diff --git a/CHANGELOG.md b/CHANGELOG.md index ae8fa0b3d..1c0ed6c38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Correct FAPI header to `x-fapi-interaction-id` [PR #1557](https://github.com/3scale/APIcast/pull/1557) [THREESCALE-11957](https://issues.redhat.com/browse/THREESCALE-11957) - Only validate oidc setting if authentication method is set to oidc [PR #1568](https://github.com/3scale/APIcast/pull/1568) [THREESCALE-11441](https://issues.redhat.com/browse/THREESCALE-11441) - Reduce memory consumption when returning large response that has been routed through a proxy server. [PR #1572](https://github.com/3scale/APIcast/pull/1572) [THREESCALE-12258](https://issues.redhat.com/browse/THREESCALE-12258) +- Fix proxy policy doesn't send headers set by APIcast to the API Backend. [PR #1588](https://github.com/3scale/APIcast/pull/1588) [THREESCALE-10151](https://redhat.atlassian.net/browse/THREESCALE-10151) ### Added - Update APIcast schema manifest [PR #1550](https://github.com/3scale/APIcast/pull/1550) diff --git a/gateway/src/apicast/http_proxy.lua b/gateway/src/apicast/http_proxy.lua index 00a64caf2..2e7cfdcb2 100644 --- a/gateway/src/apicast/http_proxy.lua +++ b/gateway/src/apicast/http_proxy.lua @@ -138,10 +138,15 @@ local function forward_https_request(proxy_uri, uri, proxy_opts) end end + local headers = ngx_req_get_headers(0, true) + headers["X-Real-IP"] = ngx.var.remote_addr + headers["X-3scale-debug"] = "" + headers["X-3scale-proxy-secret-token"] = ngx.var.secret_token + local request = { uri = uri, method = req_method, - headers = ngx_req_get_headers(0, true), + headers = headers, path = (ngx.var.uri or '') .. (ngx.var.is_args or '') .. (ngx.var.query_string or ''), body = body, proxy_uri = proxy_uri, @@ -159,6 +164,8 @@ local function forward_https_request(proxy_uri, uri, proxy_opts) local res res, err = httpc:request(request) + local inspect = require 'inspect' + ngx.log(ngx.INFO, "\n-------\n", inspect(res.headers)) if res then if opts.request_unbuffered and raw then err = send_response(sock, res, DEFAULT_CHUNKSIZE) diff --git a/t/apicast-policy-camel.t b/t/apicast-policy-camel.t index c64c3256a..370da9bc7 100644 --- a/t/apicast-policy-camel.t +++ b/t/apicast-policy-camel.t @@ -12,6 +12,7 @@ sub large_body { } $ENV{'LARGE_BODY'} = large_body(); +require("policies.pl"); repeat_each(1); @@ -140,6 +141,7 @@ $Test::Nginx::Util::ENDPOINT_SSL_PORT = Test::APIcast::get_random_port(); { "backend_version": 1, "proxy": { + "secret_token": "token", "api_backend": "https://localhost:$Test::Nginx::Util::ENDPOINT_SSL_PORT", "proxy_rules": [ { "pattern": "/test", "http_method": "GET", "metric_system_name": "hits", "delta": 2 } @@ -177,6 +179,9 @@ EOF server_name _ default_server; location /test { + echo_foreach_split '\r\n' \$echo_client_request_headers; + echo \$echo_it; + echo_end; access_by_lua_block { assert = require('luassert') assert.equal('https', ngx.var.scheme) @@ -186,8 +191,6 @@ EOF local host = ngx.req.get_headers()["Host"] assert.equal(host, 'localhost:$Test::Nginx::Util::ENDPOINT_SSL_PORT') - ngx.say("yay, endpoint backend") - } } } @@ -211,6 +214,16 @@ GET /test?user_key=test3 --- more_headers User-Agent: Test::APIcast::Blackbox ETag: foobar +--- expected_response_body_like_multiple eval +[[ + qr{GET \/test\?user_key=test3 HTTP\/1\.1}, + qr{ETag\: foobar}, + qr{Connection\: close}, + qr{User\-Agent\: Test\:\:APIcast\:\:Blackbox}, + qr{Host\: localhost\:\d+}, + qr{X\-Real\-IP\: 127.0.0.1}, + qr{X\-3scale\-proxy\-secret\-token\: token} +]] --- error_code: 200 --- user_files fixture=tls.pl eval --- error_log eval diff --git a/t/apicast-policy-http-proxy.t b/t/apicast-policy-http-proxy.t index b4a8452f0..8f2cf030f 100644 --- a/t/apicast-policy-http-proxy.t +++ b/t/apicast-policy-http-proxy.t @@ -13,6 +13,7 @@ sub large_body { $ENV{'LARGE_BODY'} = large_body(); +require("policies.pl"); repeat_each(3); @@ -138,6 +139,7 @@ using proxy: $TEST_NGINX_HTTP_PROXY { "backend_version": 1, "proxy": { + "secret_token": "token", "api_backend": "https://test-upstream.lvh.me:$TEST_NGINX_RANDOM_PORT", "proxy_rules": [ { "pattern": "/test", "http_method": "GET", "metric_system_name": "hits", "delta": 2 } @@ -197,7 +199,9 @@ ETag: foobar qr{ETag\: foobar}, qr{Connection\: close}, qr{User\-Agent\: Test\:\:APIcast\:\:Blackbox}, - qr{Host\: test-upstream.lvh.me\:\d+} + qr{Host\: test-upstream.lvh.me\:\d+}, + qr{X\-Real\-IP\: 127.0.0.1}, + qr{X\-3scale\-proxy\-secret\-token\: token}, ]] --- error_code: 200 --- error_log env diff --git a/t/http-proxy.t b/t/http-proxy.t index 7298735c4..9218438c9 100644 --- a/t/http-proxy.t +++ b/t/http-proxy.t @@ -451,6 +451,7 @@ proxy request: GET http://test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT/test?user { "backend_version": 1, "proxy": { + "secret_token": "token", "api_backend": "https://test-upstream.lvh.me:$TEST_NGINX_RANDOM_PORT", "proxy_rules": [ { "pattern": "/test", "http_method": "GET", "metric_system_name": "hits", "delta": 2 } @@ -495,7 +496,9 @@ ETag: foobar qr{ETag\: foobar}, qr{Connection\: close}, qr{User\-Agent\: Test\:\:APIcast\:\:Blackbox}, - qr{Host\: test-upstream.lvh.me\:\d+} + qr{Host\: test-upstream.lvh.me\:\d+}, + qr{X\-Real\-IP\: 127.0.0.1}, + qr{X\-3scale\-proxy\-secret\-token\: token} ]] --- error_code: 200 --- error_log env