.HTTP.StatusCode = resp.StatusCode
|
||||
ro.HTTP.Response.Header = resp.Header
|
||||
ro.HTTP.Response.Header = resp.Header.Clone()
|
||||
ro.HTTP.Response.ContentLength = resp.ContentLength
|
||||
|
||||
if log.IsLevelEnabled(logger.TraceLevel) {
|
||||
|
||||
Reference in New Issue
Block a user