I'm trying to write a mechanism to limit the number of calls to a specific API using Ocelot gateway.
What I would like to do is to use the info stored in Authorization header - bearer token, unpack it and add the ClientId header to request before it is processed by RateLimiting middleware.
I found this solution: Ocelot Rate Limiting, but using it requires to modify the Ocelot pipeline(including the libraries in the app code) which I do not consider to be a good approach from code maintenance perspective.
I cannot find a solution to extend the pipeline configuration without overriding the entire pipeline.
Official Ocelot
The user can set functions against the following.
PreErrorResponderMiddleware - Already explained above.
PreAuthenticationMiddleware - This allows the user to run pre authentication logic and then call Ocelot’s authentication middleware.
AuthenticationMiddleware - This overrides Ocelots authentication middleware.
PreAuthorizationMiddleware - This allows the user to run pre authorization logic and then call Ocelot’s authorization middleware.
AuthorizationMiddleware - This overrides Ocelots authorization middleware.
PreQueryStringBuilderMiddleware - This allows the user to manipulate the query string on the http request before it is passed to Ocelots request creator.
But all of the possible extensions happens after the RateLimiting middleware and it will not be considered.
Is there any other approach to add custom header to request before it enters in the RateLimiting middleware?
Thank you
Related
RequestClients in my ApiGateway are injected (using default MS DI) in HTTP request handlers (in those handlers I have access to current request scope). What I want is to automatically, for each RequestClient, to add custom message header where I could put some data from request scope. Use case is to take JWT from request and add it to message as custom header. Then on consumer side I need, for each received request, check that custom header, verify JWT, and add some data from it to consumed request scope so I could access for example IUserContext or something like that. I want to avoid manually adding jwt to message contract for example.
How I can configure MassTransit on Client and Consumer side to achieve what I want? I already read docs about middleware and pipes and observers but still I can't figure it out...
Using RabbitMQ transport.
So, this is pretty complicated to put into a post, so I created a complete sample that shows how to use MassTransit Scoped Filters.
In this sample, an action filter is registered with the controllers to automatically extract the Token header and store it so that it can be used when publishing or sending messages from a controller. The MassTransit filters are configured on the bus, so they're available to all receive endpoints.
I implemented a grpc server in Golang. This server has multiple endpoints, but for one of the endpoints I want to implement an interceptor that will check the validity of an authentication token before proceeding with the request. I know how to implement an interceptor that will run when a request reaches any of the grpc endpoints, but how can I make so that my interceptor only runs for one specific endpoint?
For those interested, I was able to find the method of the request by inspecting the grpc.UnaryServerInfo param of the interceptor. There is an attribute called FullMethod that gives you the the endpoint of the request.
You can get the method name and compare when you are getting a request through your interceptor. Your custom interceptor will have one component called ServerInfo which will help you to filter from which method you are getting called. Based on that, you can filter out your authentication endpoint
I have an application which uses Apache Camel to build an API. It basically uses blueprint.xml to define routes and processing is done by a bean(please note its not any processor bean. Just a plain Java bean). It uses Jersey client to invoke the backend system Rest API.
My requirement is to get the http headers in the code to be able to send them to our custom logging system.
a) I tried #httpHeaders annotation but this does not inject the headers on my code.
b) Since its not using any BeanProcessor i dont have an Exchange object from where i can get the header values.
Please help with a way to get header values on the code.
Add the request context to your class
#Context
private HttpServletRequest request;
and get the headers in your endpoint using request.getHeader
Returns the value of the specified request header as a String.
I have to write sign on peoplecode to make a service call by passing token (sent from third party) to API and get the responce (if token is valid responce will have username) in json format to create a PS_TOKEN.
I am fresher to peoplecode. How can I run HTTP POST request by passing token and get the response using Peoplecode?
You would create a synchronous service operation in the Integration Broker. The Integration Broker works best if you are sending XML or JSON. If this is just a regular HTTP POST with fields then it can cause some issues with the Integration Broker. I had a similar case and could not get the basic HTTP Post to work but instead ended up using HTTP POST multipart/form-data and was able to get that to work.
Steps I had to do to make this work.
Create a Message (document based or rowset based are both possible)
Create Service Operation and related objects
Create Transform App Engine to convert the Message to a HTTP POST multipart/form-data
Create a routing and modify the connector properties to send the content type of multipart/form-data. Also call the Transform app engine as part of the routing.
The issue with a application/x-www-form-urlencoded POST is that it seems PeopleSoft does another url encoding after the Transform, which is the last time you can touch the output with code. This final url encoding was encoding the = sign in the form post which made the format invalid.
Your other option would be to write this is Java and call the Java class from within PeopleSoft (or mix the Java objects in with PeopleCode). If you choose to go this way then the App Server needs to have connectivity to your authentication server. My only experience with this is I had a client that used this approach and had issues under heavy load. It was never determined the cause of the performance issue, they switched to LDAP instead to resolve the issue.
I am creating an advanced app that uses websocket instead of ajax for dynamic interaction. My WebSocket messages are handled like HTTP Requests, they contain a json-encoded array of path and parameters, which will be converted to a Request. Now the HttpKernel handles this request like every other HTTP request (as sub-request). The only problem is, that the routes for websocket messages are public avaible.
Has anyone an idea how to allow only internal access for a route in this situation?
This answer explains why the firewall configuration can't be used to block routes by name as it uses the RequestMatcher which allows only path regexes and not route names.