Context validator
cp:otoroshi.next.plugins.ContextValidation
This plugin validates the current context using JSONPath validators.
This plugin let you configure a list of validators that will check if the current call can pass. A validator is composed of a JSONPath that will tell what to check and a value that is the expected value. The JSONPath will be applied on a document that will look like
{
"snowflake" : "1516772930422308903",
"apikey" : { // current apikey
"clientId" : "vrmElDerycXrofar",
"clientName" : "default-apikey",
"metadata" : {
"foo" : "bar"
},
"tags" : [ ]
},
"user" : null, // current user
"request" : {
"id" : 1,
"method" : "GET",
"headers" : {
"Host" : "ctx-validation-next-gen.oto.tools:9999",
"Accept" : "*/*",
"User-Agent" : "curl/7.64.1",
"Authorization" : "Basic dnJtRWxEZXJ5Y1hyb2ZhcjpvdDdOSTkyVGI2Q2J4bWVMYU9UNzJxamdCU2JlRHNLbkxtY1FBcXBjVjZTejh0Z3I1b2RUOHAzYjB5SEVNRzhZ",
"Remote-Address" : "127.0.0.1:58929",
"Timeout-Access" : "<function1>",
"Raw-Request-URI" : "/foo",
"Tls-Session-Info" : "Session(1650461821330|SSL_NULL_WITH_NULL_NULL)"
},
"cookies" : [ ],
"tls" : false,
"uri" : "/foo",
"path" : "/foo",
"version" : "HTTP/1.1",
"has_body" : false,
"remote" : "127.0.0.1",
"client_cert_chain" : null
},
"config" : {
"validators" : [ {
"path" : "$.apikey.metadata.foo",
"value" : "bar"
} ]
},
"global_config" : { ... }, // global config
"attrs" : {
"otoroshi.core.SnowFlake" : "1516772930422308903",
"otoroshi.core.ElCtx" : {
"requestId" : "1516772930422308903",
"requestSnowflake" : "1516772930422308903",
"requestTimestamp" : "2022-04-20T15:37:01.548+02:00"
},
"otoroshi.next.core.Report" : "otoroshi.next.proxy.NgExecutionReport@277b44e2",
"otoroshi.core.RequestStart" : 1650461821545,
"otoroshi.core.RequestWebsocket" : false,
"otoroshi.core.RequestCounterOut" : 0,
"otoroshi.core.RemainingQuotas" : {
"authorizedCallsPerSec" : 10000000,
"currentCallsPerSec" : 0,
"remainingCallsPerSec" : 10000000,
"authorizedCallsPerDay" : 10000000,
"currentCallsPerDay" : 2,
"remainingCallsPerDay" : 9999998,
"authorizedCallsPerMonth" : 10000000,
"currentCallsPerMonth" : 269,
"remainingCallsPerMonth" : 9999731
},
"otoroshi.next.core.MatchedRoutes" : "MutableList(route_022825450-e97d-42ed-8e22-b23342c1c7c8)",
"otoroshi.core.RequestNumber" : 1,
"otoroshi.next.core.Route" : { ... }, // current route as json
"otoroshi.core.RequestTimestamp" : "2022-04-20T15:37:01.548+02:00",
"otoroshi.core.ApiKey" : { ... }, // current apikey as json
"otoroshi.core.User" : { ... }, // current user as json
"otoroshi.core.RequestCounterIn" : 0
},
"route" : { ... },
"token" : null // current valid jwt token if one
}
the expected value support some syntax tricks like
Not(value)
on a string to check if the current value does not equals another valueRegex(regex)
on a string to check if the current value matches the regexRegexNot(regex)
on a string to check if the current value does not matches the regexWildcard(*value*)
on a string to check if the current value matches the value with wildcardsWildcardNot(*value*)
on a string to check if the current value does not matches the value with wildcardsContains(value)
on a string to check if the current value contains a valueContainsNot(value)
on a string to check if the current value does not contains a valueContains(Regex(regex))
on an array to check if one of the item of the array matches the regexContainsNot(Regex(regex))
on an array to check if one of the item of the array does not matches the regexContains(Wildcard(*value*))
on an array to check if one of the item of the array matches the wildcard valueContainsNot(Wildcard(*value*))
on an array to check if one of the item of the array does not matches the wildcard valueContains(value)
on an array to check if the array contains a valueContainsNot(value)
on an array to check if the array does not contains a value
for instance to check if the current apikey has a metadata name foo
with a value containing bar
, you can write the following validator
{
"path": "$.apikey.metadata.foo",
"value": "Contains(bar)"
}
categories:
- AccessControl
default configuration:
{
"validators" : [ ]
}