Skip to content

Commit

Permalink
Improved API Security schema computation performance (#6765)
Browse files Browse the repository at this point in the history
* Compute API Security schema extraction at the end of request

* Better formatting
  • Loading branch information
ValentinZakharov authored Mar 8, 2024
1 parent 8887043 commit b174715
Showing 1 changed file with 37 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ public class GatewayBridge {
private volatile DataSubscriberInfo pathParamsSubInfo;
private volatile DataSubscriberInfo respDataSubInfo;
private volatile DataSubscriberInfo grpcServerRequestMsgSubInfo;
private volatile DataSubscriberInfo requestEndSubInfo;

public GatewayBridge(
SubscriptionService subscriptionService,
Expand Down Expand Up @@ -110,6 +111,8 @@ public void init() {
return NoopFlow.INSTANCE;
}

maybeExtractSchemas(ctx);

// WAF call
ctx.closeAdditive();

Expand Down Expand Up @@ -558,18 +561,10 @@ private Flow<Void> maybePublishResponseData(AppSecRequestContext ctx) {

ctx.setRespDataPublished(true);

boolean extractSchema = false;
if (Config.get().isApiSecurityEnabled() && requestSampler != null) {
extractSchema = requestSampler.sampleRequest();
}

MapDataBundle bundle =
MapDataBundle.of(
KnownAddresses.RESPONSE_STATUS, String.valueOf(ctx.getResponseStatus()),
KnownAddresses.RESPONSE_HEADERS_NO_COOKIES, ctx.getResponseHeaders(),
// Extract api schema on response stage
KnownAddresses.WAF_CONTEXT_PROCESSOR,
Collections.singletonMap("extract-schema", extractSchema));
KnownAddresses.RESPONSE_HEADERS_NO_COOKIES, ctx.getResponseHeaders());

while (true) {
DataSubscriberInfo subInfo = respDataSubInfo;
Expand All @@ -588,6 +583,39 @@ private Flow<Void> maybePublishResponseData(AppSecRequestContext ctx) {
}
}

private void maybeExtractSchemas(AppSecRequestContext ctx) {
boolean extractSchema = false;
if (Config.get().isApiSecurityEnabled() && requestSampler != null) {
extractSchema = requestSampler.sampleRequest();
}

if (!extractSchema) {
return;
}

while (true) {
DataSubscriberInfo subInfo = requestEndSubInfo;
if (subInfo == null) {
subInfo = producerService.getDataSubscribers(KnownAddresses.WAF_CONTEXT_PROCESSOR);
requestEndSubInfo = subInfo;
}
if (subInfo == null || subInfo.isEmpty()) {
return;
}

DataBundle bundle =
new SingletonDataBundle<>(
KnownAddresses.WAF_CONTEXT_PROCESSOR,
Collections.singletonMap("extract-schema", true));
try {
producerService.publishDataEvent(subInfo, ctx, bundle, false);
return;
} catch (ExpiredSubscriberInfoException e) {
requestEndSubInfo = null;
}
}
}

private static Map<String, List<String>> parseQueryStringParams(
String queryString, Charset uriEncoding) {
if (queryString == null) {
Expand Down

0 comments on commit b174715

Please sign in to comment.