Skip to main content

Context validator

cp:otoroshi.next.plugins.ContextValidation

This plugin validates the current context using JSONPath validators.

This plugin let you configure a list of validators that will check if the current call can pass. A validator is composed of a JSONPath that will tell what to check and a value that is the expected value. The JSONPath will be applied on a document that will look like

{
"snowflake" : "1516772930422308903",
"apikey" : { // current apikey
"clientId" : "vrmElDerycXrofar",
"clientName" : "default-apikey",
"metadata" : {
"foo" : "bar"
},
"tags" : [ ]
},
"user" : null, // current user
"request" : {
"id" : 1,
"method" : "GET",
"headers" : {
"Host" : "ctx-validation-next-gen.oto.tools:9999",
"Accept" : "*/*",
"User-Agent" : "curl/7.64.1",
"Authorization" : "Basic dnJtRWxEZXJ5Y1hyb2ZhcjpvdDdOSTkyVGI2Q2J4bWVMYU9UNzJxamdCU2JlRHNLbkxtY1FBcXBjVjZTejh0Z3I1b2RUOHAzYjB5SEVNRzhZ",
"Remote-Address" : "127.0.0.1:58929",
"Timeout-Access" : "<function1>",
"Raw-Request-URI" : "/foo",
"Tls-Session-Info" : "Session(1650461821330|SSL_NULL_WITH_NULL_NULL)"
},
"cookies" : [ ],
"tls" : false,
"uri" : "/foo",
"path" : "/foo",
"version" : "HTTP/1.1",
"has_body" : false,
"remote" : "127.0.0.1",
"client_cert_chain" : null
},
"config" : {
"validators" : [ {
"path" : "$.apikey.metadata.foo",
"value" : "bar"
} ]
},
"global_config" : { ... }, // global config
"attrs" : {
"otoroshi.core.SnowFlake" : "1516772930422308903",
"otoroshi.core.ElCtx" : {
"requestId" : "1516772930422308903",
"requestSnowflake" : "1516772930422308903",
"requestTimestamp" : "2022-04-20T15:37:01.548+02:00"
},
"otoroshi.next.core.Report" : "otoroshi.next.proxy.NgExecutionReport@277b44e2",
"otoroshi.core.RequestStart" : 1650461821545,
"otoroshi.core.RequestWebsocket" : false,
"otoroshi.core.RequestCounterOut" : 0,
"otoroshi.core.RemainingQuotas" : {
"authorizedCallsPerSec" : 10000000,
"currentCallsPerSec" : 0,
"remainingCallsPerSec" : 10000000,
"authorizedCallsPerDay" : 10000000,
"currentCallsPerDay" : 2,
"remainingCallsPerDay" : 9999998,
"authorizedCallsPerMonth" : 10000000,
"currentCallsPerMonth" : 269,
"remainingCallsPerMonth" : 9999731
},
"otoroshi.next.core.MatchedRoutes" : "MutableList(route_022825450-e97d-42ed-8e22-b23342c1c7c8)",
"otoroshi.core.RequestNumber" : 1,
"otoroshi.next.core.Route" : { ... }, // current route as json
"otoroshi.core.RequestTimestamp" : "2022-04-20T15:37:01.548+02:00",
"otoroshi.core.ApiKey" : { ... }, // current apikey as json
"otoroshi.core.User" : { ... }, // current user as json
"otoroshi.core.RequestCounterIn" : 0
},
"route" : { ... },
"token" : null // current valid jwt token if one
}

the expected value support some syntax tricks like

  • Not(value) on a string to check if the current value does not equals another value
  • Regex(regex) on a string to check if the current value matches the regex
  • RegexNot(regex) on a string to check if the current value does not matches the regex
  • Wildcard(*value*) on a string to check if the current value matches the value with wildcards
  • WildcardNot(*value*) on a string to check if the current value does not matches the value with wildcards
  • Contains(value) on a string to check if the current value contains a value
  • ContainsNot(value) on a string to check if the current value does not contains a value
  • Contains(Regex(regex)) on an array to check if one of the item of the array matches the regex
  • ContainsNot(Regex(regex)) on an array to check if one of the item of the array does not matches the regex
  • Contains(Wildcard(*value*)) on an array to check if one of the item of the array matches the wildcard value
  • ContainsNot(Wildcard(*value*)) on an array to check if one of the item of the array does not matches the wildcard value
  • Contains(value) on an array to check if the array contains a value
  • ContainsNot(value) on an array to check if the array does not contains a value

for instance to check if the current apikey has a metadata name foo with a value containing bar, you can write the following validator

{
"path": "$.apikey.metadata.foo",
"value": "Contains(bar)"
}

categories:

  • AccessControl

default configuration:

{
"validators" : [ ]
}