wip permutive

Author: ChristianPavilonis

crates/common/src/generic_proxy.rs

@@ -0,0 +1,292 @@
+//! Generic proxy handler for configuration-driven transparent proxying.
+//!
+//! This module provides a flexible proxy system that routes requests based on
+//! configuration rather than hardcoded routes, making it easy to add new
+//! integration partners without code changes.
+
+use error_stack::{Report, ResultExt};
+use fastly::http::{header, Method};
+use fastly::{Request, Response};
+
+use crate::backend::ensure_backend_from_url;
+use crate::error::TrustedServerError;
+use crate::settings::{ProxyMapping, Settings};
+
+/// Handles generic transparent proxying based on configuration mappings.
+///
+/// This function:
+/// 1. Finds a matching proxy mapping from settings
+/// 2. Validates the HTTP method is allowed
+/// 3. Extracts the path after the prefix
+/// 4. Builds the target URL with query parameters
+/// 5. Copies headers and body
+/// 6. Forwards the request to the target
+/// 7. Returns the response transparently
+///
+/// # Example Flow
+///
+/// ```text
+/// Config:
+///   prefix: "/permutive/api"
+///   target: "https://api.permutive.com"
+///
+/// Request: GET /permutive/api/v2/projects?key=123
+///     ↓
+/// Extract path: /v2/projects
+///     ↓
+/// Build URL: https://api.permutive.com/v2/projects?key=123
+///     ↓
+/// Forward and return response
+/// ```
+///
+/// # Errors
+///
+/// Returns a [`TrustedServerError`] if:
+/// - No matching proxy mapping found
+/// - HTTP method not allowed for this mapping
+/// - Target URL construction fails
+/// - Backend communication fails
+pub async fn handle_generic_proxy(
+    settings: &Settings,
+    mut req: Request,
+) -> Result<Response, Report<TrustedServerError>> {
+    let path = req.get_path();
+    let method = req.get_method();
+
+    log::info!("Generic proxy request: {} {}", method, path);
+
+    // Find matching proxy mapping
+    let mapping = find_proxy_mapping(settings, path, method)?;
+
+    log::info!(
+        "Matched proxy mapping: {} → {} ({})",
+        mapping.prefix,
+        mapping.target,
+        mapping.description
+    );
+
+    // Extract target path
+    let target_path = mapping
+        .extract_target_path(path)
+        .ok_or_else(|| TrustedServerError::Proxy {
+            message: format!(
+                "Failed to extract target path from {} with prefix {}",
+                path, mapping.prefix
+            ),
+        })?;
+
+    // Build full target URL with query parameters
+    let target_url = build_target_url(&mapping.target, target_path, &req)?;
+
+    log::info!("Forwarding to: {}", target_url);
+
+    // Create new request to target
+    let mut target_req = Request::new(method.clone(), &target_url);
+
+    // Copy headers
+    copy_request_headers(&req, &mut target_req);
+
+    // Copy body for methods that support it
+    if has_body(method) {
+        let body = req.take_body();
+        target_req.set_body(body);
+    }
+
+    // Get backend and forward request
+    let backend_name = ensure_backend_from_url(&mapping.target)?;
+
+    let target_response = target_req
+        .send(backend_name)
+        .change_context(TrustedServerError::Proxy {
+            message: format!("Failed to forward request to {}", target_url),
+        })?;
+
+    log::info!(
+        "Target responded with status: {}",
+        target_response.get_status()
+    );
+
+    // Return response transparently
+    Ok(target_response)
+}
+
+/// Finds a proxy mapping that matches the given path and method.
+fn find_proxy_mapping<'a>(
+    settings: &'a Settings,
+    path: &str,
+    method: &Method,
+) -> Result<&'a ProxyMapping, Report<TrustedServerError>> {
+    settings
+        .proxy_mappings
+        .iter()
+        .find(|mapping| {
+            mapping.matches_path(path) && mapping.supports_method(method.as_str())
+        })
+        .ok_or_else(|| {
+            TrustedServerError::Proxy {
+                message: format!(
+                    "No proxy mapping found for {} {}. Available prefixes: [{}]",
+                    method,
+                    path,
+                    settings
+                        .proxy_mappings
+                        .iter()
+                        .map(|m| m.prefix.as_str())
+                        .collect::<Vec<_>>()
+                        .join(", ")
+                ),
+            }
+            .into()
+        })
+}
+
+/// Builds the full target URL including path and query parameters.
+fn build_target_url(
+    base_url: &str,
+    target_path: &str,
+    req: &Request,
+) -> Result<String, Report<TrustedServerError>> {
+    // Get query string if present
+    let query = req
+        .get_url()
+        .query()
+        .map(|q| format!("?{}", q))
+        .unwrap_or_default();
+
+    // Build full URL
+    let url = format!("{}{}{}", base_url, target_path, query);
+
+    Ok(url)
+}
+
+/// Copies relevant headers from the original request to the target request.
+fn copy_request_headers(from: &Request, to: &mut Request) {
+    // Standard headers to forward
+    let headers_to_copy = [
+        header::CONTENT_TYPE,
+        header::ACCEPT,
+        header::USER_AGENT,
+        header::AUTHORIZATION,
+        header::ACCEPT_LANGUAGE,
+        header::ACCEPT_ENCODING,
+    ];
+
+    for header_name in &headers_to_copy {
+        if let Some(value) = from.get_header(header_name) {
+            to.set_header(header_name, value);
+        }
+    }
+
+    // Copy any X-* custom headers
+    for header_name in from.get_header_names() {
+        let name_str = header_name.as_str();
+        if name_str.starts_with("x-") || name_str.starts_with("X-") {
+            if let Some(value) = from.get_header(header_name) {
+                to.set_header(header_name, value);
+            }
+        }
+    }
+}
+
+/// Checks if the HTTP method typically includes a request body.
+fn has_body(method: &Method) -> bool {
+    matches!(method, &Method::POST | &Method::PUT | &Method::PATCH)
+}
+
+/// Helper function to check if any proxy mapping matches the given path.
+pub fn has_proxy_mapping(settings: &Settings, path: &str) -> bool {
+    settings
+        .proxy_mappings
+        .iter()
+        .any(|mapping| mapping.matches_path(path))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::settings::ProxyMapping;
+
+    #[test]
+    fn test_proxy_mapping_matches_path() {
+        let mapping = ProxyMapping {
+            prefix: "/permutive/api".to_string(),
+            target: "https://api.permutive.com".to_string(),
+            methods: vec!["GET".to_string(), "POST".to_string()],
+            description: "Test".to_string(),
+        };
+
+        assert!(mapping.matches_path("/permutive/api/v2/projects"));
+        assert!(mapping.matches_path("/permutive/api"));
+        assert!(!mapping.matches_path("/permutive/other"));
+        assert!(!mapping.matches_path("/other/api"));
+    }
+
+    #[test]
+    fn test_proxy_mapping_supports_method() {
+        let mapping = ProxyMapping {
+            prefix: "/test".to_string(),
+            target: "https://example.com".to_string(),
+            methods: vec!["GET".to_string(), "POST".to_string()],
+            description: "Test".to_string(),
+        };
+
+        assert!(mapping.supports_method("GET"));
+        assert!(mapping.supports_method("POST"));
+        assert!(mapping.supports_method("get")); // case insensitive
+        assert!(mapping.supports_method("post"));
+        assert!(!mapping.supports_method("DELETE"));
+        assert!(!mapping.supports_method("PUT"));
+    }
+
+    #[test]
+    fn test_proxy_mapping_extract_target_path() {
+        let mapping = ProxyMapping {
+            prefix: "/permutive/api".to_string(),
+            target: "https://api.permutive.com".to_string(),
+            methods: vec!["GET".to_string()],
+            description: "Test".to_string(),
+        };
+
+        assert_eq!(
+            mapping.extract_target_path("/permutive/api/v2/projects"),
+            Some("/v2/projects")
+        );
+        assert_eq!(mapping.extract_target_path("/permutive/api"), Some(""));
+        assert_eq!(
+            mapping.extract_target_path("/permutive/api/"),
+            Some("/")
+        );
+        assert_eq!(mapping.extract_target_path("/other/path"), None);
+    }
+
+    #[test]
+    fn test_build_target_url_without_query() {
+        let base_url = "https://api.permutive.com";
+        let target_path = "/v2/projects";
+        let expected = "https://api.permutive.com/v2/projects";
+
+        let url = format!("{}{}", base_url, target_path);
+        assert_eq!(url, expected);
+    }
+
+    #[test]
+    fn test_build_target_url_with_query() {
+        let base_url = "https://api.permutive.com";
+        let target_path = "/v2/projects";
+        let query = "?key=123&foo=bar";
+        let expected = "https://api.permutive.com/v2/projects?key=123&foo=bar";
+
+        let url = format!("{}{}{}", base_url, target_path, query);
+        assert_eq!(url, expected);
+    }
+
+    #[test]
+    fn test_has_body() {
+        assert!(has_body(&Method::POST));
+        assert!(has_body(&Method::PUT));
+        assert!(has_body(&Method::PATCH));
+        assert!(!has_body(&Method::GET));
+        assert!(!has_body(&Method::DELETE));
+        assert!(!has_body(&Method::HEAD));
+    }
+}

crates/common/src/lib.rs

@@ -30,6 +30,7 @@ pub mod constants;
 pub mod cookies;
 pub mod creative;
 pub mod error;
+pub mod generic_proxy;
 pub mod geo;
 pub mod html_processor;
 pub mod http_util;

crates/common/src/settings.rs

@@ -142,6 +142,46 @@ impl Synthetic {
     }
 }
 
+#[derive(Debug, Clone, Deserialize, Serialize, Validate)]
+pub struct ProxyMapping {
+    /// URL prefix to match (e.g., "/permutive/api")
+    #[validate(length(min = 1))]
+    pub prefix: String,
+    /// Target base URL (e.g., "https://api.permutive.com")
+    #[validate(length(min = 1))]
+    pub target: String,
+    /// HTTP methods to allow (e.g., ["GET", "POST"])
+    #[serde(default = "default_proxy_methods")]
+    pub methods: Vec<String>,
+    /// Optional description for documentation
+    #[serde(default)]
+    pub description: String,
+}
+
+fn default_proxy_methods() -> Vec<String> {
+    vec!["GET".to_string(), "POST".to_string()]
+}
+
+impl ProxyMapping {
+    /// Check if this mapping matches the given path
+    #[allow(dead_code)]
+    pub fn matches_path(&self, path: &str) -> bool {
+        path.starts_with(&self.prefix)
+    }
+
+    /// Check if this mapping supports the given HTTP method
+    #[allow(dead_code)]
+    pub fn supports_method(&self, method: &str) -> bool {
+        self.methods.iter().any(|m| m.eq_ignore_ascii_case(method))
+    }
+
+    /// Extract the target path by stripping the prefix
+    #[allow(dead_code)]
+    pub fn extract_target_path<'a>(&self, path: &'a str) -> Option<&'a str> {
+        path.strip_prefix(&self.prefix)
+    }
+}
+
 #[derive(Debug, Default, Deserialize, Serialize, Validate)]
 pub struct Handler {
     #[validate(length(min = 1), custom(function = validate_path))]
@@ -182,6 +222,9 @@ pub struct Settings {
     pub handlers: Vec<Handler>,
     #[serde(default)]
     pub response_headers: HashMap<String, String>,
+    #[serde(default, deserialize_with = "vec_from_seq_or_map")]
+    #[validate(nested)]
+    pub proxy_mappings: Vec<ProxyMapping>,
 }
 
 #[allow(unused)]

crates/common/src/test_support.rs

@@ -33,6 +33,12 @@ pub mod tests {
             opid_store = "test-opid-store"
             secret_key = "test-secret-key"
             template = "{{client_ip}}:{{user_agent}}:{{first_party_id}}:{{auth_user_id}}:{{publisher_domain}}:{{accept_language}}"
+
+            [[proxy_mappings]]
+            prefix = "/test-proxy/api"
+            target = "https://api.example.com"
+            methods = ["GET", "POST"]
+            description = "Test API Proxy"
             "#.to_string()
     }
 

crates/fastly/src/main.rs

@@ -4,9 +4,7 @@ use log_fastly::Logger;
 
 use trusted_server_common::ad::{handle_server_ad, handle_server_ad_get};
 use trusted_server_common::auth::enforce_basic_auth;
-use trusted_server_common::permutive_proxy::{
-    handle_permutive_api_proxy, handle_permutive_secure_signals_proxy,
-};
+use trusted_server_common::generic_proxy::{handle_generic_proxy, has_proxy_mapping};
 use trusted_server_common::permutive_sdk::handle_permutive_sdk;
 use trusted_server_common::proxy::{
     handle_first_party_click, handle_first_party_proxy, handle_first_party_proxy_rebuild,
@@ -51,14 +49,9 @@ async fn route_request(settings: Settings, req: Request) -> Result<Response, Err
 
     // Match known routes and handle them
     let result = match (method, path) {
-        // Permutive API proxy - /permutive/api/* → api.permutive.com/*
-        (&Method::GET | &Method::POST, path) if path.starts_with("/permutive/api/") => {
-            handle_permutive_api_proxy(&settings, req).await
-        }
-
-        // Permutive Secure Signals proxy - /permutive/secure-signal/* → secure-signals.permutive.app/*
-        (&Method::GET | &Method::POST, path) if path.starts_with("/permutive/secure-signal/") => {
-            handle_permutive_secure_signals_proxy(&settings, req).await
+        // Generic proxy handler for config-driven proxying
+        (_, path) if has_proxy_mapping(&settings, path) => {
+            handle_generic_proxy(&settings, req).await
         }
 
         // Serve the Permutive SDK (proxied from Permutive CDN)