Add support for Forwarded header "by" parameter

The "by" parameter identifies the proxy receiving the request, as specified in RFC 7239. This is useful for debugging and tracing in proxy/gateway environments.

Signed-off-by: raccoonback <[email protected]>

Author: raccoonback

spring-cloud-gateway-server-webmvc/src/main/java/org/springframework/cloud/gateway/server/mvc/GatewayServerMvcAutoConfiguration.java

@@ -132,7 +132,7 @@ public FormFilter formFilter() {
 	@Conditional(TrustedProxies.ForwardedTrustedProxiesCondition.class)
 	public ForwardedRequestHeadersFilter forwardedRequestHeadersFilter(GatewayMvcProperties properties) {
 		Objects.requireNonNull(properties.getTrustedProxies(), "trustedProxies must not be null");
-		return new ForwardedRequestHeadersFilter(properties.getTrustedProxies());
+		return new ForwardedRequestHeadersFilter(properties.getTrustedProxies(), properties.isForwardedByEnabled());
 	}
 
 	@Bean

spring-cloud-gateway-server-webmvc/src/main/java/org/springframework/cloud/gateway/server/mvc/config/GatewayMvcProperties.java

@@ -69,6 +69,11 @@ public class GatewayMvcProperties {
 	 */
 	private @Nullable String trustedProxies;
 
+	/**
+	 * Whether to add the "by" parameter to the Forwarded header.
+	 */
+	private boolean forwardedByEnabled = false;
+
 	/**
 	 * In the case where Spring Retry is on the classpath but you still want to use Spring
 	 * Framework retry as your retry filter, set this property to true.
@@ -123,13 +128,22 @@ public void setTrustedProxies(String trustedProxies) {
 		this.trustedProxies = trustedProxies;
 	}
 
+	public boolean isForwardedByEnabled() {
+		return forwardedByEnabled;
+	}
+
+	public void setForwardedByEnabled(boolean forwardedByEnabled) {
+		this.forwardedByEnabled = forwardedByEnabled;
+	}
+
 	@Override
 	public String toString() {
 		return new ToStringCreator(this).append("routes", routes)
 			.append("routesMap", routesMap)
 			.append("streamingMediaTypes", streamingMediaTypes)
 			.append("streamingBufferSize", streamingBufferSize)
 			.append("trustedProxies", trustedProxies)
+			.append("forwardedByEnabled", forwardedByEnabled)
 			.toString();
 	}
 

spring-cloud-gateway-server-webmvc/src/main/java/org/springframework/cloud/gateway/server/mvc/filter/ForwardedRequestHeadersFilter.java

@@ -19,6 +19,7 @@
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.URI;
+import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -47,6 +48,8 @@ public class ForwardedRequestHeadersFilter implements HttpHeadersFilter.RequestH
 	 */
 	public static final String FORWARDED_HEADER = "Forwarded";
 
+	private boolean forwardedByEnabled = false;
+
 	private final TrustedProxies trustedProxies;
 
 	@Deprecated
@@ -60,6 +63,11 @@ public ForwardedRequestHeadersFilter(String trustedProxiesRegex) {
 		trustedProxies = TrustedProxies.from(trustedProxiesRegex);
 	}
 
+	public ForwardedRequestHeadersFilter(String trustedProxiesRegex, boolean forwardedByEnabled) {
+		this.trustedProxies = TrustedProxies.from(trustedProxiesRegex);
+		this.forwardedByEnabled = forwardedByEnabled;
+	}
+
 	/* for testing */
 	static List<Forwarded> parse(List<String> values) {
 		ArrayList<Forwarded> forwardeds = new ArrayList<>();
@@ -172,14 +180,40 @@ public HttpHeaders apply(HttpHeaders input, ServerRequest request) {
 				}
 				forwarded.put("for", forValue);
 			});
-			// TODO: support by?
+
+			if (forwardedByEnabled) {
+				addForwardedByHeader(forwarded, request);
+			}
 
 			updated.add(FORWARDED_HEADER, forwarded.toHeaderValue());
 		}
 
 		return updated;
 	}
 
+	private void addForwardedByHeader(Forwarded forwarded, ServerRequest request) {
+		try {
+			int serverPort = request.servletRequest().getServerPort();
+			addForwardedBy(forwarded, InetAddress.getLocalHost(), serverPort);
+		}
+		catch (UnknownHostException e) {
+			log.warn("Can not resolve host address, skipping Forwarded 'by' header", e);
+		}
+	}
+
+	private void addForwardedBy(Forwarded forwarded, InetAddress localAddress, int serverPort) {
+		if (localAddress != null) {
+			String byValue = localAddress.getHostAddress();
+			if (localAddress instanceof Inet6Address) {
+				byValue = "[" + byValue + "]";
+			}
+			if (serverPort > 0) {
+				byValue = byValue + ":" + serverPort;
+			}
+			forwarded.put("by", byValue);
+		}
+	}
+
 	@SuppressWarnings("NullAway")
 	/* for testing */ static class Forwarded {
 

spring-cloud-gateway-server-webmvc/src/test/java/org/springframework/cloud/gateway/server/mvc/filter/ForwardedRequestHeadersFilterTests.java

@@ -16,6 +16,7 @@
 
 package org.springframework.cloud.gateway.server.mvc.filter;
 
+import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -25,7 +26,6 @@
 import java.util.Map;
 import java.util.Optional;
 
-import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.boot.autoconfigure.AutoConfigurations;
@@ -50,7 +50,6 @@
 /**
  * @author Spencer Gibb
  */
-@Disabled("FIXME: ")
 public class ForwardedRequestHeadersFilterTests {
 
 	static Map<String, String> map(String... values) {
@@ -77,6 +76,33 @@ public void trustedProxiesConditionMatches() {
 			});
 	}
 
+	@Test
+	public void forwardedByEnabledFromProperties() {
+		new WebApplicationContextRunner()
+			.withConfiguration(AutoConfigurations.of(WebMvcAutoConfiguration.class, RestClientAutoConfiguration.class,
+					SslAutoConfiguration.class, TomcatServletWebServerAutoConfiguration.class,
+					GatewayServerMvcAutoConfiguration.class, FilterAutoConfiguration.class,
+					PredicateAutoConfiguration.class))
+			.withPropertyValues(GatewayMvcProperties.PREFIX + ".trusted-proxies=.*",
+					GatewayMvcProperties.PREFIX + ".forwarded-by-enabled=true")
+			.run(context -> {
+				assertThat(context).hasSingleBean(ForwardedRequestHeadersFilter.class);
+				ForwardedRequestHeadersFilter filter = context.getBean(ForwardedRequestHeadersFilter.class);
+
+				MockHttpServletRequest servletRequest = MockMvcRequestBuilders.get("http://localhost/get")
+					.remoteAddress("10.0.0.1:80")
+					.header(HttpHeaders.HOST, "myhost")
+					.buildRequest(null);
+				servletRequest.setRemoteHost("10.0.0.1");
+				ServerRequest request = ServerRequest.create(servletRequest, Collections.emptyList());
+
+				HttpHeaders headers = filter.apply(request.headers().asHttpHeaders(), request);
+				List<Forwarded> forwardeds = ForwardedRequestHeadersFilter.parse(headers.get(FORWARDED_HEADER));
+				assertThat(forwardeds).hasSize(1);
+				assertThat(forwardeds.get(0).get("by")).isNotNull();
+			});
+	}
+
 	@Test
 	public void trustedProxiesConditionDoesNotMatch() {
 		new WebApplicationContextRunner()
@@ -154,7 +180,7 @@ public void forwardedHeaderExists() {
 	}
 
 	@Test
-	public void noHostHeader() throws UnknownHostException {
+	public void noHostHeader() {
 		MockHttpServletRequest servletRequest = MockMvcRequestBuilders.get("http://localhost/get")
 			.remoteAddress("10.0.0.1:80")
 			.buildRequest(null);
@@ -317,4 +343,74 @@ public void remoteAddressIsNullUnTrustedProxyNotAppended() throws Exception {
 		assertThat(filtered).isEmpty();
 	}
 
+	@Test
+	public void forwardedByIsAddedWhenEnabled() throws Exception {
+		MockHttpServletRequest servletRequest = MockMvcRequestBuilders.get("http://localhost/get")
+			.remoteAddress("10.0.0.1:80")
+			.header(HttpHeaders.HOST, "myhost")
+			.buildRequest(null);
+		servletRequest.setRemoteHost("10.0.0.1");
+		servletRequest.setServerPort(80);
+		ServerRequest request = ServerRequest.create(servletRequest, Collections.emptyList());
+
+		ForwardedRequestHeadersFilter filter = new ForwardedRequestHeadersFilter(".*", true);
+
+		HttpHeaders headers = filter.apply(request.headers().asHttpHeaders(), request);
+
+		List<Forwarded> forwardeds = ForwardedRequestHeadersFilter.parse(headers.get(FORWARDED_HEADER));
+		assertThat(forwardeds).hasSize(1);
+		Forwarded forwarded = forwardeds.get(0);
+
+		InetAddress localHost = InetAddress.getLocalHost();
+		String expectedByValue = localHost.getHostAddress();
+		if (localHost instanceof java.net.Inet6Address) {
+			expectedByValue = "\"[" + expectedByValue + "]:80\"";
+		}
+		else {
+			expectedByValue = "\"" + expectedByValue + ":80\"";
+		}
+		assertThat(forwarded.get("by")).isEqualTo(expectedByValue);
+	}
+
+	@Test
+	public void forwardedByWithPortIsAdded() {
+		MockHttpServletRequest servletRequest = MockMvcRequestBuilders.get("http://localhost:8080/get")
+			.remoteAddress("10.0.0.1:80")
+			.header(HttpHeaders.HOST, "myhost")
+			.buildRequest(null);
+		servletRequest.setRemoteHost("10.0.0.1");
+		servletRequest.setServerPort(8080);
+		ServerRequest request = ServerRequest.create(servletRequest, Collections.emptyList());
+
+		ForwardedRequestHeadersFilter filter = new ForwardedRequestHeadersFilter(".*", true);
+
+		HttpHeaders headers = filter.apply(request.headers().asHttpHeaders(), request);
+
+		List<Forwarded> forwardeds = ForwardedRequestHeadersFilter.parse(headers.get(FORWARDED_HEADER));
+		assertThat(forwardeds).hasSize(1);
+		Forwarded forwarded = forwardeds.get(0);
+
+		assertThat(forwarded.get("by")).isNotNull().contains(":8080");
+	}
+
+	@Test
+	public void forwardedByNotAddedWhenDisabled() {
+		MockHttpServletRequest servletRequest = MockMvcRequestBuilders.get("http://localhost/get")
+			.remoteAddress("10.0.0.1:80")
+			.header(HttpHeaders.HOST, "myhost")
+			.buildRequest(null);
+		servletRequest.setRemoteHost("10.0.0.1");
+		ServerRequest request = ServerRequest.create(servletRequest, Collections.emptyList());
+
+		ForwardedRequestHeadersFilter filter = new ForwardedRequestHeadersFilter(".*");
+
+		HttpHeaders headers = filter.apply(request.headers().asHttpHeaders(), request);
+
+		List<Forwarded> forwardeds = ForwardedRequestHeadersFilter.parse(headers.get(FORWARDED_HEADER));
+		assertThat(forwardeds).hasSize(1);
+		Forwarded forwarded = forwardeds.get(0);
+
+		assertThat(forwarded.get("by")).isNull();
+	}
+
 }