api7 · bzp2010 · May 7, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
@@ -0,0 +1,109 @@
+import * as ADCSDK from '@api7/adc-sdk';
+import request from 'supertest';
+
+import { ADCServer } from '../../src/server';
+import { jestMockBackend } from '../support/utils';
+
+describe('Server - Validate', () => {
+  let server: ADCServer;
+
+  beforeAll(async () => {
+    jestMockBackend();
+    server = new ADCServer({
+      listen: new URL('http://127.0.1:3000'),
+      listenStatus: 3001,
+    });
+  });
+
+  it('test validate with empty config', async () => {
+    const { status, body } = await request(server.TEST_ONLY_getExpress())
+      .put('/validate')
+      .send({
+        task: {
+          opts: {
+            backend: 'mock',
+            server: 'http://1.1.1.1:3000',
+            token: 'mock',
+            cacheKey: 'default',
+          },
+          config: {},
+        },
+      });
+
+    expect(status).toEqual(200);
+    expect(body.success).toEqual(true);
+    expect(body.source).toEqual('validate');
+    expect(body.errors).toEqual([]);
+  });
+
+  it('test validate with config', async () => {
+    const config = {
+      consumers: [
+        {
+          username: 'test-consumer',
+          plugins: { 'limit-count': { count: 10, time_window: 60 } },
+        },
+      ],
+    } as ADCSDK.Configuration;
+    const { status, body } = await request(server.TEST_ONLY_getExpress())
+      .put('/validate')
+      .send({
+        task: {
+          opts: {
+            backend: 'mock',
+            server: 'http://1.1.1.1:3000',
+            token: 'mock',
+            cacheKey: 'default',
+          },
+          config,
+        },
+      });
+
+    expect(status).toEqual(200);
+    expect(body.success).toEqual(true);
+    expect(body.source).toEqual('validate');
+    expect(body.errors).toEqual([]);
+  });
+
+  it('test validate with invalid input', async () => {
+    const { status, body } = await request(server.TEST_ONLY_getExpress())
+      .put('/validate')
+      .send({
+        task: {
+          opts: {
+            server: 'http://1.1.1.1:3000',
+            token: 'mock',
+            cacheKey: 'default',
+          },
+          config: {},
+        },
+      });
+
+    expect(status).toEqual(400);
+    expect(body.success).toEqual(false);
+    expect(body.source).toEqual('input');
+  });
+
+  it('test validate with lint failure', async () => {
+    const { status, body } = await request(server.TEST_ONLY_getExpress())
+      .put('/validate')
+      .send({
+        task: {
+          opts: {
+            backend: 'mock',
+            server: 'http://1.1.1.1:3000',
+            token: 'mock',
+            lint: true,
+            cacheKey: 'default',
+          },
+          config: {
+            invalid_key: {},
+          },
+        },
+      });
+
+    expect(status).toEqual(400);
+    expect(body.success).toEqual(false);
+    expect(body.source).toEqual('lint');
+  });
+});
@@ -47,6 +47,12 @@ export const mockBackend = (): ADCSDK.Backend => {
         ),
       );
     }
+    public validate(events: Array<ADCSDK.Event>) {
+      return of({
+        success: true,
+        errors: [],
+      } as ADCSDK.BackendValidateResult);
+    }
     public on() {
       return new Subscription();
     }

@@ -6,6 +6,7 @@ import * as https from 'node:https';
 
 import { loggerMiddleware } from './logger';
 import { syncHandler } from './sync';
+import { validateHandler } from './validate';
 
 interface ADCServerOptions {
   listen: URL;
@@ -29,6 +30,7 @@ export class ADCServer {
     this.express.use(express.json({ limit: '100mb' }));
     this.express.use(loggerMiddleware);
     this.express.put('/sync', syncHandler);
+    this.express.put('/validate', validateHandler);
     this.expressStatus.get('/healthz/ready', (_, res) =>
       res.status(200).send('OK'),
     );

@@ -19,3 +19,22 @@ export const SyncInput = z.strictObject({
   task: SyncTask,
 });
 export type SyncInputType = z.infer<typeof SyncInput>;
+
+const ValidateTask = z.strictObject({
+  opts: z.looseObject({
+    backend: z.string().min(1),
+    server: z.union([z.url().min(1), z.array(z.url().min(1))]),
+    token: z.string().min(1),
+    lint: z.boolean().optional().default(true),
+    includeResourceType: z.array(z.enum(ADCSDK.ResourceType)).optional(),
+    excludeResourceType: z.array(z.enum(ADCSDK.ResourceType)).optional(),
+    labelSelector: z.record(z.string(), z.string()).optional(),
+    cacheKey: z.string(),
+  }),
+  config: z.looseObject({}),
+});
+
+export const ValidateInput = z.strictObject({
+  task: ValidateTask,
+});
+export type ValidateInputType = z.infer<typeof ValidateInput>;
@@ -84,7 +84,6 @@ export const syncHandler: RequestHandler<
         request: {
           method: response.config.method,
           url: response.config.url,
-          headers: response.config.headers,
           data: response.config.data,
         },
         response: {

@@ -0,0 +1,151 @@
+import { DifferV3 } from '@api7/adc-differ';
+import * as ADCSDK from '@api7/adc-sdk';
+import { HttpAgent, HttpOptions, HttpsAgent } from 'agentkeepalive';
+import type { RequestHandler } from 'express';
+import { toString } from 'lodash-es';
+import { lastValueFrom } from 'rxjs';
+
+import { fillLabels, filterResourceType, loadBackend } from '../command/utils';
+import { check } from '../linter';
+import { logger } from './logger';
+import { ValidateInput, type ValidateInputType } from './schema';
+
+// create connection pool
+const keepAlive: HttpOptions = {
+  keepAlive: true,
+  maxSockets: 256, // per host
+  maxFreeSockets: 16, // per host free
+  freeSocketTimeout:
+    parseInt(process.env.ADC_INGRESS_FREE_SOCKET_TIMEOUT) || 50000,
+};
+const httpAgent = new HttpAgent(keepAlive);
+
+//TODO: dynamic rejectUnauthorized and support mTLS
+const httpsAgent = new HttpsAgent({
+  rejectUnauthorized: true,
+  ...keepAlive,
+});
+const httpsInsecureAgent = new HttpsAgent({
+  rejectUnauthorized: false,
+  ...keepAlive,
+});
+
+export const validateHandler: RequestHandler<
+  unknown,
+  unknown,
+  ValidateInputType
+> = async (req, res) => {
+  try {
+    const parsedInput = ValidateInput.safeParse(req.body);
+    if (!parsedInput.success)
+      return res.status(400).json({
+        success: false,
+        source: 'input',
+        message: parsedInput.error.message,
+        errors: parsedInput.error.issues,
+      });
+    const { task } = parsedInput.data;
+
+    // load local configuration and filter resource types
+    const local = filterResourceType(
+      task.config,
+      task.opts.includeResourceType,
+      task.opts.excludeResourceType,
+    ) as ADCSDK.InternalConfiguration;
+
+    // optional lint
+    if (task.opts.lint) {
+      const result = check(local);
+      if (!result.success)
+        return res.status(400).json({
+          success: false,
+          source: 'lint',
+          message: result.error.message,
+          errors: result.error.issues,
+        });
+    }
+    fillLabels(local, task.opts.labelSelector);
+
+    // initialize backend
+    const backend = loadBackend(task.opts.backend, {
+      ...task.opts,
+      server: Array.isArray(task.opts.server)
+        ? task.opts.server.join(',')
+        : task.opts.server,
+      httpAgent,
+      httpsAgent: task.opts.tlsSkipVerify ? httpsInsecureAgent : httpsAgent,
+    });
+
+    backend.on('AXIOS_DEBUG', ({ description, response }) =>
+      logger.log({
+        level: 'debug',
+        message: description,
+        request: {
+          method: response.config.method,
+          url: response.config.url,
+          headers: response.config.headers,
+          data: response.config.data,
+        },
+        response: {
+          status: response.status,
+          headers: response.headers,
+          data: response.data,
+        },
+        requestId: req.requestId,
+      }),
+    );
+
+    // generate events by diffing against an empty remote config
+    const events = DifferV3.diff(
+      local,
+      {} as ADCSDK.InternalConfiguration,
+      await backend.defaultValue(),
+      undefined,
+      {
+        log: (message: string) =>
+          logger.log({ level: 'debug', message, requestId: req.requestId }),
+        debug: (logEntry) =>
+          logger.log({ level: 'debug', ...logEntry, requestId: req.requestId }),
+      },
+    );
+
+    // check if backend supports validate
+    if (!backend.validate)
+      return res.status(400).json({
+        success: false,
+        source: 'validate',
+        message: 'Validate is not supported by the current backend.',
+        errors: [],
+      });
+
+    // execute validation
+    const result = await lastValueFrom(backend.validate(events));
+
+    logger.log({
+      level: 'debug',
+      message: 'validate finished',
+      success: result.success,
+      errors: result.errors,
+      requestId: req.requestId,
+    });
+
+    res.status(200).json({
+      success: result.success,
+      source: 'validate',
+      ...(result.errorMessage ? { message: result.errorMessage } : {}),
+      errors: result.errors,
+    });
+  } catch (err) {
+    logger.log({
+      level: 'debug',
+      message: 'validate failed',
+      error: err,
+      requestId: req.requestId,
+    });
+    res.status(500).json({
+      success: false,
+      message: toString(err),
+      errors: [],
+    });
+  }
+};