Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(middleware): v4 experimental middleware #986

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat(middleware): v4 experimental middleware #986

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f2556e5
feat(middleware): v4 experimental middleware
jptosso Feb 7, 2024
7d69e57
extra options
jptosso Feb 7, 2024
9784368
add custom error templates
jptosso Feb 7, 2024
c9180ed
feat(experimental): adds transaction started and transaction closed h…
jcchavezs Feb 7, 2024
25c73e4
Merge remote-tracking branch 'origin/adds_hooks_middleware' into expe…
jptosso Feb 7, 2024
b96d2b7
move to http
jptosso Feb 7, 2024
d0cdc0a
rollback experimental
jptosso Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added experimental/middleware/error_template.html
View file
Open in desktop
Empty file.
Empty file added experimental/middleware/interruption_template.html
View file
Open in desktop
Empty file.
42 changes: 42 additions & 0 deletions experimental/middleware/middleware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,33 @@
package experimental

import (
"embed"
"net/http"

"github.com/corazawaf/coraza/v3"
)

//go:embed error_template.html error_template.html
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
//go:embed error_template.html error_template.html
//go:embed error_template.html interruption_template.html

That's just to fix this. But I suggest changing to "default_error.html" and "default_interruption.html", pending on the next comment.

var embededTemplates embed.FS
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So... are these going to be html/templates or just html code? At first read I thought they were not static html files only.

In summary:

  • are these meant to be static html?
  • wouldn't be more interesting to use html/template templates that can be filled with details about the transaction? E.g. "Some error found. Contact your admin with this code: { < the transaction ID> }"`

If we use static html, maybe removing the "_template" in the name will make more sense, and use "default_error.html" and "default_interruption.html" instead?


var (
errorTemplate []byte

Check failure on line 17 in experimental/middleware/middleware.go

View workflow job for this annotation

GitHub Actions / lint 

var `errorTemplate` is unused (unused)
interruptionTemplate []byte

Check failure on line 18 in experimental/middleware/middleware.go

View workflow job for this annotation

GitHub Actions / lint 

var `interruptionTemplate` is unused (unused)
)

func init() {
var err error
errorTemplate, err = embededTemplates.ReadFile("error_template.html")
if err != nil {
panic(err)
}
interruptionTemplate, err = embededTemplates.ReadFile("interruption_template.html")
if err != nil {
panic(err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we avoid error handling at the init level? Can we have a readTemplates method instead that will be called by the middleware?


}

// Options represents the options for the experimental middleware
type Options struct {
// EnforceBlocking enables the blocking of requests that are interrupted
Expand Down Expand Up @@ -41,6 +63,21 @@
// If the rate is 0, the middleware will not sample
// If the rate is 100, the middleware will sample all requests
SamplingRate int

// CustomInterruptionTemplate represents the custom interruption template
// If the interruption is not processed, the middleware will use a default
// Interruption template supports variables in macro expansion format: %{var}
// Variables are:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Macro expansion as in SecRule macro expansion?

// - transaction_id
CustomInterruptionTemplate []byte

// CustomErrorTemplate represents the custom error template
// If the middleware fails to process the request, it will use a default
// Error template supports variables in macro expansion format: %{var}
// Variables are:
// - transaction_id
// - error
CustomErrorTemplate []byte
}

// DefaultOptions returns the default options for the middleware
Expand All @@ -64,6 +101,11 @@
// Keys are:
// - coraza_transaction: types.Transaction
// - coraza_interruption: types.Interruption
// - coraza_error: error
//
// If Coraza fails to process the request, the middleware will return a generic error.
// The next handler will not be executed and coraza_error will be available under
// the request context.
//
// The middleware will flush the request body and it will consume
// the response in case ProcessResponse Option is enabled.
Expand Down
Loading