Merge pull request #899 from 4t145/gateway-notify-support-template

gateway: add content filter plugin, update tardis

Cargo.toml

@@ -65,7 +65,7 @@ strum = { version = "0.26", features = ["derive"] }
 # tardis
 # tardis = { version = "0.1.0-rc.17" }
 # tardis = { version = "0.2.0", path = "../tardis/tardis" }
-tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "0058079" }
+tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "aeb4c85" }
 # asteroid-mq = { git = "https://github.com/4t145/asteroid-mq.git", rev = "d59c64d" }
 asteroid-mq = { git = "https://github.com/4t145/asteroid-mq.git", rev = "b26fa4f" }
 # asteroid-mq = { version = "0.1.0-alpha.5" }

backend/gateways/spacegate-plugins/src/lib.rs

@@ -1,6 +1,6 @@
 #![warn(clippy::unwrap_used)]
 
-pub use crate::plugin::{anti_replay, anti_xss, audit_log, auth, ip_time, rewrite_ns_b_ip};
+pub use crate::plugin::{anti_replay, anti_xss, audit_log, auth, ip_time, rewrite_ns_b_ip, content_filter};
 
 mod consts;
 mod extension;
@@ -20,4 +20,5 @@ pub fn register_lib_plugins(repo: &PluginRepository) {
     repo.register::<auth::AuthPlugin>();
     repo.register::<op_redis_publisher::RedisPublisherPlugin>();
     repo.register::<notify::NotifyPlugin>();
+    repo.register::<content_filter::ContentFilterPlugin>();
 }

backend/gateways/spacegate-plugins/src/plugin/content_filter.rs

@@ -1,11 +1,11 @@
 use http::StatusCode;
 use serde::{Deserialize, Serialize};
 use spacegate_shell::hyper::body::Body;
-use spacegate_shell::plugin::Plugin;
 use spacegate_shell::plugin::{
     plugin_meta,
     schemars::{self, JsonSchema},
 };
+use spacegate_shell::plugin::{schema, Plugin, PluginSchemaExt};
 use spacegate_shell::{BoxError, SgResponse, SgResponseExt};
 use std::ops::Deref;
 use std::str::FromStr;
@@ -79,6 +79,7 @@ impl BytesFilter {
 #[derive(Debug, Clone, Serialize, Deserialize, Default, JsonSchema)]
 pub struct ContentFilterConfig {
     content_length_limit: Option<u32>,
+    forbidden_pq_filter: Vec<BytesFilter>,
     forbidden_content_filter: Vec<BytesFilter>,
 }
 #[derive(Debug, Clone)]
@@ -105,6 +106,17 @@ impl Plugin for ContentFilterPlugin {
                 return Ok(SgResponse::with_code_empty(StatusCode::PAYLOAD_TOO_LARGE));
             }
         }
+        if !self.forbidden_pq_filter.is_empty() {
+            if let Some(pq) = req.uri().path_and_query() {
+                for f in &self.forbidden_pq_filter {
+                    if f.matches(pq.as_str().as_bytes()) {
+                        let mut response = SgResponse::with_code_empty(StatusCode::BAD_REQUEST);
+                        response.extensions_mut().insert(ContentFilterForbiddenReport { forbidden_reason: format!("forbidden rule matched: {f}") });
+                        return Ok(response);
+                    }
+                }
+            }
+        }
         if !self.forbidden_content_filter.is_empty() {
             let (parts, body) = req.into_parts();
             let body = body.dump().await?;
@@ -113,7 +125,7 @@ impl Plugin for ContentFilterPlugin {
                 if filter.matches(bytes) {
                     let mut response = SgResponse::with_code_empty(StatusCode::BAD_REQUEST);
                     response.extensions_mut().insert(ContentFilterForbiddenReport {
-                        forbidden_reason: filter.to_string(),
+                        forbidden_reason: format!("forbidden rule matched: {filter}") ,
                     });
                     return Ok(response);
                 }
@@ -127,4 +139,10 @@ impl Plugin for ContentFilterPlugin {
         let config = serde_json::from_value(plugin_config.spec)?;
         Ok(ContentFilterPlugin(Arc::new(config)))
     }
+
+    fn schema_opt() -> Option<schemars::schema::RootSchema> {
+        Some(ContentFilterPlugin::schema())
+    }
 }
+
+schema!(ContentFilterPlugin, ContentFilterConfig);