/
api_request_constraints.go
234 lines (198 loc) · 7.63 KB
/
api_request_constraints.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
package appsec
import (
"context"
"fmt"
"net/http"
validation "github.com/go-ozzo/ozzo-validation/v4"
)
type (
// The ApiRequestConstraints interface supports retrieving, modifying, or removing the action
// taken when any API request constraint is triggered, or when a specific API request constraint
// is triggered.
ApiRequestConstraints interface {
// GetApiRequestConstraints returns a list of APIs with their constraints and associated actions.
//
// See: https://techdocs.akamai.com/application-security/reference/get-api-request-constraints
GetApiRequestConstraints(ctx context.Context, params GetApiRequestConstraintsRequest) (*GetApiRequestConstraintsResponse, error)
// UpdateApiRequestConstraints updates what action to take when any API request constraint triggers.
//
// See: https://techdocs.akamai.com/application-security/reference/put-api-request-constraints
UpdateApiRequestConstraints(ctx context.Context, params UpdateApiRequestConstraintsRequest) (*UpdateApiRequestConstraintsResponse, error)
// RemoveApiRequestConstraints removes the API requests constraint.
//
// See: https://techdocs.akamai.com/application-security/reference/put-api-request-constraints
RemoveApiRequestConstraints(ctx context.Context, params RemoveApiRequestConstraintsRequest) (*RemoveApiRequestConstraintsResponse, error)
}
// GetApiRequestConstraintsRequest is used to retrieve the list of APIs with their constraints and associated actions.
GetApiRequestConstraintsRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
ApiID int `json:"-"`
}
// GetApiRequestConstraintsResponse is returned from a call to GetApiRequestConstraints.
GetApiRequestConstraintsResponse struct {
APIEndpoints []ApiEndpoint `json:"apiEndpoints,omitempty"`
}
// ApiEndpoint describes an API endpoint and its associated action.
ApiEndpoint struct {
ID int `json:"id"`
Action string `json:"action"`
}
// UpdateApiRequestConstraintsRequest is used to modify the action taken when an API request contraint is triggered.
UpdateApiRequestConstraintsRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
ApiID int `json:"-"`
Action string `json:"action"`
}
// UpdateApiRequestConstraintsResponse is returned from a call to UpdateApiRequestConstraints.
UpdateApiRequestConstraintsResponse struct {
Action string `json:"action"`
}
// RemoveApiRequestConstraintsRequest is used to remove an API request constraint's action.
RemoveApiRequestConstraintsRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
ApiID int `json:"-"`
Action string `json:"action"`
}
// RemoveApiRequestConstraintsResponse is returned from a call to RemoveApiRequestConstraints.
RemoveApiRequestConstraintsResponse struct {
Action string `json:"action"`
}
)
// Validate validates a GetApiRequestConstraintsRequest.
func (v GetApiRequestConstraintsRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
// Validate validates an UpdateApiRequestConstraintsRequest.
func (v UpdateApiRequestConstraintsRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
// Validate validates a RemoveApiRequestConstraintsRequest.
func (v RemoveApiRequestConstraintsRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
func (p *appsec) GetApiRequestConstraints(ctx context.Context, params GetApiRequestConstraintsRequest) (*GetApiRequestConstraintsResponse, error) {
logger := p.Log(ctx)
logger.Debug("GetApiRequestConstraints")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
uri := fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/api-request-constraints",
params.ConfigID,
params.Version,
params.PolicyID)
req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create GetApiRequestConstraints request: %w", err)
}
var result GetApiRequestConstraintsResponse
resp, err := p.Exec(req, &result)
if err != nil {
return nil, fmt.Errorf("get API request constraints request failed: %w", err)
}
if resp.StatusCode != http.StatusOK {
return nil, p.Error(resp)
}
if params.ApiID != 0 {
var filteredResult GetApiRequestConstraintsResponse
for _, val := range result.APIEndpoints {
if val.ID == params.ApiID {
filteredResult.APIEndpoints = append(filteredResult.APIEndpoints, val)
}
}
return &filteredResult, nil
}
return &result, nil
}
func (p *appsec) UpdateApiRequestConstraints(ctx context.Context, params UpdateApiRequestConstraintsRequest) (*UpdateApiRequestConstraintsResponse, error) {
logger := p.Log(ctx)
logger.Debug("UpdateApiRequestConstraints")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
var uri string
if params.ApiID != 0 {
uri = fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/api-request-constraints/%d",
params.ConfigID,
params.Version,
params.PolicyID,
params.ApiID,
)
} else {
uri = fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/api-request-constraints",
params.ConfigID,
params.Version,
params.PolicyID,
)
}
req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create UpdateApiRequestConstraints request: %w", err)
}
var result UpdateApiRequestConstraintsResponse
resp, err := p.Exec(req, &result, params)
if err != nil {
return nil, fmt.Errorf("update API request constraints request failed: %w", err)
}
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
return nil, p.Error(resp)
}
return &result, nil
}
func (p *appsec) RemoveApiRequestConstraints(ctx context.Context, params RemoveApiRequestConstraintsRequest) (*RemoveApiRequestConstraintsResponse, error) {
logger := p.Log(ctx)
logger.Debug("RemoveApiRequestConstraints")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
var uri string
if params.ApiID != 0 {
uri = fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/api-request-constraints/%d",
params.ConfigID,
params.Version,
params.PolicyID,
params.ApiID,
)
} else {
uri = fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/api-request-constraints",
params.ConfigID,
params.Version,
params.PolicyID,
)
}
req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create RemoveApiRequestConstraints request: %w", err)
}
var result RemoveApiRequestConstraintsResponse
resp, err := p.Exec(req, &result, params)
if err != nil {
return nil, fmt.Errorf("remove API request constraints request failed: %w", err)
}
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
return nil, p.Error(resp)
}
return &result, nil
}