wip: feat: add naive buffer to decode/encode data fns

dettanym · Mar 6, 2024 · 5345f89 · 5345f89
1 parent 6e609e3
commit 5345f89
Showing 1 changed file with 41 additions and 7 deletions.
diff --git a/privacy-profile-composer/pkg/envoyfilter/filter.go b/privacy-profile-composer/pkg/envoyfilter/filter.go
@@ -51,6 +51,8 @@ type Filter struct {
 	// Runtime state of the filter
 	parentSpanContext model.SpanContext
 	headerMetadata    common.HeaderMetadata
+	decodeDataBuffer  string
+	encodeDataBuffer  string
 }
 
 // Callbacks which are called in request path
@@ -69,10 +71,26 @@ func (f *Filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.
 
 	common.LogDecodeHeaderData(header)
 
-	return api.Continue
+	if !endStream {
+		return api.HeaderStopIteration
+	} else {
+		return api.HeaderContinue
+	}
 }
 
 func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
+	if !endStream {
+		log.Printf(">>> DECODE DATA (buffering)\nbuffer len: %d\n", buffer.Len())
+
+		// TODO: we might need to be careful about collecting the data from all
+		//  of these buffers. Maybe go has some builtin methods to work with it,
+		//  instead of us collecting the entire body using string concat.
+		// https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/buffer_filter
+		// https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/file_system_buffer_filter
+		f.decodeDataBuffer += buffer.String()
+		return api.DataStopIterationAndBuffer
+	}
+
 	span, ctx := f.tracer.StartSpanFromContext(
 		context.Background(),
 		"DecodeData",
@@ -83,6 +101,9 @@ func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.Statu
 	log.Println(">>> DECODE DATA")
 	log.Println("  <<About to forward", buffer.Len(), "bytes of data to service>>")
 
+	span.Tag("buffer-value", buffer.String())
+	span.Tag("end-stream", strconv.FormatBool(endStream))
+
 	processBody := false
 	// If it is an inbound sidecar, then do process the body
 	// run PII Analysis + OPA directly
@@ -96,11 +117,11 @@ func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.Statu
 		thirdPartyURL, err := f.checkIfRequestToThirdParty()
 		if err != nil {
 			log.Println(err)
-			return api.Continue
+			return api.DataContinue
 		} else if thirdPartyURL == "" {
 			log.Printf("outbound sidecar processed a request to another sidecar in the mesh" +
 				"Prose will process it through the inbound decode function\n")
-			return api.Continue
+			return api.DataContinue
 		}
 		processBody = true
 	}
@@ -114,7 +135,7 @@ func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.Statu
 		}
 		if err != nil {
 			log.Println(err)
-			return api.Continue
+			return api.DataContinue
 		}
 
 		// If OPA is configured to an enforce mode (for production),
@@ -126,7 +147,7 @@ func (f *Filter) DecodeData(buffer api.BufferInstance, endStream bool) api.Statu
 		}
 	}
 
-	return api.Continue
+	return api.DataContinue
 }
 
 func (f *Filter) DecodeTrailers(trailers api.RequestTrailerMap) api.StatusType {
@@ -148,6 +169,16 @@ func (f *Filter) EncodeHeaders(header api.ResponseHeaderMap, endStream bool) api
 
 // Callbacks which are called in response path
 func (f *Filter) EncodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
+	if !endStream {
+		// TODO: we might need to be careful about collecting the data from all
+		//  of these buffers. Maybe go has some builtin methods to work with it,
+		//  instead of us collecting the entire body using string concat.
+		// https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/buffer_filter
+		// https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/file_system_buffer_filter
+		f.encodeDataBuffer += buffer.String()
+		return api.DataStopIterationAndBuffer
+	}
+
 	span, ctx := f.tracer.StartSpanFromContext(
 		context.Background(),
 		"EncodeData",
@@ -158,6 +189,9 @@ func (f *Filter) EncodeData(buffer api.BufferInstance, endStream bool) api.Statu
 	log.Println("<<< ENCODE DATA")
 	log.Println("  <<About to forward", buffer.Len(), "bytes of data to client>>")
 
+	span.Tag("buffer-value", buffer.String())
+	span.Tag("end-stream", strconv.FormatBool(endStream))
+
 	// if outbound then indirect purpose of use violation
 	// TODO: This is usually data obtained from another service
 	//  but it could also be data obtained from a third party. I.e. a kind of join violation.
@@ -169,7 +203,7 @@ func (f *Filter) EncodeData(buffer api.BufferInstance, endStream bool) api.Statu
 		}
 		if err != nil {
 			log.Println(err)
-			return api.Continue
+			return api.DataContinue
 		}
 
 		// If OPA is configured to an enforce mode (for production),
@@ -183,7 +217,7 @@ func (f *Filter) EncodeData(buffer api.BufferInstance, endStream bool) api.Statu
 
 	// if inbound then ignore
 	// we will just address them in the inbound call to the caller svc
-	return api.Continue
+	return api.DataContinue
 }
 
 func (f *Filter) EncodeTrailers(trailers api.ResponseTrailerMap) api.StatusType {