wip - permutive proxy

Author: ChristianPavilonis

crates/common/src/error.rs

@@ -50,6 +50,14 @@ pub enum TrustedServerError {
     #[display("Prebid error: {message}")]
     Prebid { message: String },
 
+    /// Permutive SDK proxy error.
+    #[display("Permutive SDK error: {message}")]
+    PermutiveSdk { message: String },
+
+    /// Permutive API proxy error.
+    #[display("Permutive API error: {message}")]
+    PermutiveApi { message: String },
+
     /// Proxy error.
     #[display("Proxy error: {message}")]
     Proxy { message: String },
@@ -91,6 +99,8 @@ impl IntoHttpResponse for TrustedServerError {
             Self::InvalidUtf8 { .. } => StatusCode::BAD_REQUEST,
             Self::KvStore { .. } => StatusCode::SERVICE_UNAVAILABLE,
             Self::Prebid { .. } => StatusCode::BAD_GATEWAY,
+            Self::PermutiveSdk { .. } => StatusCode::BAD_GATEWAY,
+            Self::PermutiveApi { .. } => StatusCode::BAD_GATEWAY,
             Self::Proxy { .. } => StatusCode::BAD_GATEWAY,
             Self::SyntheticId { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             Self::Template { .. } => StatusCode::INTERNAL_SERVER_ERROR,

crates/common/src/html_processor.rs

@@ -17,6 +17,7 @@ pub struct HtmlProcessorConfig {
     pub request_host: String,
     pub request_scheme: String,
     pub enable_prebid: bool,
+    pub enable_permutive: bool,
 }
 
 impl HtmlProcessorConfig {
@@ -32,6 +33,7 @@ impl HtmlProcessorConfig {
             request_host: request_host.to_string(),
             request_scheme: request_scheme.to_string(),
             enable_prebid: settings.prebid.auto_configure,
+            enable_permutive: settings.permutive.auto_configure,
         }
     }
 }
@@ -85,6 +87,14 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
         )
     }
 
+    fn is_permutive_sdk_url(url: &str) -> bool {
+        let lower = url.to_ascii_lowercase();
+        // Match: https://*.edge.permutive.app/*-web.js
+        // Match: https://cdn.permutive.com/*-web.js
+        (lower.contains(".edge.permutive.app") || lower.contains("cdn.permutive.com"))
+            && lower.ends_with("-web.js")
+    }
+
     let rewriter_settings = RewriterSettings {
         element_content_handlers: vec![
             // Inject tsjs once at the start of <head>
@@ -103,12 +113,16 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
             element!("[href]", {
                 let patterns = patterns.clone();
                 let rewrite_prebid = config.enable_prebid;
+                let rewrite_permutive = config.enable_permutive;
                 move |el| {
                     if let Some(href) = el.get_attribute("href") {
                         // If Prebid auto-config is enabled and this looks like a Prebid script href, rewrite to our extension
                         if rewrite_prebid && is_prebid_script_url(&href) {
                             let ext_src = tsjs::ext_script_src();
                             el.set_attribute("href", &ext_src)?;
+                        } else if rewrite_permutive && is_permutive_sdk_url(&href) {
+                            let permutive_src = tsjs::permutive_script_src();
+                            el.set_attribute("href", &permutive_src)?;
                         } else {
                             let new_href = href
                                 .replace(&patterns.https_origin(), &patterns.replacement_url())
@@ -125,11 +139,15 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
             element!("[src]", {
                 let patterns = patterns.clone();
                 let rewrite_prebid = config.enable_prebid;
+                let rewrite_permutive = config.enable_permutive;
                 move |el| {
                     if let Some(src) = el.get_attribute("src") {
                         if rewrite_prebid && is_prebid_script_url(&src) {
                             let ext_src = tsjs::ext_script_src();
                             el.set_attribute("src", &ext_src)?;
+                        } else if rewrite_permutive && is_permutive_sdk_url(&src) {
+                            let permutive_src = tsjs::permutive_script_src();
+                            el.set_attribute("src", &permutive_src)?;
                         } else {
                             let new_src = src
                                 .replace(&patterns.https_origin(), &patterns.replacement_url())
@@ -238,6 +256,7 @@ mod tests {
             request_host: "test.example.com".to_string(),
             request_scheme: "https".to_string(),
             enable_prebid: false,
+            enable_permutive: false,
         }
     }
 
@@ -318,6 +337,81 @@ mod tests {
         assert!(processed.contains("/static/tsjs=tsjs-core.min.js"));
     }
 
+    #[test]
+    fn test_injects_tsjs_script_and_rewrites_permutive_refs() {
+        let html = r#"<html><head>
+            <script async src="https://myorg.edge.permutive.app/workspace-12345-web.js"></script>
+        </head><body></body></html>"#;
+
+        let mut config = create_test_config();
+        config.enable_permutive = true; // enable rewriting of Permutive URLs
+        let processor = create_html_processor(config);
+        let pipeline_config = PipelineConfig {
+            input_compression: Compression::None,
+            output_compression: Compression::None,
+            chunk_size: 8192,
+        };
+        let mut pipeline = StreamingPipeline::new(pipeline_config, processor);
+
+        let mut output = Vec::new();
+        let result = pipeline.process(Cursor::new(html.as_bytes()), &mut output);
+        assert!(result.is_ok());
+        let processed = String::from_utf8_lossy(&output);
+        assert!(processed.contains("/static/tsjs=tsjs-core.min.js"));
+        // Permutive references are rewritten to our permutive bundle when auto-configure is on
+        assert!(processed.contains("/static/tsjs=tsjs-permutive.min.js"));
+        assert!(!processed.contains("edge.permutive.app"));
+    }
+
+    #[test]
+    fn test_permutive_cdn_url_rewriting() {
+        let html = r#"<html><head>
+            <script async src="https://cdn.permutive.com/autoblog-abc123-web.js"></script>
+        </head><body></body></html>"#;
+
+        let mut config = create_test_config();
+        config.enable_permutive = true;
+        let processor = create_html_processor(config);
+        let pipeline_config = PipelineConfig {
+            input_compression: Compression::None,
+            output_compression: Compression::None,
+            chunk_size: 8192,
+        };
+        let mut pipeline = StreamingPipeline::new(pipeline_config, processor);
+
+        let mut output = Vec::new();
+        let result = pipeline.process(Cursor::new(html.as_bytes()), &mut output);
+        assert!(result.is_ok());
+        let processed = String::from_utf8_lossy(&output);
+        assert!(processed.contains("/static/tsjs=tsjs-permutive.min.js"));
+        assert!(!processed.contains("cdn.permutive.com"));
+    }
+
+    #[test]
+    fn test_permutive_disabled_does_not_rewrite() {
+        let html = r#"<html><head>
+            <script async src="https://myorg.edge.permutive.app/workspace-12345-web.js"></script>
+        </head><body></body></html>"#;
+
+        let mut config = create_test_config();
+        config.enable_permutive = false; // disabled
+        let processor = create_html_processor(config);
+        let pipeline_config = PipelineConfig {
+            input_compression: Compression::None,
+            output_compression: Compression::None,
+            chunk_size: 8192,
+        };
+        let mut pipeline = StreamingPipeline::new(pipeline_config, processor);
+
+        let mut output = Vec::new();
+        let result = pipeline.process(Cursor::new(html.as_bytes()), &mut output);
+        assert!(result.is_ok());
+        let processed = String::from_utf8_lossy(&output);
+        // When disabled, Permutive URL should remain unchanged
+        assert!(processed.contains("edge.permutive.app"));
+        assert!(!processed.contains("tsjs-permutive"));
+    }
+
     #[test]
     fn test_create_html_processor_url_replacement() {
         let config = create_test_config();

crates/common/src/lib.rs

@@ -35,6 +35,8 @@ pub mod html_processor;
 pub mod http_util;
 pub mod models;
 pub mod openrtb;
+pub mod permutive_proxy;
+pub mod permutive_sdk;
 pub mod prebid_proxy;
 pub mod proxy;
 pub mod publisher;

crates/common/src/permutive_proxy.rs

@@ -0,0 +1,196 @@
+//! Permutive API proxy for transparent first-party API proxying.
+//!
+//! This module handles proxying Permutive API calls from the first-party domain
+//! to Permutive's API servers, preserving query parameters, headers, and request bodies.
+
+use error_stack::{Report, ResultExt};
+use fastly::http::{header, Method};
+use fastly::{Request, Response};
+
+use crate::backend::ensure_backend_from_url;
+use crate::error::TrustedServerError;
+use crate::settings::Settings;
+
+const PERMUTIVE_API_BASE: &str = "https://api.permutive.com";
+
+/// Handles transparent proxying of Permutive API requests.
+///
+/// This function:
+/// 1. Extracts the path after `/permutive/api/`
+/// 2. Preserves query parameters
+/// 3. Copies request headers and body
+/// 4. Forwards to `api.permutive.com`
+/// 5. Returns response transparently
+///
+/// # Example Request Flow
+///
+/// ```text
+/// Browser: GET /permutive/api/v2/projects/abc?key=123
+///     ↓
+/// Trusted Server processes and forwards:
+///     ↓
+/// Permutive: GET https://api.permutive.com/v2/projects/abc?key=123
+/// ```
+///
+/// # Errors
+///
+/// Returns a [`TrustedServerError`] if:
+/// - Path extraction fails
+/// - Backend communication fails
+/// - Request forwarding fails
+pub async fn handle_permutive_api_proxy(
+    _settings: &Settings,
+    mut req: Request,
+) -> Result<Response, Report<TrustedServerError>> {
+    let original_path = req.get_path();
+    let method = req.get_method();
+
+    log::info!(
+        "Proxying Permutive API request: {} {}",
+        method,
+        original_path
+    );
+
+    // Extract the path after /permutive/api
+    let api_path = original_path
+        .strip_prefix("/permutive/api")
+        .ok_or_else(|| TrustedServerError::PermutiveApi {
+            message: format!("Invalid Permutive API path: {}", original_path),
+        })?;
+
+    // Build the full Permutive API URL with query parameters
+    let permutive_url = build_permutive_url(api_path, &req)?;
+
+    log::info!("Forwarding to Permutive API: {}", permutive_url);
+
+    // Create new request to Permutive
+    let mut permutive_req = Request::new(method.clone(), &permutive_url);
+
+    // Copy relevant headers
+    copy_request_headers(&req, &mut permutive_req);
+
+    // Copy body for POST requests
+    if has_body(method) {
+        let body = req.take_body();
+        permutive_req.set_body(body);
+    }
+
+    // Get backend and forward request
+    let backend_name = ensure_backend_from_url(PERMUTIVE_API_BASE)?;
+
+    let permutive_response = permutive_req
+        .send(backend_name)
+        .change_context(TrustedServerError::PermutiveApi {
+            message: format!("Failed to forward request to {}", permutive_url),
+        })?;
+
+    log::info!(
+        "Permutive API responded with status: {}",
+        permutive_response.get_status()
+    );
+
+    // Return response transparently
+    Ok(permutive_response)
+}
+
+/// Builds the full Permutive API URL including query parameters.
+fn build_permutive_url(
+    api_path: &str,
+    req: &Request,
+) -> Result<String, Report<TrustedServerError>> {
+    // Get query string if present
+    let query = req
+        .get_url()
+        .query()
+        .map(|q| format!("?{}", q))
+        .unwrap_or_default();
+
+    // Build full URL
+    let url = format!("{}{}{}", PERMUTIVE_API_BASE, api_path, query);
+
+    Ok(url)
+}
+
+/// Copies relevant headers from the original request to the Permutive request.
+fn copy_request_headers(from: &Request, to: &mut Request) {
+    // Headers that should be forwarded to Permutive
+    let headers_to_copy = [
+        header::CONTENT_TYPE,
+        header::ACCEPT,
+        header::USER_AGENT,
+        header::AUTHORIZATION,
+        header::ACCEPT_LANGUAGE,
+        header::ACCEPT_ENCODING,
+    ];
+
+    for header_name in &headers_to_copy {
+        if let Some(value) = from.get_header(header_name) {
+            to.set_header(header_name, value);
+        }
+    }
+
+    // Copy any X-* custom headers
+    for header_name in from.get_header_names() {
+        let name_str = header_name.as_str();
+        if name_str.starts_with("x-") || name_str.starts_with("X-") {
+            if let Some(value) = from.get_header(header_name) {
+                to.set_header(header_name, value);
+            }
+        }
+    }
+}
+
+/// Checks if the HTTP method typically includes a request body.
+fn has_body(method: &Method) -> bool {
+    matches!(method, &Method::POST | &Method::PUT | &Method::PATCH)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_path_extraction() {
+        let test_cases = vec![
+            ("/permutive/api/v2/projects", "/v2/projects"),
+            ("/permutive/api/v1/track", "/v1/track"),
+            ("/permutive/api/", "/"),
+            ("/permutive/api", ""),
+        ];
+
+        for (input, expected) in test_cases {
+            let result = input.strip_prefix("/permutive/api").unwrap_or("");
+            assert_eq!(result, expected, "Failed for input: {}", input);
+        }
+    }
+
+    #[test]
+    fn test_url_building_without_query() {
+        let api_path = "/v2/projects/abc";
+        let expected = "https://api.permutive.com/v2/projects/abc";
+
+        let url = format!("{}{}", PERMUTIVE_API_BASE, api_path);
+        assert_eq!(url, expected);
+    }
+
+    #[test]
+    fn test_url_building_with_query() {
+        let api_path = "/v2/projects/abc";
+        let query = "?key=123&foo=bar";
+        let expected = "https://api.permutive.com/v2/projects/abc?key=123&foo=bar";
+
+        let url = format!("{}{}{}", PERMUTIVE_API_BASE, api_path, query);
+        assert_eq!(url, expected);
+    }
+
+    #[test]
+    fn test_has_body() {
+        assert!(has_body(&Method::POST));
+        assert!(has_body(&Method::PUT));
+        assert!(has_body(&Method::PATCH));
+        assert!(!has_body(&Method::GET));
+        assert!(!has_body(&Method::DELETE));
+        assert!(!has_body(&Method::HEAD));
+        assert!(!has_body(&Method::OPTIONS));
+    }
+}