-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request/response validators #1701
Comments
How would it differ from middleware? |
It's a different configuration style - instead of adding middleware to the pipeline, you could register the validator with the config system. Just like a transform. |
Transforms give you more context (the outgoing request). I guess I'm asking for more details here. What would a request validator look like that would do the 2 things you have above? It would be good to throw up a strawman as an example. |
So what I would like to do is this: a) attach some metadata to a route or cluster config b) get invoked at runtime to be able to inspect the incoming request c) fail the request if necessary We do this today for access tokens using a transform. But I think the transform is not supposed to fail. Hence the idea of a "validator". For antiforgery protection we need to fail - this is why we had to use a middleware to implement it. So a variation of that could be to add the ability for a request transform to return an error to the caller. |
Related request: #1670 |
See #1709 for details of a more extensible config pattern for routes & clusters. This scenario could be a good example of YARP extension middleware that uses config extensibility to accomplish its goals. The middleware could be supplied as a pre-built library. The consuming YARP app would need to register it and put it in the YARP pipeline. @Tratcher - should there be a way for extensions to self-register for the YARP pipeline? Today you either go with the default pipeline or define your own. For the default pipeline case, should there be a way for an extension to self-register as running before/after default pipeline stages. Then as a consumer you don't need to figure out the ordering yourself. |
I understand that this can be all done with middleware. It is just a different model - and for creating reusable blocks - for transforms we can package it up like this: services.AddReverseProxy().AddMyExtensions(); which is nicer than teaching the end-user how to wire up middleware the right way. As I said before - if a transform would have the ability to fault the request and control the response message, this would be very powerful. |
Transforms have more context and run at a specific time withing the proxy pipeline, I'm wondering why that applies here. |
All I am saying is that there are right now 2 fundamentally different approaches. And there are situations where during a transform you realize that the request is invalid - hence the idea of a formal validation step - or the transform being able to fail. |
It would be possible to add this capability to request transforms. We already have something similar for response transforms: reverse-proxy/src/ReverseProxy/Transforms/ResponseTransformContext.cs Lines 31 to 35 in fab6c93
|
Triage: We have seen more than 1 ask for it -- e.g. #1724 |
Design questions:
|
Similar request: #1893, how to define routes in config that don't proxy. |
What should we add or change to make your life better?
YARP has request/response transforms. They are useful for what they are.
They do not have the concept of failing a request or response when certain validation criteria are not satisfied. It would be nice to have a similar way to plugin validators that are able to return error responses to the caller.
Why is this important to you?
Two use cases we have
I know that this could be achieved via middleware - but a mechanism similar to transforms would be less intrusive from configuration point of view.
The text was updated successfully, but these errors were encountered: