diff --git a/Cargo.toml b/Cargo.toml index 18e1c744..ff457430 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -65,7 +65,7 @@ strum = { version = "0.26", features = ["derive"] } # tardis # tardis = { version = "0.1.0-rc.17" } # tardis = { version = "0.2.0", path = "../tardis/tardis" } -tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "0058079" } +tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "aeb4c85" } # asteroid-mq = { git = "https://github.com/4t145/asteroid-mq.git", rev = "d59c64d" } asteroid-mq = { git = "https://github.com/4t145/asteroid-mq.git", rev = "b26fa4f" } # asteroid-mq = { version = "0.1.0-alpha.5" } diff --git a/backend/gateways/spacegate-plugins/src/lib.rs b/backend/gateways/spacegate-plugins/src/lib.rs index 2ffa9dcb..67c6a51d 100644 --- a/backend/gateways/spacegate-plugins/src/lib.rs +++ b/backend/gateways/spacegate-plugins/src/lib.rs @@ -1,6 +1,6 @@ #![warn(clippy::unwrap_used)] -pub use crate::plugin::{anti_replay, anti_xss, audit_log, auth, ip_time, rewrite_ns_b_ip}; +pub use crate::plugin::{anti_replay, anti_xss, audit_log, auth, ip_time, rewrite_ns_b_ip, content_filter}; mod consts; mod extension; @@ -20,4 +20,5 @@ pub fn register_lib_plugins(repo: &PluginRepository) { repo.register::(); repo.register::(); repo.register::(); + repo.register::(); } diff --git a/backend/gateways/spacegate-plugins/src/plugin/content_filter.rs b/backend/gateways/spacegate-plugins/src/plugin/content_filter.rs index 18584b80..94234318 100644 --- a/backend/gateways/spacegate-plugins/src/plugin/content_filter.rs +++ b/backend/gateways/spacegate-plugins/src/plugin/content_filter.rs @@ -1,11 +1,11 @@ use http::StatusCode; use serde::{Deserialize, Serialize}; use spacegate_shell::hyper::body::Body; -use spacegate_shell::plugin::Plugin; use spacegate_shell::plugin::{ plugin_meta, schemars::{self, JsonSchema}, }; +use spacegate_shell::plugin::{schema, Plugin, PluginSchemaExt}; use spacegate_shell::{BoxError, SgResponse, SgResponseExt}; use std::ops::Deref; use std::str::FromStr; @@ -79,6 +79,7 @@ impl BytesFilter { #[derive(Debug, Clone, Serialize, Deserialize, Default, JsonSchema)] pub struct ContentFilterConfig { content_length_limit: Option, + forbidden_pq_filter: Vec, forbidden_content_filter: Vec, } #[derive(Debug, Clone)] @@ -105,6 +106,17 @@ impl Plugin for ContentFilterPlugin { return Ok(SgResponse::with_code_empty(StatusCode::PAYLOAD_TOO_LARGE)); } } + if !self.forbidden_pq_filter.is_empty() { + if let Some(pq) = req.uri().path_and_query() { + for f in &self.forbidden_pq_filter { + if f.matches(pq.as_str().as_bytes()) { + let mut response = SgResponse::with_code_empty(StatusCode::BAD_REQUEST); + response.extensions_mut().insert(ContentFilterForbiddenReport { forbidden_reason: format!("forbidden rule matched: {f}") }); + return Ok(response); + } + } + } + } if !self.forbidden_content_filter.is_empty() { let (parts, body) = req.into_parts(); let body = body.dump().await?; @@ -113,7 +125,7 @@ impl Plugin for ContentFilterPlugin { if filter.matches(bytes) { let mut response = SgResponse::with_code_empty(StatusCode::BAD_REQUEST); response.extensions_mut().insert(ContentFilterForbiddenReport { - forbidden_reason: filter.to_string(), + forbidden_reason: format!("forbidden rule matched: {filter}") , }); return Ok(response); } @@ -127,4 +139,10 @@ impl Plugin for ContentFilterPlugin { let config = serde_json::from_value(plugin_config.spec)?; Ok(ContentFilterPlugin(Arc::new(config))) } + + fn schema_opt() -> Option { + Some(ContentFilterPlugin::schema()) + } } + +schema!(ContentFilterPlugin, ContentFilterConfig);