diff --git a/istio/istio b/istio/istio index ce6a5d593..1dbd77359 160000 --- a/istio/istio +++ b/istio/istio @@ -1 +1 @@ -Subproject commit ce6a5d59348fca11729cfcd6aa016aba9f8cd784 +Subproject commit 1dbd77359624ab4af2953a4840927fbd7ea1d668 diff --git a/plugins/wasm-cpp/WORKSPACE b/plugins/wasm-cpp/WORKSPACE index ed78d0df0..fe0a7223c 100644 --- a/plugins/wasm-cpp/WORKSPACE +++ b/plugins/wasm-cpp/WORKSPACE @@ -27,13 +27,17 @@ http_archive( url = "https://github.com/higress-group/proxy-wasm-cpp-sdk/archive/" + PROXY_WASM_CPP_SDK_SHA + ".tar.gz", ) -load("@proxy_wasm_cpp_sdk//bazel/dep:deps.bzl", "wasm_dependencies") +load("@proxy_wasm_cpp_sdk//bazel:repositories.bzl", "proxy_wasm_cpp_sdk_repositories") -wasm_dependencies() +proxy_wasm_cpp_sdk_repositories() -load("@proxy_wasm_cpp_sdk//bazel/dep:deps_extra.bzl", "wasm_dependencies_extra") +load("@proxy_wasm_cpp_sdk//bazel:dependencies.bzl", "proxy_wasm_cpp_sdk_dependencies") -wasm_dependencies_extra() +proxy_wasm_cpp_sdk_dependencies() + +load("@proxy_wasm_cpp_sdk//bazel:dependencies_extra.bzl", "proxy_wasm_cpp_sdk_dependencies_extra") + +proxy_wasm_cpp_sdk_dependencies_extra() load("@istio_ecosystem_wasm_extensions//bazel:wasm.bzl", "wasm_libraries") diff --git a/plugins/wasm-cpp/bazel/absl.patch b/plugins/wasm-cpp/bazel/absl.patch index 68c66d37d..be952f8e3 100644 --- a/plugins/wasm-cpp/bazel/absl.patch +++ b/plugins/wasm-cpp/bazel/absl.patch @@ -2,16 +2,16 @@ diff --git a/absl/time/internal/cctz/src/time_zone_format.cc b/absl/time/interna index d8cb047..0c5f182 100644 --- a/absl/time/internal/cctz/src/time_zone_format.cc +++ b/absl/time/internal/cctz/src/time_zone_format.cc -@@ -18,6 +18,8 @@ - #endif - #endif +@@ -12,6 +12,8 @@ + // See the License for the specific language governing permissions and + // limitations under the License. +#define HAS_STRPTIME 0 + - #if defined(HAS_STRPTIME) && HAS_STRPTIME - #if !defined(_XOPEN_SOURCE) - #define _XOPEN_SOURCE // Definedness suffices for strptime. -@@ -58,7 +60,7 @@ namespace { + #if !defined(HAS_STRPTIME) + #if !defined(_MSC_VER) && !defined(__MINGW32__) + #define HAS_STRPTIME 1 // assume everyone has strptime() except windows +@@ -58,7 +60,7 @@ #if !HAS_STRPTIME // Build a strptime() using C++11's std::get_time(). @@ -20,7 +20,7 @@ index d8cb047..0c5f182 100644 std::istringstream input(s); input >> std::get_time(tm, fmt); if (input.fail()) return nullptr; -@@ -648,7 +650,7 @@ const char* ParseSubSeconds(const char* dp, detail::femtoseconds* subseconds) { +@@ -648,7 +650,7 @@ // Parses a string into a std::tm using strptime(3). const char* ParseTM(const char* dp, const char* fmt, std::tm* tm) { if (dp != nullptr) { diff --git a/plugins/wasm-cpp/bazel/wasm.bzl b/plugins/wasm-cpp/bazel/wasm.bzl index 1f061fbc6..b0e597393 100644 --- a/plugins/wasm-cpp/bazel/wasm.bzl +++ b/plugins/wasm-cpp/bazel/wasm.bzl @@ -9,9 +9,9 @@ load( def wasm_libraries(): http_archive( name = "com_google_absl", - sha256 = "ec8ef47335310cc3382bdc0d0cc1097a001e67dc83fcba807845aa5696e7e1e4", - strip_prefix = "abseil-cpp-302b250e1d917ede77b5ff00a6fd9f28430f1563", - url = "https://github.com/abseil/abseil-cpp/archive/302b250e1d917ede77b5ff00a6fd9f28430f1563.tar.gz", + sha256 = "3a0bb3d2e6f53352526a8d1a7e7b5749c68cd07f2401766a404fb00d2853fa49", + strip_prefix = "abseil-cpp-4bbdb026899fea9f882a95cbd7d6a4adaf49b2dd", + url = "https://github.com/abseil/abseil-cpp/archive/4bbdb026899fea9f882a95cbd7d6a4adaf49b2dd.tar.gz", patch_args = ["-p1"], patches = ["//bazel:absl.patch"], ) @@ -33,8 +33,8 @@ def wasm_libraries(): urls = ["https://github.com/google/googletest/archive/release-1.10.0.tar.gz"], ) - PROXY_WASM_CPP_HOST_SHA = "7850d1721fe3dd2ccfb86a06116f76c23b1f1bf8" - PROXY_WASM_CPP_HOST_SHA256 = "740690fc1d749849f6e24b5bc48a07dabc0565a7d03b6cd13425dba693956c57" + PROXY_WASM_CPP_HOST_SHA = "ecf42a27fcf78f42e64037d4eff1a0ca5a61e403" + PROXY_WASM_CPP_HOST_SHA256 = "9748156731e9521837686923321bf12725c32c9fa8355218209831cc3ee87080" http_archive( name = "proxy_wasm_cpp_host", diff --git a/plugins/wasm-cpp/common/http_util.cc b/plugins/wasm-cpp/common/http_util.cc index 320ed916c..0d671ac61 100644 --- a/plugins/wasm-cpp/common/http_util.cc +++ b/plugins/wasm-cpp/common/http_util.cc @@ -19,7 +19,6 @@ #include "absl/strings/str_cat.h" #include "absl/strings/str_format.h" #include "absl/strings/str_split.h" - #include "common/common_util.h" namespace Wasm::Common::Http { @@ -190,7 +189,8 @@ std::vector getAllOfHeader(std::string_view key) { std::vector result; auto headers = getRequestHeaderPairs()->pairs(); for (auto& header : headers) { - if (absl::EqualsIgnoreCase(Wasm::Common::stdToAbsl(header.first), Wasm::Common::stdToAbsl(key))) { + if (absl::EqualsIgnoreCase(Wasm::Common::stdToAbsl(header.first), + Wasm::Common::stdToAbsl(key))) { result.push_back(std::string(header.second)); } } @@ -225,7 +225,8 @@ void forEachCookie( v = v.substr(1, v.size() - 2); } - if (!cookie_consumer(Wasm::Common::abslToStd(k), Wasm::Common::abslToStd(v))) { + if (!cookie_consumer(Wasm::Common::abslToStd(k), + Wasm::Common::abslToStd(v))) { return; } } @@ -265,7 +266,63 @@ std::string buildOriginalUri(std::optional max_path_length) { auto scheme = scheme_ptr->view(); auto host_ptr = getRequestHeader(Header::Host); auto host = host_ptr->view(); - return absl::StrCat(Wasm::Common::stdToAbsl(scheme), "://", Wasm::Common::stdToAbsl(host), Wasm::Common::stdToAbsl(final_path)); + return absl::StrCat(Wasm::Common::stdToAbsl(scheme), "://", + Wasm::Common::stdToAbsl(host), + Wasm::Common::stdToAbsl(final_path)); +} + +void extractHostPathFromUri(const absl::string_view& uri, + absl::string_view& host, absl::string_view& path) { + /** + * URI RFC: https://www.ietf.org/rfc/rfc2396.txt + * + * Example: + * uri = "https://example.com:8443/certs" + * pos: ^ + * host_pos: ^ + * path_pos: ^ + * host = "example.com:8443" + * path = "/certs" + */ + const auto pos = uri.find("://"); + // Start position of the host + const auto host_pos = (pos == std::string::npos) ? 0 : pos + 3; + // Start position of the path + const auto path_pos = uri.find('/', host_pos); + if (path_pos == std::string::npos) { + // If uri doesn't have "/", the whole string is treated as host. + host = uri.substr(host_pos); + path = "/"; + } else { + host = uri.substr(host_pos, path_pos - host_pos); + path = uri.substr(path_pos); + } +} + +void extractPathWithoutArgsFromUri(const std::string_view& uri, + std::string_view& path_without_args) { + auto params_pos = uri.find('?'); + size_t uri_end; + if (params_pos == std::string::npos) { + uri_end = uri.size(); + } else { + uri_end = params_pos; + } + path_without_args = uri.substr(0, uri_end); +} + +bool hasRequestBody() { + auto contentType = getRequestHeader("content-type")->toString(); + auto contentLengthStr = getRequestHeader("content-length")->toString(); + auto transferEncoding = getRequestHeader("transfer-encoding")->toString(); + + if (!contentType.empty()) { + return true; + } + if (!contentLengthStr.empty()) { + return true; + } + return transferEncoding.find("chunked") != std::string::npos; } } // namespace Wasm::Common::Http diff --git a/plugins/wasm-cpp/common/http_util.h b/plugins/wasm-cpp/common/http_util.h index fcc01f6ff..da8877f03 100644 --- a/plugins/wasm-cpp/common/http_util.h +++ b/plugins/wasm-cpp/common/http_util.h @@ -42,6 +42,12 @@ namespace Wasm::Common::Http { using QueryParams = std::map; using SystemTime = std::chrono::time_point; +namespace Status { +constexpr int OK = 200; +constexpr int InternalServerError = 500; +constexpr int Unauthorized = 401; +} // namespace Status + namespace Header { constexpr std::string_view Scheme(":scheme"); constexpr std::string_view Method(":method"); @@ -52,14 +58,17 @@ constexpr std::string_view Accept("accept"); constexpr std::string_view ContentMD5("content-md5"); constexpr std::string_view ContentType("content-type"); constexpr std::string_view ContentLength("content-length"); +constexpr std::string_view TransferEncoding("transfer-encoding"); constexpr std::string_view UserAgent("user-agent"); constexpr std::string_view Date("date"); constexpr std::string_view Cookie("cookie"); +constexpr std::string_view StrictTransportSecurity("strict-transport-security"); } // namespace Header namespace ContentTypeValues { constexpr std::string_view Grpc{"application/grpc"}; -} +constexpr std::string_view Json{"application/json"}; +} // namespace ContentTypeValues class PercentEncoding { public: @@ -142,4 +151,10 @@ std::unordered_map parseCookies( std::string buildOriginalUri(std::optional max_path_length); +void extractHostPathFromUri(const absl::string_view& uri, + absl::string_view& host, absl::string_view& path); + +void extractPathWithoutArgsFromUri(const std::string_view& uri, + std::string_view& path_without_args); +bool hasRequestBody(); } // namespace Wasm::Common::Http diff --git a/plugins/wasm-cpp/extensions/bot_detect/BUILD b/plugins/wasm-cpp/extensions/bot_detect/BUILD index e5ba81c26..808c34cd4 100644 --- a/plugins/wasm-cpp/extensions/bot_detect/BUILD +++ b/plugins/wasm-cpp/extensions/bot_detect/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "bot_detect.wasm", srcs = [ "plugin.cc", @@ -28,7 +28,6 @@ wasm_cc_binary( "//common:http_util", "//common:regex_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/custom_response/BUILD b/plugins/wasm-cpp/extensions/custom_response/BUILD index d6202d7b0..dd0d5a6de 100644 --- a/plugins/wasm-cpp/extensions/custom_response/BUILD +++ b/plugins/wasm-cpp/extensions/custom_response/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "custom_response.wasm", srcs = [ "plugin.cc", @@ -27,7 +27,6 @@ wasm_cc_binary( "//common:json_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/hmac_auth/BUILD b/plugins/wasm-cpp/extensions/hmac_auth/BUILD index 9fd9ad93b..3f3dd1ed9 100644 --- a/plugins/wasm-cpp/extensions/hmac_auth/BUILD +++ b/plugins/wasm-cpp/extensions/hmac_auth/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "hmac_auth.wasm", srcs = [ "plugin.cc", @@ -30,7 +30,6 @@ wasm_cc_binary( "//common:crypto_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/jwt_auth/BUILD b/plugins/wasm-cpp/extensions/jwt_auth/BUILD index c960158a1..6d31fc857 100644 --- a/plugins/wasm-cpp/extensions/jwt_auth/BUILD +++ b/plugins/wasm-cpp/extensions/jwt_auth/BUILD @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") wasm_cc_binary( @@ -33,7 +33,6 @@ wasm_cc_binary( "//common:json_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/key_auth/BUILD b/plugins/wasm-cpp/extensions/key_auth/BUILD index 8668bc5fe..5dc3ff488 100644 --- a/plugins/wasm-cpp/extensions/key_auth/BUILD +++ b/plugins/wasm-cpp/extensions/key_auth/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "key_auth.wasm", srcs = [ "plugin.cc", @@ -28,7 +28,6 @@ wasm_cc_binary( "//common:json_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/key_rate_limit/BUILD b/plugins/wasm-cpp/extensions/key_rate_limit/BUILD index 7f4cd9249..19cbfa372 100644 --- a/plugins/wasm-cpp/extensions/key_rate_limit/BUILD +++ b/plugins/wasm-cpp/extensions/key_rate_limit/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "key_rate_limit.wasm", srcs = [ "plugin.cc", @@ -29,7 +29,6 @@ wasm_cc_binary( "//common:json_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/model_router/BUILD b/plugins/wasm-cpp/extensions/model_router/BUILD index 67cfa547d..ead7b8ebe 100644 --- a/plugins/wasm-cpp/extensions/model_router/BUILD +++ b/plugins/wasm-cpp/extensions/model_router/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "model_router.wasm", srcs = [ "plugin.cc", diff --git a/plugins/wasm-cpp/extensions/request_block/BUILD b/plugins/wasm-cpp/extensions/request_block/BUILD index 518209139..f1eaa40d0 100644 --- a/plugins/wasm-cpp/extensions/request_block/BUILD +++ b/plugins/wasm-cpp/extensions/request_block/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "request_block.wasm", srcs = [ "plugin.cc", @@ -27,7 +27,6 @@ wasm_cc_binary( "//common:json_util", "//common:http_util", "//common:rule_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], ) diff --git a/plugins/wasm-cpp/extensions/sni_misdirect/BUILD b/plugins/wasm-cpp/extensions/sni_misdirect/BUILD index b4b32b4c1..5a24973e0 100644 --- a/plugins/wasm-cpp/extensions/sni_misdirect/BUILD +++ b/plugins/wasm-cpp/extensions/sni_misdirect/BUILD @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary") +load("@proxy_wasm_cpp_sdk//bazel:defs.bzl", "proxy_wasm_cc_binary") load("//bazel:wasm.bzl", "declare_wasm_image_targets") -wasm_cc_binary( +proxy_wasm_cc_binary( name = "sni_misdirect.wasm", srcs = [ "plugin.cc", @@ -25,7 +25,6 @@ wasm_cc_binary( "@com_google_absl//absl/strings:str_format", "@com_google_absl//absl/strings", "//common:http_util", - "@proxy_wasm_cpp_sdk//:proxy_wasm_intrinsics", ], )