Automatically adding custom header to message based on request scope - .net-core

RequestClients in my ApiGateway are injected (using default MS DI) in HTTP request handlers (in those handlers I have access to current request scope). What I want is to automatically, for each RequestClient, to add custom message header where I could put some data from request scope. Use case is to take JWT from request and add it to message as custom header. Then on consumer side I need, for each received request, check that custom header, verify JWT, and add some data from it to consumed request scope so I could access for example IUserContext or something like that. I want to avoid manually adding jwt to message contract for example.
How I can configure MassTransit on Client and Consumer side to achieve what I want? I already read docs about middleware and pipes and observers but still I can't figure it out...
Using RabbitMQ transport.

So, this is pretty complicated to put into a post, so I created a complete sample that shows how to use MassTransit Scoped Filters.
In this sample, an action filter is registered with the controllers to automatically extract the Token header and store it so that it can be used when publishing or sending messages from a controller. The MassTransit filters are configured on the bus, so they're available to all receive endpoints.

Related

Get the entire request being sent to Pact from Provider - C#

I need to add a signature to my request before it is tested. Hence before Pact testing happens on provider side, i need to add a signature which is generated based on the entire request. Is there a way to get the request before Pact Verification happens, so i can generate and add the signature ?
PS: I already added some other headers using CustomHeaders. But i need the request itself to generate the signature. This is for C#

Camel how to bypass request header from entering to http dsl component request?

I'm having a following problem with camel http requests. I would want to preserve a value of url query string parameter without passing it to another http request that needs to be done on the route. The value is needed after the http request to external api to process the data. Below is a clarification of the problem:
rest("/api")//We get requests as /camel/api?param1=xyz...
.get()
.route()
.setHeader(Exchange.HTTP_METHOD, constant("GET"))
.setHeader("Accept-Encoding", constant("gzip"))
.setHeader("Accept", constant("*/*"))
.removeHeader(Exchange.HTTP_URI)//Remove this
//How do I prevent the {header.param1} from being passed to the following http request but still be able to use it after the request on the route?
.to("https://someapi.org/api/...")
//To process the result, we need the original {header.param1} value from the request to this /camel/api endpoint
.endRest();
What is the correct way to achieve this?
If you receive parameters that are only needed in the current route and should not be passed on to any other endpoints, you can also copy them over to Exchange properties and delete the headers.
In contrast to message headers, the Camel Exchange properties are not propagated to routings and they are removed together with the Exchange when the message reaches an end of the current route.
.setProperty("param1", header("param1")) // create property from header
.removeHeader("param1") // remove the header
This is a very explicit and transparent way to do this, but you have to do it everywhere you need it. So it is good for exceptional cases that you want to make explicit.
On the other hand a HeaderFilterStrategy prevents sending specific headers (based on patterns) to the endpoints you configure it. So it is very good for general header rules you want to apply to all endpoints of a specific type (for example to all HTTP endpoints).

Grpc Writing Interceptors for Specific Endpoint

I implemented a grpc server in Golang. This server has multiple endpoints, but for one of the endpoints I want to implement an interceptor that will check the validity of an authentication token before proceeding with the request. I know how to implement an interceptor that will run when a request reaches any of the grpc endpoints, but how can I make so that my interceptor only runs for one specific endpoint?
For those interested, I was able to find the method of the request by inspecting the grpc.UnaryServerInfo param of the interceptor. There is an attribute called FullMethod that gives you the the endpoint of the request.
You can get the method name and compare when you are getting a request through your interceptor. Your custom interceptor will have one component called ServerInfo which will help you to filter from which method you are getting called. Based on that, you can filter out your authentication endpoint

How to get Http header values in Apache Camel- Jersey Rest API

I have an application which uses Apache Camel to build an API. It basically uses blueprint.xml to define routes and processing is done by a bean(please note its not any processor bean. Just a plain Java bean). It uses Jersey client to invoke the backend system Rest API.
My requirement is to get the http headers in the code to be able to send them to our custom logging system.
a) I tried #httpHeaders annotation but this does not inject the headers on my code.
b) Since its not using any BeanProcessor i dont have an Exchange object from where i can get the header values.
Please help with a way to get header values on the code.
Add the request context to your class
#Context
private HttpServletRequest request;
and get the headers in your endpoint using request.getHeader
Returns the value of the specified request header as a String.

Is there a default http request header to identify the user making a request?

In the data model behind my RESTful API there are several entities with the CreatedBy/ModifiedBy fields. The only access to this data is through my API, and as such, the fields should be populated with the user id of the user making the request to my API.
I have considered either adding these fields to the models exposed by my API or expecting a request header containing the user id on all PUT/POST/DELETE requests. I would be interested in any opinions as to which approach is best, or any other approach.
I like the idea of providing it in the header since it is necessary for every request and I am wondering if there is a standard request header to contain the information, or a common x-header.
I have seen the from request header; however, it seems to be defined as the email address of the user making the request and I need to pass the user id.
In our current implementation, we use the authorization header to authenticate the calling application with the API, and not for a specific user.
Which header would you use to pass information to identify the user making a request?
You can extend the Authorization header to add your own parameters. Both the Digest and OAuth authorization schemes support parameters. The Basic scheme already have the user credentials readable. Something like:
Authorization: OAuth realm="Photos",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131200",
oauth_nonce="wIjqoS",
oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready",
oauth_signature="74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D",
xoauth_user_guid="alganet"
Yahoo! does something similar with their OAuth implementation, but in another context.
http://developer.yahoo.com/oauth/guide/oauth-accesstoken.html.
However, if these fields are shown or exposed somehow in your public API, they belong to RESTful resources and should be represented always in the body, not the headers. If you GET the username in the message body, you should POST the username using the message body as well.
Assuming you can use HttpClient
HttpClient client = HttpClientManager.getNewClient();
HttpMethod get = new GetMethod(...);
get.addRequestHeader("x-newHeader", "value");
more here
OR using URLConnection using setRequestParameter

Resources