jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-04 18:37:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add plugins (#27)

Browse Source
This commit is contained in:
澄潭
2022-11-04 17:46:43 +08:00
committed by GitHub
parent 5ac966495c
commit 1a0ed73cd5
92 changed files with 35435 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
plugins/wasm-cpp/extensions/request_block/BUILD Normal file
View File

@@ -0,0 +1,55 @@
load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary")
load("//bazel:wasm.bzl", "declare_wasm_image_targets")
wasm_cc_binary(
name = "request_block.wasm",
srcs = [
"plugin.cc",
"plugin.h",
],
deps = [
"@com_google_absl//absl/strings",
"@com_google_absl//absl/time",
"//common:json_util",
"@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics",
"//common:http_util",
"//common:rule_util",
],
)
cc_library(
name = "request_block_lib",
srcs = [
"plugin.cc",
],
hdrs = [
"plugin.h",
],
copts = ["-DNULL_PLUGIN"],
deps = [
"@com_google_absl//absl/strings",
"//common:json_util",
"@proxy_wasm_cpp_host//:lib",
"//common:http_util",
"//common:rule_util",
],
)
cc_test(
name = "request_block_test",
srcs = [
"plugin_test.cc",
],
copts = ["-DNULL_PLUGIN"],
deps = [
":request_block_lib",
"@com_google_googletest//:gtest",
"@com_google_googletest//:gtest_main",
"@proxy_wasm_cpp_host//:lib",
],
)
declare_wasm_image_targets(
name = "request_block",
wasm_file = ":request_block.wasm",
)

266
plugins/wasm-cpp/extensions/request_block/plugin.cc Normal file
View File

@@ -0,0 +1,266 @@
// Copyright (c) 2022 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "extensions/request_block/plugin.h"
#include <array>
#include "absl/strings/str_cat.h"
#include "absl/strings/str_join.h"
#include "absl/strings/str_split.h"
#include "common/json_util.h"
using ::nlohmann::json;
using ::Wasm::Common::JsonArrayIterate;
using ::Wasm::Common::JsonGetField;
using ::Wasm::Common::JsonObjectIterate;
using ::Wasm::Common::JsonValueAs;
#ifdef NULL_PLUGIN
namespace proxy_wasm {
namespace null_plugin {
namespace request_block {
PROXY_WASM_NULL_PLUGIN_REGISTRY
#endif
static RegisterContextFactory register_RequestBlock(
CONTEXT_FACTORY(PluginContext), ROOT_FACTORY(PluginRootContext));
static constexpr size_t MAX_BODY_SIZE = 32 * 1024 * 1024;
bool PluginRootContext::parsePluginConfig(const json& configuration,
RequestBlockConfigRule& rule) {
auto it = configuration.find("blocked_code");
if (it != configuration.end()) {
auto blocked_code = JsonValueAs<int64_t>(it.value());
if (blocked_code.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse status code");
return false;
}
rule.blocked_code = blocked_code.first.value();
}
it = configuration.find("blocked_message");
if (it != configuration.end()) {
auto blocked_message = JsonValueAs<std::string>(it.value());
if (blocked_message.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse blocked_message");
return false;
}
rule.blocked_message = blocked_message.first.value();
}
it = configuration.find("case_sensitive");
if (it != configuration.end()) {
auto case_sensitive = JsonValueAs<bool>(it.value());
if (case_sensitive.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse case_sensitive");
return false;
}
rule.case_sensitive = case_sensitive.first.value();
}
if (!JsonArrayIterate(
configuration, "block_urls", [&](const json& item) -> bool {
auto url = JsonValueAs<std::string>(item);
if (url.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse block_urls");
return false;
}
if (rule.case_sensitive) {
rule.block_urls.push_back(std::move(url.first.value()));
} else {
rule.block_urls.push_back(
absl::AsciiStrToLower(url.first.value()));
}
return true;
})) {
LOG_WARN("failed to parse configuration for block_urls.");
return false;
}
if (!JsonArrayIterate(
configuration, "block_headers", [&](const json& item) -> bool {
auto header = JsonValueAs<std::string>(item);
if (header.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse block_headers");
return false;
}
if (rule.case_sensitive) {
rule.block_headers.push_back(std::move(header.first.value()));
} else {
rule.block_headers.push_back(
absl::AsciiStrToLower(header.first.value()));
}
return true;
})) {
LOG_WARN("failed to parse configuration for block_headers.");
return false;
}
if (!JsonArrayIterate(
configuration, "block_bodys", [&](const json& item) -> bool {
auto body = JsonValueAs<std::string>(item);
if (body.second != Wasm::Common::JsonParserResultDetail::OK) {
LOG_WARN("cannot parse block_bodys");
return false;
}
if (rule.case_sensitive) {
rule.block_bodys.push_back(std::move(body.first.value()));
} else {
rule.block_bodys.push_back(
absl::AsciiStrToLower(body.first.value()));
}
return true;
})) {
LOG_WARN("failed to parse configuration for block_bodys.");
return false;
}
if (rule.block_bodys.empty() && rule.block_headers.empty() &&
rule.block_urls.empty()) {
LOG_WARN("there is no block rules");
return false;
}
return true;
}
bool PluginRootContext::onConfigure(size_t size) {
// Parse configuration JSON string.
if (size > 0 && !configure(size)) {
LOG_WARN("configuration has errors initialization will not continue.");
setInvalidConfig();
return true;
}
return true;
}
bool PluginRootContext::configure(size_t configuration_size) {
auto configuration_data = getBufferBytes(WasmBufferType::PluginConfiguration,
0, configuration_size);
// Parse configuration JSON string.
auto result = ::Wasm::Common::JsonParse(configuration_data->view());
if (!result.has_value()) {
LOG_WARN(absl::StrCat("cannot parse plugin configuration JSON string: ",
configuration_data->view()));
return false;
}
if (!parseRuleConfig(result.value())) {
LOG_WARN(absl::StrCat("cannot parse plugin configuration JSON string: ",
configuration_data->view()));
return false;
}
return true;
}
bool PluginRootContext::checkHeader(const RequestBlockConfigRule& rule,
bool& check_body) {
if (!rule.block_urls.empty()) {
std::string urlstr;
std::string_view url;
GET_HEADER_VIEW(":path", request_url);
if (rule.case_sensitive) {
url = request_url;
} else {
urlstr = absl::AsciiStrToLower(request_url);
url = urlstr;
}
for (const auto& block_url : rule.block_urls) {
if (absl::StrContains(url, block_url)) {
sendLocalResponse(rule.blocked_code, "", rule.blocked_message, {});
return false;
}
}
}
if (!rule.block_headers.empty()) {
auto headersPtr = getRequestHeaderPairs();
std::string headerstr;
std::string_view headers;
if (rule.case_sensitive) {
headers = headersPtr->view();
} else {
headerstr = absl::AsciiStrToLower(headersPtr->view());
headers = headerstr;
}
for (const auto& block_header : rule.block_headers) {
if (absl::StrContains(headers, block_header)) {
sendLocalResponse(rule.blocked_code, "", rule.blocked_message, {});
return false;
}
}
}
if (!rule.block_bodys.empty()) {
check_body = true;
}
return true;
}
bool PluginRootContext::checkBody(const RequestBlockConfigRule& rule,
std::string_view request_body) {
std::string bodystr;
std::string_view body;
if (rule.case_sensitive) {
body = request_body;
} else {
bodystr = absl::AsciiStrToLower(request_body);
body = bodystr;
}
for (const auto& block_body : rule.block_bodys) {
if (absl::StrContains(body, block_body)) {
sendLocalResponse(rule.blocked_code, "", rule.blocked_message, {});
return false;
}
}
return true;
}
FilterHeadersStatus PluginContext::onRequestHeaders(uint32_t, bool) {
auto* rootCtx = rootContext();
auto config = rootCtx->getMatchConfig();
config_ = config.second;
if (!config_) {
return FilterHeadersStatus::Continue;
}
return rootCtx->checkHeader(config_.value(), check_body_)
? FilterHeadersStatus::Continue
: FilterHeadersStatus::StopIteration;
}
FilterDataStatus PluginContext::onRequestBody(size_t body_size,
bool end_stream) {
if (!config_) {
return FilterDataStatus::Continue;
}
if (!check_body_) {
return FilterDataStatus::Continue;
}
body_total_size_ += body_size;
if (body_total_size_ > MAX_BODY_SIZE) {
LOG_DEBUG("body_size is too large");
return FilterDataStatus::Continue;
}
if (!end_stream) {
return FilterDataStatus::StopIterationAndBuffer;
}
auto body =
getBufferBytes(WasmBufferType::HttpRequestBody, 0, body_total_size_);
auto* rootCtx = rootContext();
return rootCtx->checkBody(config_.value(), body->view())
? FilterDataStatus::Continue
: FilterDataStatus::StopIterationNoBuffer;
}
#ifdef NULL_PLUGIN
} // namespace request_block
} // namespace null_plugin
} // namespace proxy_wasm
#endif

92
plugins/wasm-cpp/extensions/request_block/plugin.h Normal file
View File

@@ -0,0 +1,92 @@
/*
* Copyright (c) 2022 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <assert.h>
#include <functional>
#include <optional>
#include <string>
#include <unordered_map>
#include "common/http_util.h"
#include "common/route_rule_matcher.h"
#define ASSERT(_X) assert(_X)
#ifndef NULL_PLUGIN
#include "proxy_wasm_intrinsics.h"
#else
#include "include/proxy-wasm/null_plugin.h"
namespace proxy_wasm {
namespace null_plugin {
namespace request_block {
#endif
struct RequestBlockConfigRule {
int blocked_code = 403;
std::string blocked_message;
bool case_sensitive = true;
std::vector<std::string> block_urls;
std::vector<std::string> block_headers;
std::vector<std::string> block_bodys;
};
// PluginRootContext is the root context for all streams processed by the
// thread. It has the same lifetime as the worker thread and acts as target for
// interactions that outlives individual stream, e.g. timer, async calls.
class PluginRootContext : public RootContext,
public RouteRuleMatcher<RequestBlockConfigRule> {
public:
PluginRootContext(uint32_t id, std::string_view root_id)
: RootContext(id, root_id) {}
~PluginRootContext() {}
bool onConfigure(size_t) override;
bool checkHeader(const RequestBlockConfigRule&, bool&);
bool checkBody(const RequestBlockConfigRule&, std::string_view);
bool configure(size_t);
private:
bool parsePluginConfig(const json&, RequestBlockConfigRule&) override;
};
// Per-stream context.
class PluginContext : public Context {
public:
explicit PluginContext(uint32_t id, RootContext* root) : Context(id, root) {}
FilterHeadersStatus onRequestHeaders(uint32_t, bool) override;
FilterDataStatus onRequestBody(size_t, bool) override;
private:
inline PluginRootContext* rootContext() {
return dynamic_cast<PluginRootContext*>(this->root());
}
size_t body_total_size_ = 0;
bool check_body_ = false;
std::optional<std::reference_wrapper<RequestBlockConfigRule>> config_;
};
#ifdef NULL_PLUGIN
} // namespace request_block
} // namespace null_plugin
} // namespace proxy_wasm
#endif

237
plugins/wasm-cpp/extensions/request_block/plugin_test.cc Normal file
View File

@@ -0,0 +1,237 @@
// Copyright (c) 2022 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "extensions/request_block/plugin.h"
#include "gmock/gmock.h"
#include "gtest/gtest.h"
#include "include/proxy-wasm/context.h"
#include "include/proxy-wasm/null.h"
namespace proxy_wasm {
namespace null_plugin {
namespace request_block {
NullPluginRegistry* context_registry_;
RegisterNullVmPluginFactory register_request_block_plugin(
"request_block", []() {
return std::make_unique<NullPlugin>(request_block::context_registry_);
});
class MockContext : public proxy_wasm::ContextBase {
public:
MockContext(WasmBase* wasm) : ContextBase(wasm) {}
MOCK_METHOD(BufferInterface*, getBuffer, (WasmBufferType));
MOCK_METHOD(WasmResult, log, (uint32_t, std::string_view));
MOCK_METHOD(WasmResult, getHeaderMapValue,
(WasmHeaderMapType /* type */, std::string_view /* key */,
std::string_view* /*result */));
MOCK_METHOD(WasmResult, getHeaderMapPairs, (WasmHeaderMapType, Pairs*));
MOCK_METHOD(WasmResult, sendLocalResponse,
(uint32_t /* response_code */, std::string_view /* body */,
Pairs /* additional_headers */, uint32_t /* grpc_status */,
std::string_view /* details */));
MOCK_METHOD(WasmResult, getProperty, (std::string_view, std::string*));
};
class RequestBlockTest : public ::testing::Test {
protected:
RequestBlockTest() {
// Initialize test VM
test_vm_ = createNullVm();
wasm_base_ = std::make_unique<WasmBase>(
std::move(test_vm_), "test-vm", "", "",
std::unordered_map<std::string, std::string>{},
AllowedCapabilitiesMap{});
wasm_base_->load("request_block");
wasm_base_->initialize();
// Initialize host side context
mock_context_ = std::make_unique<MockContext>(wasm_base_.get());
current_context_ = mock_context_.get();
ON_CALL(*mock_context_, log(testing::_, testing::_))
.WillByDefault([](uint32_t, std::string_view m) {
std::cerr << m << "\n";
return WasmResult::Ok;
});
ON_CALL(*mock_context_, getHeaderMapValue(WasmHeaderMapType::RequestHeaders,
testing::_, testing::_))
.WillByDefault([&](WasmHeaderMapType, std::string_view header,
std::string_view* result) {
if (header == ":authority") {
*result = authority_;
}
if (header == ":path") {
*result = path_;
}
return WasmResult::Ok;
});
ON_CALL(*mock_context_, getProperty(testing::_, testing::_))
.WillByDefault([&](std::string_view path, std::string* result) {
*result = route_name_;
return WasmResult::Ok;
});
ON_CALL(*mock_context_,
getHeaderMapPairs(WasmHeaderMapType::RequestHeaders, testing::_))
.WillByDefault([&](WasmHeaderMapType, Pairs* result) {
*result = headers_;
return WasmResult::Ok;
});
ON_CALL(*mock_context_, getBuffer(testing::_))
.WillByDefault([&](WasmBufferType type) {
if (type == WasmBufferType::HttpRequestBody) {
return &body_;
}
return &config_;
});
// Initialize Wasm sandbox context
root_context_ = std::make_unique<PluginRootContext>(0, "");
context_ = std::make_unique<PluginContext>(1, root_context_.get());
}
~RequestBlockTest() override {}
std::unique_ptr<WasmBase> wasm_base_;
std::unique_ptr<WasmVm> test_vm_;
std::unique_ptr<MockContext> mock_context_;
std::unique_ptr<PluginRootContext> root_context_;
std::unique_ptr<PluginContext> context_;
std::string authority_;
std::string route_name_;
std::string path_;
Pairs headers_;
BufferBase body_;
BufferBase config_;
};
TEST_F(RequestBlockTest, CaseSensitive) {
std::string configuration = R"(
{
"block_urls": ["?foo=bar", "swagger.html"],
"block_headers": ["headerKey", "headerValue"],
"block_bodys": ["Hello World"]
})";
config_.set({configuration.data(), configuration.size()});
EXPECT_TRUE(root_context_->configure(configuration.size()));
path_ = "/?foo=BAR";
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
path_ = "/?foo=bar";
EXPECT_CALL(*mock_context_, sendLocalResponse(403, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
path_ = "/swagger.html?foo=BAR";
EXPECT_CALL(*mock_context_, sendLocalResponse(403, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
path_ = "";
headers_ = {{"headerKey", "123"}};
EXPECT_CALL(*mock_context_, sendLocalResponse(403, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
headers_ = {{"abc", "headerValue"}};
EXPECT_CALL(*mock_context_, sendLocalResponse(403, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
headers_ = {{"abc", "123"}};
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
body_.set("Hello World");
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
EXPECT_CALL(*mock_context_, sendLocalResponse(403, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestBody(11, true),
FilterDataStatus::StopIterationNoBuffer);
body_.set("hello world");
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
EXPECT_EQ(context_->onRequestBody(11, true), FilterDataStatus::Continue);
}
TEST_F(RequestBlockTest, CaseInsensitive) {
std::string configuration = R"(
{
"case_sensitive": false,
"blocked_code": 404,
"block_urls": ["?foo=bar", "swagger.html"],
"block_headers": ["headerKey", "headerValue"],
"block_bodys": ["Hello World"]
})";
config_.set({configuration.data(), configuration.size()});
EXPECT_TRUE(root_context_->configure(configuration.size()));
path_ = "/?foo=BAR";
EXPECT_CALL(*mock_context_, sendLocalResponse(404, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
path_ = "/swagger.html?foo=bar";
EXPECT_CALL(*mock_context_, sendLocalResponse(404, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
path_ = "";
headers_ = {{"headerkey", "123"}};
EXPECT_CALL(*mock_context_, sendLocalResponse(404, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
headers_ = {{"abc", "headervalue"}};
EXPECT_CALL(*mock_context_, sendLocalResponse(404, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::StopIteration);
headers_ = {{"abc", "123"}};
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
body_.set("hello world");
EXPECT_EQ(context_->onRequestHeaders(0, false),
FilterHeadersStatus::Continue);
EXPECT_CALL(*mock_context_, sendLocalResponse(404, testing::_, testing::_,
testing::_, testing::_));
EXPECT_EQ(context_->onRequestBody(11, true),
FilterDataStatus::StopIterationNoBuffer);
}
} // namespace request_block
} // namespace null_plugin
} // namespace proxy_wasm