Grcov report - config

1

#include "source/common/router/config_impl.h"

2

3

#include <algorithm>

4

#include <chrono>

5

#include <cstdint>

6

#include <map>

7

#include <memory>

8

#include <string>

9

#include <vector>

10

11

#include "envoy/config/common/matcher/v3/matcher.pb.h"

12

#include "envoy/config/common/matcher/v3/matcher.pb.validate.h"

13

#include "envoy/config/core/v3/base.pb.h"

14

#include "envoy/config/route/v3/route.pb.h"

15

#include "envoy/config/route/v3/route_components.pb.h"

16

#include "envoy/http/header_map.h"

17

#include "envoy/runtime/runtime.h"

18

#include "envoy/type/matcher/v3/http_inputs.pb.h"

19

#include "envoy/type/matcher/v3/http_inputs.pb.validate.h"

20

#include "envoy/type/matcher/v3/string.pb.h"

21

#include "envoy/type/v3/percent.pb.h"

22

#include "envoy/upstream/cluster_manager.h"

23

#include "envoy/upstream/upstream.h"

24

25

#include "source/common/common/assert.h"

26

#include "source/common/common/empty_string.h"

27

#include "source/common/common/fmt.h"

28

#include "source/common/common/hash.h"

29

#include "source/common/common/logger.h"

30

#include "source/common/common/regex.h"

31

#include "source/common/common/utility.h"

32

#include "source/common/config/metadata.h"

33

#include "source/common/config/utility.h"

34

#include "source/common/config/well_known_names.h"

35

#include "source/common/formatter/substitution_format_string.h"

36

#include "source/common/grpc/common.h"

37

#include "source/common/http/header_utility.h"

38

#include "source/common/http/headers.h"

39

#include "source/common/http/matching/data_impl.h"

40

#include "source/common/http/path_utility.h"

41

#include "source/common/http/utility.h"

42

#include "source/common/matcher/matcher.h"

43

#include "source/common/protobuf/protobuf.h"

44

#include "source/common/protobuf/utility.h"

45

#include "source/common/router/context_impl.h"

46

#include "source/common/router/header_cluster_specifier.h"

47

#include "source/common/router/matcher_visitor.h"

48

#include "source/common/router/weighted_cluster_specifier.h"

49

#include "source/common/runtime/runtime_features.h"

50

#include "source/common/tracing/custom_tag_impl.h"

51

#include "source/common/tracing/http_tracer_impl.h"

52

#include "source/extensions/early_data/default_early_data_policy.h"

53

#include "source/extensions/matching/network/common/inputs.h"

54

#include "source/extensions/path/match/uri_template/uri_template_match.h"

55

#include "source/extensions/path/rewrite/uri_template/uri_template_rewrite.h"

56

57

#include "absl/container/flat_hash_set.h"

58

#include "absl/container/inlined_vector.h"

59

#include "absl/strings/match.h"

60

#include "absl/types/optional.h"

61

62

namespace Envoy {

63

namespace Router {

64

class RouteCreator {

65

public:

66

  static absl::StatusOr<RouteEntryImplBaseConstSharedPtr>

67

  createAndValidateRoute(const envoy::config::route::v3::Route& route_config,

68

                         const CommonVirtualHostSharedPtr& vhost,

69

                         Server::Configuration::ServerFactoryContext& factory_context,

70

12800

                         ProtobufMessage::ValidationVisitor& validator, bool validate_clusters) {

71

72

12800

    absl::Status creation_status = absl::OkStatus();

73

12800

    RouteEntryImplBaseConstSharedPtr route;

74

12800

    switch (route_config.match().path_specifier_case()) {

75

12303

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kPrefix:

76

12303

      route.reset(new PrefixRouteEntryImpl(vhost, route_config, factory_context, validator,

77

12303

                                           creation_status));

78

12303

      break;

79

178

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kPath:

80

178

      route.reset(

81

178

          new PathRouteEntryImpl(vhost, route_config, factory_context, validator, creation_status));

82

178

      break;

83

32

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kSafeRegex:

84

32

      route.reset(new RegexRouteEntryImpl(vhost, route_config, factory_context, validator,

85

32

                                          creation_status));

86

32

      break;

87

251

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kConnectMatcher:

88

251

      route.reset(new ConnectRouteEntryImpl(vhost, route_config, factory_context, validator,

89

251

                                            creation_status));

90

251

      break;

91

7

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kPathSeparatedPrefix:

92

7

      route.reset(new PathSeparatedPrefixRouteEntryImpl(vhost, route_config, factory_context,

93

7

                                                        validator, creation_status));

94

7

      break;

95

29

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::kPathMatchPolicy:

96

29

      route.reset(new UriTemplateMatcherRouteEntryImpl(vhost, route_config, factory_context,

97

29

                                                       validator, creation_status));

98

29

      break;

99

    case envoy::config::route::v3::RouteMatch::PathSpecifierCase::PATH_SPECIFIER_NOT_SET:

100

      break; // return the error below.

101

12800

102

12789

    if (!route) {

103

      return absl::InvalidArgumentError("Invalid route config");

104

105

12789

    RETURN_IF_NOT_OK(creation_status);

106

107

12768

    if (validate_clusters) {

108

11477

      const Upstream::ClusterManager& cluster_manager = factory_context.clusterManager();

109

11477

      RETURN_IF_NOT_OK(route->validateClusters(cluster_manager));

110

11478

      for (const auto& shadow_policy : route->shadowPolicies()) {

111

80

        if (!shadow_policy->cluster().empty()) {

112

76

          ASSERT(shadow_policy->clusterHeader().get().empty());

113

          // if (!validation_clusters->hasCluster(shadow_policy->cluster())) {

114

76

          if (!cluster_manager.hasCluster(shadow_policy->cluster())) {

115

1

            return absl::InvalidArgumentError(

116

1

                fmt::format("route: unknown shadow cluster '{}'", shadow_policy->cluster()));

117

1

118

76

119

80

120

11473

121

122

12763

    return route;

123

12768

124

};

125

126

namespace {

127

128

constexpr uint32_t DEFAULT_MAX_DIRECT_RESPONSE_BODY_SIZE_BYTES = 4096;

129

130

// Returns an array of header parsers, sorted by specificity. The `specificity_ascend` parameter

131

// specifies whether the returned parsers will be sorted from least specific to most specific

132

// (global connection manager level header parser, virtual host level header parser and finally

133

// route-level parser.) or the reverse.

134

std::array<const HeaderParser*, 3>

135

getHeaderParsers(const HeaderParser* global_route_config_header_parser,

136

                 const HeaderParser* vhost_header_parser, const HeaderParser* route_header_parser,

137

85997

                 bool specificity_ascend) {

138

85997

  if (specificity_ascend) {

139

    // Sorted from least to most specific: global connection manager level headers, virtual host

140

    // level headers and finally route-level headers.

141

8

    return {global_route_config_header_parser, vhost_header_parser, route_header_parser};

142

85989

  } else {

143

    // Sorted from most to least specific.

144

85989

    return {route_header_parser, vhost_header_parser, global_route_config_header_parser};

145

85989

146

85997

147

148

// If the implementation of a cluster specifier plugin is not provided in current Envoy and the

149

// plugin is set to optional, then this null plugin will be used as a placeholder.

150

class NullClusterSpecifierPlugin : public ClusterSpecifierPlugin {

151

public:

152

  RouteConstSharedPtr route(RouteEntryAndRouteConstSharedPtr, const Http::RequestHeaderMap&,

153

                            const StreamInfo::StreamInfo&, uint64_t) const override {

154

    return nullptr;

155

156

};

157

158

absl::StatusOr<ClusterSpecifierPluginSharedPtr>

159

getClusterSpecifierPluginByTheProto(const envoy::config::route::v3::ClusterSpecifierPlugin& plugin,

160

                                    ProtobufMessage::ValidationVisitor& validator,

161

13

                                    Server::Configuration::ServerFactoryContext& factory_context) {

162

13

  auto* factory =

163

13

      Envoy::Config::Utility::getFactory<ClusterSpecifierPluginFactoryConfig>(plugin.extension());

164

13

  if (factory == nullptr) {

165

2

    if (plugin.is_optional()) {

166

1

      return std::make_shared<NullClusterSpecifierPlugin>();

167

1

168

1

    return absl::InvalidArgumentError(

169

1

        fmt::format("Didn't find a registered implementation for '{}' with type URL: '{}'",

170

1

                    plugin.extension().name(),

171

1

                    Envoy::Config::Utility::getFactoryType(plugin.extension().typed_config())));

172

2

173

11

  ASSERT(factory != nullptr);

174

11

  auto config =

175

11

      Envoy::Config::Utility::translateToFactoryConfig(plugin.extension(), validator, *factory);

176

11

  return factory->createClusterSpecifierPlugin(*config, factory_context);

177

13

178

179

::Envoy::Http::Utility::RedirectConfig

180

71

createRedirectConfig(const envoy::config::route::v3::Route& route, Regex::Engine& regex_engine) {

181

71

  ::Envoy::Http::Utility::RedirectConfig redirect_config{

182

71

      route.redirect().scheme_redirect(),

183

71

      route.redirect().host_redirect(),

184

71

      route.redirect().port_redirect() ? ":" + std::to_string(route.redirect().port_redirect())

185

71

                                       : "",

186

71

      route.redirect().path_redirect(),

187

71

      route.redirect().prefix_rewrite(),

188

71

      route.redirect().has_regex_rewrite() ? route.redirect().regex_rewrite().substitution() : "",

189

71

      route.redirect().has_regex_rewrite()

190

71

          ? THROW_OR_RETURN_VALUE(Regex::Utility::parseRegex(

191

71

                                      route.redirect().regex_rewrite().pattern(), regex_engine),

192

71

                                  Regex::CompiledMatcherPtr)

193

71

          : nullptr,

194

71

      route.redirect().path_redirect().find('?') != absl::string_view::npos,

195

71

      route.redirect().https_redirect(),

196

71

      route.redirect().strip_query()};

197

71

  if (route.redirect().has_regex_rewrite()) {

198

4

    ASSERT(redirect_config.prefix_rewrite_redirect_.empty());

199

4

200

71

  return redirect_config;

201

71

202

203

std::string generateNewPath(absl::string_view origin_path, absl::string_view path_to_strip,

204

82

                            absl::string_view new_path_to_replace) {

205

82

  ASSERT(path_to_strip.size() <= origin_path.size());

206

207

82

  std::string result;

208

82

  result.reserve(new_path_to_replace.size() + origin_path.size() - path_to_strip.size());

209

82

  result.append(new_path_to_replace);

210

82

  result.append(origin_path.substr(path_to_strip.size()));

211

82

  return result;

212

82

213

214

std::string rewritePathByPrefixOrRegex(absl::string_view path, absl::string_view matched,

215

                                       absl::string_view prefix_rewrite,

216

                                       const Regex::CompiledMatcher* regex_rewrite,

217

44180

                                       absl::string_view regex_rewrite_substitution) {

218

44180

  if (!prefix_rewrite.empty()) {

219

47

    ASSERT(absl::StartsWithIgnoreCase(path, matched));

220

47

    return generateNewPath(path, matched, prefix_rewrite);

221

47

222

223

44133

  if (regex_rewrite != nullptr) {

224

13

    absl::string_view path_only = Http::PathUtil::removeQueryAndFragment(path);

225

13

    ASSERT(path_only.size() <= path.size());

226

13

    const std::string new_path_only =

227

13

        regex_rewrite->replaceAll(path_only, regex_rewrite_substitution);

228

    // If regex rewrite fails then return nothing.

229

13

    if (new_path_only.empty()) {

230

      return {};

231

232

13

    return generateNewPath(path, path_only, new_path_only);

233

13

234

44120

  return {};

235

44133

236

237

} // namespace

238

239

43612

const std::string& OriginalConnectPort::key() {

240

43612

  CONSTRUCT_ON_FIRST_USE(std::string, "envoy.router.original_connect_port");

241

43612

242

243

15

std::string SslRedirector::newUri(const Http::RequestHeaderMap& headers) const {

244

15

  return Http::Utility::createSslRedirectPath(headers);

245

15

246

247

HedgePolicyImpl::HedgePolicyImpl(const envoy::config::route::v3::HedgePolicy& hedge_policy)

248

5

    : additional_request_chance_(hedge_policy.additional_request_chance()),

249

5

      initial_requests_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(hedge_policy, initial_requests, 1)),

250

5

      hedge_on_per_try_timeout_(hedge_policy.hedge_on_per_try_timeout()) {}

251

252

385

HedgePolicyImpl::HedgePolicyImpl() : initial_requests_(1), hedge_on_per_try_timeout_(false) {}

253

254

absl::StatusOr<std::unique_ptr<InternalRedirectPolicyImpl>> InternalRedirectPolicyImpl::create(

255

    const envoy::config::route::v3::InternalRedirectPolicy& policy_config,

256

418

    ProtobufMessage::ValidationVisitor& validator, absl::string_view current_route_name) {

257

418

  absl::Status creation_status = absl::OkStatus();

258

418

  auto ret = std::unique_ptr<InternalRedirectPolicyImpl>(new InternalRedirectPolicyImpl(

259

418

      policy_config, validator, current_route_name, creation_status));

260

418

  RETURN_IF_NOT_OK(creation_status);

261

417

  return ret;

262

418

263

264

InternalRedirectPolicyImpl::InternalRedirectPolicyImpl(

265

    const envoy::config::route::v3::InternalRedirectPolicy& policy_config,

266

    ProtobufMessage::ValidationVisitor& validator, absl::string_view current_route_name,

267

    absl::Status& creation_status)

268

418

    : current_route_name_(current_route_name),

269

418

      redirect_response_codes_(buildRedirectResponseCodes(policy_config)),

270

      max_internal_redirects_(

271

418

          PROTOBUF_GET_WRAPPED_OR_DEFAULT(policy_config, max_internal_redirects, 1)),

272

418

      enabled_(true), allow_cross_scheme_redirect_(policy_config.allow_cross_scheme_redirect()) {

273

418

  for (const auto& predicate : policy_config.predicates()) {

274

18

    auto& factory =

275

18

        Envoy::Config::Utility::getAndCheckFactory<InternalRedirectPredicateFactory>(predicate);

276

18

    auto config = factory.createEmptyConfigProto();

277

18

    SET_AND_RETURN_IF_NOT_OK(

278

18

        Envoy::Config::Utility::translateOpaqueConfig(predicate.typed_config(), validator, *config),

279

18

        creation_status);

280

18

    predicate_factories_.emplace_back(&factory, std::move(config));

281

18

282

418

  for (const auto& header : policy_config.response_headers_to_copy()) {

283

232

    if (!Http::HeaderUtility::isModifiableHeader(header)) {

284

1

      creation_status =

285

1

          absl::InvalidArgumentError(":-prefixed headers or Hosts may not be specified here.");

286

1

      return;

287

1

288

231

    response_headers_to_copy_.emplace_back(header);

289

231

290

418

291

292

170

std::vector<InternalRedirectPredicateSharedPtr> InternalRedirectPolicyImpl::predicates() const {

293

170

  std::vector<InternalRedirectPredicateSharedPtr> predicates;

294

170

  predicates.reserve(predicate_factories_.size());

295

170

  for (const auto& predicate_factory : predicate_factories_) {

296

36

    predicates.emplace_back(predicate_factory.first->createInternalRedirectPredicate(

297

36

        *predicate_factory.second, current_route_name_));

298

36

299

170

  return predicates;

300

170

301

302

const std::vector<Http::LowerCaseString>&

303

171

InternalRedirectPolicyImpl::responseHeadersToCopy() const {

304

171

  return response_headers_to_copy_;

305

171

306

307

absl::flat_hash_set<Http::Code> InternalRedirectPolicyImpl::buildRedirectResponseCodes(

308

418

    const envoy::config::route::v3::InternalRedirectPolicy& policy_config) const {

309

418

  if (policy_config.redirect_response_codes_size() == 0) {

310

392

    return absl::flat_hash_set<Http::Code>{Http::Code::Found};

311

392

312

26

  absl::flat_hash_set<Http::Code> ret;

313

26

  std::for_each(policy_config.redirect_response_codes().begin(),

314

30

                policy_config.redirect_response_codes().end(), [&ret](uint32_t response_code) {

315

30

                  const absl::flat_hash_set<uint32_t> valid_redirect_response_code = {301, 302, 303,

316

30

                                                                                      307, 308};

317

30

                  if (valid_redirect_response_code.contains(response_code)) {

318

27

                    ret.insert(static_cast<Http::Code>(response_code));

319

27

320

30

});

321

26

  return ret;

322

418

323

324

absl::Status validateMirrorClusterSpecifier(

325

109

    const envoy::config::route::v3::RouteAction::RequestMirrorPolicy& config) {

326

109

  if (!config.cluster().empty() && !config.cluster_header().empty()) {

327

1

    return absl::InvalidArgumentError(fmt::format("Only one of cluster '{}' or cluster_header '{}' "

328

1

                                                  "in request mirror policy can be specified",

329

1

                                                  config.cluster(), config.cluster_header()));

330

108

  } else if (config.cluster().empty() && config.cluster_header().empty()) {

331

    // For shadow policies with `cluster_header_`, we only verify that this field is not

332

    // empty because the cluster name is not set yet at config time.

333

1

    return absl::InvalidArgumentError(

334

1

        "Exactly one of cluster or cluster_header in request mirror policy need to be specified");

335

1

336

107

  return absl::OkStatus();

337

109

338

339

absl::StatusOr<std::shared_ptr<ShadowPolicyImpl>>

340

ShadowPolicyImpl::create(const RequestMirrorPolicy& config,

341

109

                         Server::Configuration::CommonFactoryContext& factory_context) {

342

109

  absl::Status creation_status = absl::OkStatus();

343

109

  auto ret = std::shared_ptr<ShadowPolicyImpl>(

344

109

      new ShadowPolicyImpl(config, factory_context, creation_status));

345

109

  RETURN_IF_NOT_OK(creation_status);

346

107

  return ret;

347

109

348

349

ShadowPolicyImpl::ShadowPolicyImpl(const RequestMirrorPolicy& config,

350

                                   Server::Configuration::CommonFactoryContext& factory_context,

351

                                   absl::Status& creation_status)

352

109

    : cluster_(config.cluster()), cluster_header_(config.cluster_header()),

353

109

      disable_shadow_host_suffix_append_(config.disable_shadow_host_suffix_append()),

354

109

      host_rewrite_literal_(config.host_rewrite_literal()) {

355

109

  SET_AND_RETURN_IF_NOT_OK(validateMirrorClusterSpecifier(config), creation_status);

356

357

107

  if (config.has_runtime_fraction()) {

358

20

    runtime_key_ = config.runtime_fraction().runtime_key();

359

20

    default_value_ = config.runtime_fraction().default_value();

360

100

  } else {

361

    // If there is no runtime fraction specified, the default is 100% sampled. By leaving

362

    // runtime_key_ empty and forcing the default to 100% this will yield the expected behavior.

363

87

    default_value_.set_numerator(100);

364

87

    default_value_.set_denominator(envoy::type::v3::FractionalPercent::HUNDRED);

365

87

366

  // If trace sampling is not explicitly configured in shadow_policy, we pass null optional to

367

  // inherit the parent's sampling decision. This prevents oversampling when runtime sampling is

368

  // disabled.

369

107

  trace_sampled_ = config.has_trace_sampled() ? absl::optional<bool>(config.trace_sampled().value())

370

107

                                              : absl::nullopt;

371

372

  // Create HeaderMutations directly from HeaderMutation rules

373

107

  if (!config.request_headers_mutations().empty()) {

374

8

    auto mutations_or_error =

375

8

        Http::HeaderMutations::create(config.request_headers_mutations(), factory_context);

376

8

    SET_AND_RETURN_IF_NOT_OK(mutations_or_error.status(), creation_status);

377

8

    request_headers_mutations_ = std::move(mutations_or_error.value());

378

8

379

107

380

381

144

const Http::HeaderEvaluator& ShadowPolicyImpl::headerEvaluator() const {

382

144

  if (request_headers_mutations_) {

383

11

    return *request_headers_mutations_;

384

11

385

133

  return HeaderParser::defaultParser();

386

144

387

388

DecoratorImpl::DecoratorImpl(const envoy::config::route::v3::Decorator& decorator)

389

2

    : operation_(decorator.operation()),

390

2

      propagate_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(decorator, propagate, true)) {}

391

392

1

void DecoratorImpl::apply(Tracing::Span& span) const {

393

1

  if (!operation_.empty()) {

394

1

    span.setOperation(operation_);

395

1

396

1

397

398

1

const std::string& DecoratorImpl::getOperation() const { return operation_; }

399

400

1

bool DecoratorImpl::propagate() const { return propagate_; }

401

402

3

RouteTracingImpl::RouteTracingImpl(const envoy::config::route::v3::Tracing& tracing) {

403

3

  if (!tracing.has_client_sampling()) {

404

1

    client_sampling_.set_numerator(100);

405

1

    client_sampling_.set_denominator(envoy::type::v3::FractionalPercent::HUNDRED);

406

2

  } else {

407

2

    client_sampling_ = tracing.client_sampling();

408

2

409

3

  if (!tracing.has_random_sampling()) {

410

2

    random_sampling_.set_numerator(100);

411

2

    random_sampling_.set_denominator(envoy::type::v3::FractionalPercent::HUNDRED);

412

2

  } else {

413

1

    random_sampling_ = tracing.random_sampling();

414

1

415

3

  if (!tracing.has_overall_sampling()) {

416

1

    overall_sampling_.set_numerator(100);

417

1

    overall_sampling_.set_denominator(envoy::type::v3::FractionalPercent::HUNDRED);

418

2

  } else {

419

2

    overall_sampling_ = tracing.overall_sampling();

420

2

421

4

  for (const auto& tag : tracing.custom_tags()) {

422

4

    custom_tags_.emplace(tag.tag(), Tracing::CustomTagUtility::createCustomTag(tag));

423

4

424

3

  if (!tracing.operation().empty()) {

425

1

    auto operation = Formatter::FormatterImpl::create(tracing.operation(), true);

426

1

    THROW_IF_NOT_OK_REF(operation.status());

427

1

    operation_ = std::move(operation.value());

428

1

429

3

  if (!tracing.upstream_operation().empty()) {

430

1

    auto operation = Formatter::FormatterImpl::create(tracing.upstream_operation(), true);

431

1

    THROW_IF_NOT_OK_REF(operation.status());

432

1

    upstream_operation_ = std::move(operation.value());

433

1

434

3

435

436

4

const envoy::type::v3::FractionalPercent& RouteTracingImpl::getClientSampling() const {

437

4

  return client_sampling_;

438

4

439

440

4

const envoy::type::v3::FractionalPercent& RouteTracingImpl::getRandomSampling() const {

441

4

  return random_sampling_;

442

4

443

444

4

const envoy::type::v3::FractionalPercent& RouteTracingImpl::getOverallSampling() const {

445

4

  return overall_sampling_;

446

4

447

1

const Tracing::CustomTagMap& RouteTracingImpl::getCustomTags() const { return custom_tags_; }

448

449

uint64_t getRequestBodyBufferLimit(const CommonVirtualHostSharedPtr& vhost,

450

12795

                                   const envoy::config::route::v3::Route& route) {

451

  // Route level request_body_buffer_limit takes precedence over all others.

452

12795

  if (route.has_request_body_buffer_limit()) {

453

24

    return route.request_body_buffer_limit().value();

454

24

455

456

  // Then virtual host level request_body_buffer_limit.

457

12771

  if (const auto v = vhost->requestBodyBufferLimit(); v.has_value()) {

458

27

    return v.value();

459

27

460

461

  // Then route level legacy per_request_buffer_limit_bytes.

462

12744

  if (route.has_per_request_buffer_limit_bytes()) {

463

1

    return route.per_request_buffer_limit_bytes().value();

464

1

465

466

  // Then virtual host level legacy per_request_buffer_limit_bytes.

467

12743

  if (const auto v = vhost->legacyRequestBodyBufferLimit(); v.has_value()) {

468

    return v.value();

469

470

471

  // Finally return max value to indicate no limit.

472

12743

  return std::numeric_limits<uint64_t>::max();

473

12743

474

475

RouteEntryImplBase::RouteEntryImplBase(const CommonVirtualHostSharedPtr& vhost,

476

                                       const envoy::config::route::v3::Route& route,

477

                                       Server::Configuration::ServerFactoryContext& factory_context,

478

                                       ProtobufMessage::ValidationVisitor& validator,

479

                                       absl::Status& creation_status)

480

    : path_matcher_(

481

12800

          THROW_OR_RETURN_VALUE(buildPathMatcher(route, validator), PathMatcherSharedPtr)),

482

12800

      prefix_rewrite_(route.route().prefix_rewrite()),

483

      path_rewriter_(

484

12800

          THROW_OR_RETURN_VALUE(buildPathRewriter(route, validator), PathRewriterSharedPtr)),

485

12800

      host_rewrite_(route.route().host_rewrite_literal()),

486

12800

      host_rewrite_header_(route.route().host_rewrite_header()),

487

      host_rewrite_path_regex_(

488

12800

          route.route().has_host_rewrite_path_regex()

489

12800

              ? THROW_OR_RETURN_VALUE(

490

12800

                    Regex::Utility::parseRegex(route.route().host_rewrite_path_regex().pattern(),

491

12800

                                               factory_context.regexEngine()),

492

12800

                    Regex::CompiledMatcherPtr)

493

12800

              : nullptr),

494

      host_rewrite_path_regex_substitution_(

495

12800

          route.route().has_host_rewrite_path_regex()

496

12800

              ? route.route().host_rewrite_path_regex().substitution()

497

12800

              : ""),

498

12800

      vhost_(vhost), vhost_copy_(vhost), cluster_name_(route.route().cluster()),

499

12800

      timeout_(PROTOBUF_GET_MS_OR_DEFAULT(route.route(), timeout, DEFAULT_ROUTE_TIMEOUT_MS)),

500

12800

      optional_timeouts_(buildOptionalTimeouts(route.route())), loader_(factory_context.runtime()),

501

12800

      runtime_(loadRuntimeData(route.match())),

502

12800

      redirect_config_(route.has_redirect()

503

12800

                           ? std::make_unique<::Envoy::Http::Utility::RedirectConfig>(

504

71

                                 createRedirectConfig(route, factory_context.regexEngine()))

505

12800

                           : nullptr),

506

12800

      hedge_policy_(buildHedgePolicy(vhost->hedgePolicy(), route.route())),

507

12800

      internal_redirect_policy_(

508

12800

          THROW_OR_RETURN_VALUE(buildInternalRedirectPolicy(route.route(), validator, route.name()),

509

12800

                                std::unique_ptr<InternalRedirectPolicyImpl>)),

510

      config_headers_(

511

12800

          Http::HeaderUtility::buildHeaderDataVector(route.match().headers(), factory_context)),

512

12800

      dynamic_metadata_([&]() {

513

12795

        std::vector<Envoy::Matchers::MetadataMatcher> vec;

514

12795

        for (const auto& elt : route.match().dynamic_metadata()) {

515

9

          vec.emplace_back(elt, factory_context);

516

9

517

12795

        return vec;

518

12795

      }()),

519

12800

      filter_state_([&]() {

520

12795

        std::vector<Envoy::Matchers::FilterStateMatcher> vec;

521

12795

        vec.reserve(route.match().filter_state().size());

522

12795

        for (const auto& elt : route.match().filter_state()) {

523

1

          Envoy::Matchers::FilterStateMatcherPtr match = THROW_OR_RETURN_VALUE(

524

1

              Envoy::Matchers::FilterStateMatcher::create(elt, factory_context),

525

1

              Envoy::Matchers::FilterStateMatcherPtr);

526

1

          vec.emplace_back(std::move(*match));

527

1

528

12795

        return vec;

529

12795

      }()),

530

12800

      opaque_config_(parseOpaqueConfig(route)), decorator_(parseDecorator(route)),

531

12800

      route_tracing_(parseRouteTracing(route)), route_name_(route.name()),

532

12800

      time_source_(factory_context.mainThreadDispatcher().timeSource()),

533

12800

      request_body_buffer_limit_(getRequestBodyBufferLimit(vhost, route)),

534

12800

      direct_response_code_(ConfigUtility::parseDirectResponseCode(route)),

535

12800

      cluster_not_found_response_code_(ConfigUtility::parseClusterNotFoundResponseCode(

536

12800

          route.route().cluster_not_found_response_code())),

537

12800

      priority_(ConfigUtility::parsePriority(route.route().priority())),

538

12800

      auto_host_rewrite_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(route.route(), auto_host_rewrite, false)),

539

12800

      append_xfh_(route.route().append_x_forwarded_host()),

540

12800

      using_new_timeouts_(route.route().has_max_stream_duration()),

541

12800

      match_grpc_(route.match().has_grpc()),

542

12800

      case_sensitive_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(route.match(), case_sensitive, true)) {

543

544

12800

  auto config_or_error =

545

12800

      PerFilterConfigs::create(route.typed_per_filter_config(), factory_context, validator);

546

12800

  SET_AND_RETURN_IF_NOT_OK(config_or_error.status(), creation_status);

547

12795

  per_filter_configs_ = std::move(config_or_error.value());

548

549

12795

  auto policy_or_error =

550

12795

      buildRetryPolicy(vhost->retryPolicy(), route.route(), validator, factory_context);

551

12795

  SET_AND_RETURN_IF_NOT_OK(policy_or_error.status(), creation_status);

552

12794

  retry_policy_ = policy_or_error.value() != nullptr ? std::move(policy_or_error.value())

553

12794

                                                     : RetryPolicyImpl::DefaultRetryPolicy;

554

555

12794

  if (route.has_direct_response() && route.direct_response().has_body()) {

556

464

    auto provider_or_error = Envoy::Config::DataSource::DataSourceProvider<std::string>::create(

557

464

        route.direct_response().body(), factory_context.mainThreadDispatcher(),

558

464

        factory_context.threadLocal(), factory_context.api(), true,

559

465

        [](absl::string_view data) { return std::make_shared<std::string>(data); },

560

464

        vhost_->globalRouteConfig().maxDirectResponseBodySizeBytes());

561

464

    SET_AND_RETURN_IF_NOT_OK(provider_or_error.status(), creation_status);

562

462

    direct_response_body_provider_ = std::move(provider_or_error.value());

563

462

564

565

12792

  if (route.direct_response().has_body_format()) {

566

5

    Server::GenericFactoryContextImpl generic_context(factory_context,

567

5

                                                      factory_context.messageValidationVisitor());

568

5

    auto formatter_or_error = Formatter::SubstitutionFormatStringUtils::fromProtoConfig(

569

5

        route.direct_response().body_format(), generic_context);

570

5

    SET_AND_RETURN_IF_NOT_OK(formatter_or_error.status(), creation_status);

571

5

    direct_response_body_formatter_ = std::move(formatter_or_error.value());

572

    // Capture the content_type from body_format, using the same defaulting logic as

573

    // local_reply.cc BodyFormatter: explicit content_type > JSON format default > empty

574

    // (text/plain).

575

5

    const auto& body_format = route.direct_response().body_format();

576

5

    if (!body_format.content_type().empty()) {

577

1

      direct_response_content_type_ = body_format.content_type();

578

4

    } else if (body_format.format_case() ==

579

4

               envoy::config::core::v3::SubstitutionFormatString::FormatCase::kJsonFormat) {

580

1

      direct_response_content_type_ = Http::Headers::get().ContentTypeValues.Json;

581

1

582

    // else: leave empty; sendLocalReply will use its default "text/plain"

583

5

584

585

12792

  if (!route.request_headers_to_add().empty() || !route.request_headers_to_remove().empty()) {

586

341

    auto parser_or_error =

587

341

        HeaderParser::configure(route.request_headers_to_add(), route.request_headers_to_remove());

588

341

    SET_AND_RETURN_IF_NOT_OK(parser_or_error.status(), creation_status);

589

341

    request_headers_parser_ = std::move(parser_or_error.value());

590

341

591

12792

  if (!route.response_headers_to_add().empty() || !route.response_headers_to_remove().empty()) {

592

410

    auto parser_or_error = HeaderParser::configure(route.response_headers_to_add(),

593

410

                                                   route.response_headers_to_remove());

594

410

    SET_AND_RETURN_IF_NOT_OK(parser_or_error.status(), creation_status);

595

410

    response_headers_parser_ = std::move(parser_or_error.value());

596

410

597

12792

  if (route.has_metadata()) {

598

296

    metadata_ = std::make_unique<RouteMetadataPack>(route.metadata());

599

296

600

12792

  if (route.route().has_metadata_match()) {

601

63

    const auto filter_it = route.route().metadata_match().filter_metadata().find(

602

63

        Envoy::Config::MetadataFilters::get().ENVOY_LB);

603

63

    if (filter_it != route.route().metadata_match().filter_metadata().end()) {

604

63

      metadata_match_criteria_ = std::make_unique<MetadataMatchCriteriaImpl>(filter_it->second);

605

63

606

63

607

608

12792

  shadow_policies_.reserve(route.route().request_mirror_policies().size());

609

12797

  for (const auto& mirror_policy_config : route.route().request_mirror_policies()) {

610

79

    auto policy_or_error = ShadowPolicyImpl::create(mirror_policy_config, factory_context);

611

79

    SET_AND_RETURN_IF_NOT_OK(policy_or_error.status(), creation_status);

612

77

    shadow_policies_.push_back(std::move(policy_or_error.value()));

613

77

614

615

  // Inherit policies from the virtual host, which might be from the route config.

616

12790

  if (shadow_policies_.empty()) {

617

12718

    shadow_policies_ = vhost->shadowPolicies();

618

12718

619

620

12790

  if (route.route().has_weighted_clusters()) {

621

79

    cluster_specifier_plugin_ = std::make_shared<WeightedClusterSpecifierPlugin>(

622

79

        route.route().weighted_clusters(), metadata_match_criteria_.get(), route_name_,

623

79

        factory_context, creation_status);

624

79

    RETURN_ONLY_IF_NOT_OK_REF(creation_status);

625

12715

  } else if (route.route().has_inline_cluster_specifier_plugin()) {

626

7

    auto plugin_or_error = getClusterSpecifierPluginByTheProto(

627

7

        route.route().inline_cluster_specifier_plugin(), validator, factory_context);

628

7

    SET_AND_RETURN_IF_NOT_OK(plugin_or_error.status(), creation_status);

629

6

    cluster_specifier_plugin_ = std::move(plugin_or_error.value());

630

12706

  } else if (route.route().has_cluster_specifier_plugin()) {

631

4

    auto plugin_or_error = vhost_->globalRouteConfig().clusterSpecifierPlugin(

632

4

        route.route().cluster_specifier_plugin());

633

4

    SET_AND_RETURN_IF_NOT_OK(plugin_or_error.status(), creation_status);

634

3

    cluster_specifier_plugin_ = std::move(plugin_or_error.value());

635

12700

  } else if (route.route().has_cluster_header()) {

636

127

    cluster_specifier_plugin_ =

637

127

        std::make_shared<HeaderClusterSpecifierPlugin>(route.route().cluster_header());

638

127

639

640

12786

  for (const auto& query_parameter : route.match().query_parameters()) {

641

12

    config_query_parameters_.push_back(

642

12

        std::make_unique<ConfigUtility::QueryParameterMatcher>(query_parameter, factory_context));

643

12

644

645

12786

  for (const auto& cookie_matcher : route.match().cookies()) {

646

3

    config_cookies_.push_back(

647

3

        std::make_unique<ConfigUtility::CookieMatcher>(cookie_matcher, factory_context));

648

3

649

12786

  if (!config_cookies_.empty()) {

650

2

    config_cookie_names_.reserve(config_cookies_.size());

651

3

    for (const auto& matcher : config_cookies_) {

652

3

      config_cookie_names_.insert(matcher->name());

653

3

654

2

655

656

12786

  if (!route.route().hash_policy().empty()) {

657

64

    hash_policy_ = THROW_OR_RETURN_VALUE(

658

64

        Http::HashPolicyImpl::create(route.route().hash_policy(), factory_context.regexEngine()),

659

64

        std::unique_ptr<Http::HashPolicyImpl>);

660

64

661

662

12786

  if (route.match().has_tls_context()) {

663

10

    tls_context_match_criteria_ =

664

10

        std::make_unique<TlsContextMatchCriteriaImpl>(route.match().tls_context());

665

10

666

667

12786

  if (!route.route().rate_limits().empty()) {

668

39

    rate_limit_policy_ = std::make_unique<RateLimitPolicyImpl>(route.route().rate_limits(),

669

39

                                                               factory_context, creation_status);

670

39

    if (!creation_status.ok()) {

671

      return;

672

673

39

674

675

  // Returns true if include_vh_rate_limits is explicitly set to true otherwise it defaults to false

676

  // which is similar to VhRateLimitOptions::Override and will only use virtual host rate limits if

677

  // the route is empty

678

12786

  include_vh_rate_limits_ =

679

12786

      PROTOBUF_GET_WRAPPED_OR_DEFAULT(route.route(), include_vh_rate_limits, false);

680

681

12786

  if (route.route().has_cors()) {

682

46

    cors_policy_ = std::make_unique<CorsPolicyImpl>(route.route().cors(), factory_context);

683

46

684

12786

  for (const auto& upgrade_config : route.route().upgrade_configs()) {

685

271

    const bool enabled = upgrade_config.has_enabled() ? upgrade_config.enabled().value() : true;

686

271

    const bool success =

687

271

        upgrade_map_

688

271

            .emplace(std::make_pair(

689

271

                Envoy::Http::LowerCaseString(upgrade_config.upgrade_type()).get(), enabled))

690

271

            .second;

691

271

    if (!success) {

692

1

      creation_status = absl::InvalidArgumentError(

693

1

          absl::StrCat("Duplicate upgrade ", upgrade_config.upgrade_type()));

694

1

      return;

695

1

696

270

    if (upgrade_config.has_connect_config()) {

697

148

      if (absl::EqualsIgnoreCase(upgrade_config.upgrade_type(),

698

148

                                 Http::Headers::get().MethodValues.Connect) ||

699

148

          absl::EqualsIgnoreCase(upgrade_config.upgrade_type(),

700

147

                                 Http::Headers::get().UpgradeValues.ConnectUdp)) {

701

147

        connect_config_ = std::make_unique<ConnectConfig>(upgrade_config.connect_config());

702

147

      } else {

703

1

        creation_status = absl::InvalidArgumentError(absl::StrCat(

704

1

            "Non-CONNECT upgrade type ", upgrade_config.upgrade_type(), " has ConnectConfig"));

705

1

        return;

706

1

707

148

708

270

709

710

12784

  int num_rewrite_polices = 0;

711

12784

  if (path_rewriter_ != nullptr) {

712

21

    ++num_rewrite_polices;

713

21

714

715

12784

  if (!prefix_rewrite_.empty()) {

716

36

    ++num_rewrite_polices;

717

36

718

719

12784

  if (route.route().has_regex_rewrite()) {

720

5

    ++num_rewrite_polices;

721

5

722

723

12784

  if (!route.route().path_rewrite().empty()) {

724

2

    ++num_rewrite_polices;

725

2

726

727

12784

  if (num_rewrite_polices > 1) {

728

1

    creation_status = absl::InvalidArgumentError(

729

1

        "Specify only one of prefix_rewrite, regex_rewrite or path_rewrite_policy");

730

1

    return;

731

1

732

733

12783

  if (!prefix_rewrite_.empty() && path_matcher_ != nullptr) {

734

1

    creation_status =

735

1

        absl::InvalidArgumentError("Cannot use prefix_rewrite with matcher extension");

736

1

    return;

737

1

738

739

12782

  if (route.route().has_regex_rewrite()) {

740

4

    auto rewrite_spec = route.route().regex_rewrite();

741

4

    regex_rewrite_ = THROW_OR_RETURN_VALUE(

742

4

        Regex::Utility::parseRegex(rewrite_spec.pattern(), factory_context.regexEngine()),

743

4

        Regex::CompiledMatcherPtr);

744

4

    regex_rewrite_substitution_ = rewrite_spec.substitution();

745

4

746

747

12782

  if (!route.route().path_rewrite().empty()) {

748

2

    auto formatter_or = Envoy::Formatter::FormatterImpl::create(route.route().path_rewrite(), true);

749

2

    if (!formatter_or.ok()) {

750

1

      creation_status = absl::InvalidArgumentError(

751

1

          absl::StrCat("Failed to create path rewrite formatter: ", formatter_or.status()));

752

1

      return;

753

1

754

1

    path_rewrite_formatter_ = std::move(formatter_or.value());

755

1

756

757

12781

  if (path_rewriter_ != nullptr) {

758

21

    SET_AND_RETURN_IF_NOT_OK(path_rewriter_->isCompatiblePathMatcher(path_matcher_),

759

21

                             creation_status);

760

20

761

762

12780

  if (!route.route().host_rewrite().empty()) {

763

2

    auto formatter_or =

764

2

        Envoy::Formatter::FormatterImpl::create(route.route().host_rewrite(), false);

765

2

    if (!formatter_or.ok()) {

766

1

      creation_status = absl::InvalidArgumentError(

767

1

          absl::StrCat("Failed to create host rewrite formatter: ", formatter_or.status()));

768

1

      return;

769

1

770

1

    host_rewrite_formatter_ = std::move(formatter_or.value());

771

1

772

773

12779

  if (redirect_config_ != nullptr && redirect_config_->path_redirect_has_query_ &&

774

12779

      redirect_config_->strip_query_) {

775

1

    ENVOY_LOG(debug,

776

1

              "`strip_query` is set to true, but `path_redirect` contains query string and it will "

777

1

              "not be stripped: {}",

778

1

              redirect_config_->path_redirect_);

779

1

780

12779

  if (!route.stat_prefix().empty()) {

781

13

    route_stats_context_ = std::make_unique<RouteStatsContextImpl>(

782

13

        factory_context.scope(), factory_context.routerContext().routeStatNames(),

783

13

        vhost->statName(), route.stat_prefix());

784

13

785

786

12779

  if (route.route().has_early_data_policy()) {

787

5

    auto& factory = Envoy::Config::Utility::getAndCheckFactory<EarlyDataPolicyFactory>(

788

5

        route.route().early_data_policy());

789

5

    auto message = Envoy::Config::Utility::translateToFactoryConfig(

790

5

        route.route().early_data_policy(), validator, factory);

791

5

    early_data_policy_ = factory.createEarlyDataPolicy(*message);

792

12774

  } else {

793

12774

    early_data_policy_ = std::make_unique<DefaultEarlyDataPolicy>(/*allow_safe_request*/ true);

794

12774

795

12779

796

797

91329

bool RouteEntryImplBase::evaluateRuntimeMatch(const uint64_t random_value) const {

798

91329

  return runtime_ == nullptr

799

91329

             ? true

800

91329

             : loader_.snapshot().featureEnabled(runtime_->fractional_runtime_key_,

801

8

                                                 runtime_->fractional_runtime_default_,

802

8

                                                 random_value);

803

91329

804

805

absl::string_view

806

90062

RouteEntryImplBase::sanitizePathBeforePathMatching(const absl::string_view path) const {

807

90062

  absl::string_view ret = path;

808

90062

  if (vhost_->globalRouteConfig().ignorePathParametersInPathMatching()) {

809

3

    auto pos = ret.find_first_of(';');

810

3

    if (pos != absl::string_view::npos) {

811

3

      ret.remove_suffix(ret.length() - pos);

812

3

813

3

814

90062

  return ret;

815

90062

816

817

90643

bool RouteEntryImplBase::evaluateTlsContextMatch(const StreamInfo::StreamInfo& stream_info) const {

818

90643

  bool matches = true;

819

820

90643

  if (!tlsContextMatchCriteria()) {

821

90611

    return matches;

822

90611

823

824

32

  const TlsContextMatchCriteria& criteria = *tlsContextMatchCriteria();

825

826

32

  if (criteria.presented().has_value()) {

827

19

    const bool peer_presented =

828

19

        stream_info.downstreamAddressProvider().sslConnection() &&

829

19

        stream_info.downstreamAddressProvider().sslConnection()->peerCertificatePresented();

830

19

    matches &= criteria.presented().value() == peer_presented;

831

19

832

833

32

  if (criteria.validated().has_value()) {

834

13

    const bool peer_validated =

835

13

        stream_info.downstreamAddressProvider().sslConnection() &&

836

13

        stream_info.downstreamAddressProvider().sslConnection()->peerCertificateValidated();

837

13

    matches &= criteria.validated().value() == peer_validated;

838

13

839

840

32

  return matches;

841

90643

842

843

bool RouteEntryImplBase::isRedirect() const {

844

  if (!isDirectResponse()) {

845

    return false;

846

847

  if (redirect_config_ == nullptr) {

848

    return false;

849

850

  return !redirect_config_->host_redirect_.empty() || !redirect_config_->path_redirect_.empty() ||

851

         !redirect_config_->prefix_rewrite_redirect_.empty() ||

852

         redirect_config_->regex_rewrite_redirect_ != nullptr;

853

854

855

bool RouteEntryImplBase::matchRoute(const Http::RequestHeaderMap& headers,

856

                                    const StreamInfo::StreamInfo& stream_info,

857

91329

                                    uint64_t random_value) const {

858

91329

  bool matches = true;

859

860

91329

  matches &= evaluateRuntimeMatch(random_value);

861

91329

  if (!matches) {

862

    // No need to waste further cycles calculating a route match.

863

2

    return false;

864

2

865

866

91327

  if (match_grpc_) {

867

5

    matches &= Grpc::Common::isGrpcRequestHeaders(headers);

868

5

    if (!matches) {

869

1

      return false;

870

1

871

5

872

873

91326

  matches &= Http::HeaderUtility::matchHeaders(headers, config_headers_);

874

91326

  if (!matches) {

875

651

    return false;

876

651

877

90675

  if (!config_query_parameters_.empty()) {

878

37

    auto query_parameters =

879

37

        Http::Utility::QueryParamsMulti::parseQueryString(headers.getPathValue());

880

37

    matches &= ConfigUtility::matchQueryParams(query_parameters, config_query_parameters_);

881

37

    if (!matches) {

882

28

      return false;

883

28

884

37

885

886

90647

  if (!config_cookies_.empty()) {

887

7

    const auto cookies =

888

9

        Http::Utility::parseCookies(headers, [this](absl::string_view key) -> bool {

889

9

          return config_cookie_names_.find(key) != config_cookie_names_.end();

890

9

});

891

7

    if (!ConfigUtility::matchCookies(cookies, config_cookies_)) {

892

4

      return false;

893

4

894

7

895

896

90643

  matches &= evaluateTlsContextMatch(stream_info);

897

898

90643

  for (const auto& m : dynamic_metadata_) {

899

49

    if (!matches) {

900

      // No need to check anymore as all dynamic metadata matchers must match for a match to occur.

901

3

      break;

902

3

903

46

    matches &= m.match(stream_info.dynamicMetadata());

904

46

905

906

90643

  for (const auto& m : filter_state_) {

907

19

    if (!matches) {

908

      // No need to check anymore as all filter state matchers must match for a match to occur.

909

      break;

910

911

19

    matches &= m.match(stream_info.filterState());

912

19

913

914

90643

  return matches;

915

90647

916

917

132082

const std::string& RouteEntryImplBase::clusterName() const { return cluster_name_; }

918

919

void RouteEntryImplBase::finalizePathHeaderForRedirect(Http::RequestHeaderMap& headers,

920

                                                       absl::string_view matched_path,

921

154

                                                       bool keep_old_path) const {

922

154

  if (redirect_config_ == nullptr) {

923

127

    return;

924

127

925

27

  const std::string new_path = rewritePathByPrefixOrRegex(

926

27

      headers.getPathValue(), matched_path, redirect_config_->prefix_rewrite_redirect_,

927

27

      redirect_config_->regex_rewrite_redirect_.get(),

928

27

      redirect_config_->regex_rewrite_redirect_substitution_);

929

930

  // Empty new_path means there is no rewrite or the rewrite fails. Then we do nothing.

931

27

  if (!new_path.empty()) {

932

22

    if (keep_old_path) {

933

22

      headers.setEnvoyOriginalPath(headers.getPathValue());

934

22

935

22

    headers.setPath(new_path);

936

22

937

27

938

939

void RouteEntryImplBase::finalizePathHeader(Http::RequestHeaderMap& headers,

940

                                            const Formatter::Context& context,

941

                                            const StreamInfo::StreamInfo& stream_info,

942

44175

                                            bool keep_old_path) const {

943

44175

  const std::string new_path = currentUrlPathAfterRewrite(headers, context, stream_info);

944

945

  // Empty new_path means there is no rewrite or the rewrite fails. Then we do nothing.

946

44175

  if (!new_path.empty()) {

947

60

    if (keep_old_path) {

948

59

      headers.setEnvoyOriginalPath(headers.getPathValue());

949

59

950

60

    headers.setPath(new_path);

951

60

952

44175

953

954

void RouteEntryImplBase::finalizeHostHeader(Http::RequestHeaderMap& headers,

955

                                            const Formatter::Context& context,

956

                                            const StreamInfo::StreamInfo& stream_info,

957

44175

                                            bool keep_old_host) const {

958

44175

  absl::string_view hostname;

959

44175

  std::string buffer;

960

961

44175

  if (!host_rewrite_.empty()) {

962

13

    hostname = host_rewrite_;

963

44162

  } else if (!host_rewrite_header_.get().empty()) {

964

3

    if (const auto header = headers.get(host_rewrite_header_); !header.empty()) {

965

2

      hostname = header[0]->value().getStringView();

966

2

967

44159

  } else if (host_rewrite_path_regex_) {

968

3

    absl::string_view path = headers.getPathValue();

969

3

    buffer = host_rewrite_path_regex_->replaceAll(Http::PathUtil::removeQueryAndFragment(path),

970

3

                                                  host_rewrite_path_regex_substitution_);

971

3

    hostname = buffer;

972

44156

  } else if (host_rewrite_formatter_) {

973

1

    buffer = host_rewrite_formatter_->format(context, stream_info);

974

1

    hostname = buffer;

975

1

976

977

44175

  if (hostname.empty()) {

978

44156

    return;

979

44156

980

19

  Http::Utility::updateAuthority(headers, hostname, append_xfh_, keep_old_host);

981

19

982

983

void RouteEntryImplBase::finalizeRequestHeaders(Http::RequestHeaderMap& headers,

984

                                                const Formatter::Context& context,

985

                                                const StreamInfo::StreamInfo& stream_info,

986

44175

                                                bool keep_original_host_or_path) const {

987

  // Apply header transformations configured via request_headers_to_add first.

988

  // This is important because host/path rewriting may depend on headers added here.

989

44175

  for (const HeaderParser* header_parser : getRequestHeaderParsers(

990

132525

           /*specificity_ascend=*/vhost_->globalRouteConfig().mostSpecificHeaderMutationsWins())) {

991

    // Later evaluated header parser wins.

992

132525

    header_parser->evaluateHeaders(headers, context, stream_info);

993

132525

994

995

  // Restore the port if this was a CONNECT request.

996

  // Note this will restore the port for HTTP/2 CONNECT-upgrades as well as as HTTP/1.1 style

997

  // CONNECT requests.

998

44175

  if (Http::HeaderUtility::getPortStart(headers.getHostValue()) == absl::string_view::npos) {

999

43600

    if (auto typed_state = stream_info.filterState().getDataReadOnly<OriginalConnectPort>(

1000

43600

            OriginalConnectPort::key());

1001

43600

        typed_state != nullptr) {

1002

12

      headers.setHost(absl::StrCat(headers.getHostValue(), ":", typed_state->value()));

1003

12

1004

43600

1005

1006

  // Handle host rewrite.

1007

44175

  finalizeHostHeader(headers, context, stream_info, keep_original_host_or_path);

1008

1009

  // Handle path rewrite.

1010

44175

  finalizePathHeader(headers, context, stream_info, keep_original_host_or_path);

1011

44175

1012

1013

void RouteEntryImplBase::finalizeResponseHeaders(Http::ResponseHeaderMap& headers,

1014

                                                 const Formatter::Context& context,

1015

41800

                                                 const StreamInfo::StreamInfo& stream_info) const {

1016

41800

  for (const HeaderParser* header_parser : getResponseHeaderParsers(

1017

125400

           /*specificity_ascend=*/vhost_->globalRouteConfig().mostSpecificHeaderMutationsWins())) {

1018

    // Later evaluated header parser wins.

1019

125400

    header_parser->evaluateHeaders(headers, context, stream_info);

1020

125400

1021

41800

1022

1023

Http::HeaderTransforms

1024

RouteEntryImplBase::responseHeaderTransforms(const StreamInfo::StreamInfo& stream_info,

1025

10

                                             bool do_formatting) const {

1026

10

  Http::HeaderTransforms transforms;

1027

10

  for (const HeaderParser* header_parser : getResponseHeaderParsers(

1028

30

           /*specificity_ascend=*/vhost_->globalRouteConfig().mostSpecificHeaderMutationsWins())) {

1029

    // Later evaluated header parser wins.

1030

30

    mergeTransforms(transforms, header_parser->getHeaderTransforms(stream_info, do_formatting));

1031

30

1032

10

  return transforms;

1033

10

1034

1035

Http::HeaderTransforms

1036

RouteEntryImplBase::requestHeaderTransforms(const StreamInfo::StreamInfo& stream_info,

1037

12

                                            bool do_formatting) const {

1038

12

  Http::HeaderTransforms transforms;

1039

12

  for (const HeaderParser* header_parser : getRequestHeaderParsers(

1040

36

           /*specificity_ascend=*/vhost_->globalRouteConfig().mostSpecificHeaderMutationsWins())) {

1041

    // Later evaluated header parser wins.

1042

36

    mergeTransforms(transforms, header_parser->getHeaderTransforms(stream_info, do_formatting));

1043

36

1044

12

  return transforms;

1045

12

1046

1047

std::array<const HeaderParser*, 3>

1048

44187

RouteEntryImplBase::getRequestHeaderParsers(bool specificity_ascend) const {

1049

44187

  return getHeaderParsers(&vhost_->globalRouteConfig().requestHeaderParser(),

1050

44187

                          &vhost_->requestHeaderParser(), &requestHeaderParser(),

1051

44187

                          specificity_ascend);

1052

44187

1053

1054

std::array<const HeaderParser*, 3>

1055

41810

RouteEntryImplBase::getResponseHeaderParsers(bool specificity_ascend) const {

1056

41810

  return getHeaderParsers(&vhost_->globalRouteConfig().responseHeaderParser(),

1057

41810

                          &vhost_->responseHeaderParser(), &responseHeaderParser(),

1058

41810

                          specificity_ascend);

1059

41810

1060

1061

std::unique_ptr<const RouteEntryImplBase::RuntimeData>

1062

12797

RouteEntryImplBase::loadRuntimeData(const envoy::config::route::v3::RouteMatch& route_match) {

1063

12797

  if (route_match.has_runtime_fraction()) {

1064

9

    auto runtime_data = std::make_unique<RouteEntryImplBase::RuntimeData>();

1065

9

    runtime_data->fractional_runtime_default_ = route_match.runtime_fraction().default_value();

1066

9

    runtime_data->fractional_runtime_key_ = route_match.runtime_fraction().runtime_key();

1067

9

    return runtime_data;

1068

9

1069

12788

  return nullptr;

1070

12797

1071

1072

// currentUrlPathAfterRewriteWithMatchedPath does the "standard" path rewriting.

1073

// The "matched_path" argument applies only to the

1074

// prefix rewriting, and describes the portion of the path (excluding query

1075

// parameters) that should be replaced by the rewrite. A "regex_rewrite"

1076

// applies to the entire path (excluding query parameters), regardless of what

1077

// portion was matched.

1078

std::string RouteEntryImplBase::currentUrlPathAfterRewriteWithMatchedPath(

1079

    const Http::RequestHeaderMap& headers, const Formatter::Context& context,

1080

44175

    const StreamInfo::StreamInfo& info, absl::string_view matched_path) const {

1081

44175

  absl::string_view path_with_query = headers.getPathValue();

1082

1083

  // Handle the case where a path formatter is configured.

1084

44175

  if (path_rewrite_formatter_ != nullptr) {

1085

2

    const std::string new_path_only = path_rewrite_formatter_->format(context, info);

1086

    // If formatter produces empty string then return nothing.

1087

2

    if (new_path_only.empty()) {

1088

      return {};

1089

1090

2

    absl::string_view path_only = Http::PathUtil::removeQueryAndFragment(path_with_query);

1091

2

    return generateNewPath(path_with_query, path_only, new_path_only);

1092

2

1093

1094

  // Handle the case where path_rewrite_policy is configured.

1095

44173

  if (path_rewriter_ != nullptr) {

1096

20

    absl::string_view path_only = Http::PathUtil::removeQueryAndFragment(path_with_query);

1097

20

    absl::StatusOr<std::string> new_path_only =

1098

20

        path_rewriter_->rewritePath(path_only, matched_path);

1099

1100

    // If rewrite fails or produces empty string then return nothing.

1101

20

    if (!new_path_only.ok() || new_path_only->empty()) {

1102

      return {};

1103

1104

20

    return generateNewPath(path_with_query, path_only, new_path_only.value());

1105

20

1106

1107

  // Handle the case where prefix_rewrite or regex_rewrite is configured.

1108

44153

  return rewritePathByPrefixOrRegex(path_with_query, matched_path, prefix_rewrite_,

1109

44153

                                    regex_rewrite_.get(), regex_rewrite_substitution_);

1110

44173

1111

1112

202

std::string RouteEntryImplBase::newUri(const Http::RequestHeaderMap& headers) const {

1113

202

  ASSERT(isDirectResponse());

1114

202

  return ::Envoy::Http::Utility::newUri(

1115

202

      ::Envoy::makeOptRefFromPtr(

1116

202

          const_cast<const ::Envoy::Http::Utility::RedirectConfig*>(redirect_config_.get())),

1117

202

      headers);

1118

202

1119

1120

absl::string_view RouteEntryImplBase::formatBody(const Http::RequestHeaderMap& request_headers,

1121

                                                 const Http::ResponseHeaderMap& response_headers,

1122

                                                 const StreamInfo::StreamInfo& stream_info,

1123

137

                                                 std::string& body_out) const {

1124

137

  absl::string_view direct_body = (direct_response_body_provider_ != nullptr &&

1125

137

                                   direct_response_body_provider_->data() != nullptr)

1126

137

                                      ? *direct_response_body_provider_->data()

1127

137

                                      : EMPTY_STRING;

1128

137

  if (direct_response_body_formatter_ == nullptr) {

1129

135

    return direct_body;

1130

135

1131

1132

2

  body_out = direct_response_body_formatter_->format(

1133

2

      {&request_headers, &response_headers, nullptr, direct_body}, stream_info);

1134

2

  return body_out;

1135

137

1136

1137

std::multimap<std::string, std::string>

1138

12795

RouteEntryImplBase::parseOpaqueConfig(const envoy::config::route::v3::Route& route) {

1139

12795

  std::multimap<std::string, std::string> ret;

1140

12795

  if (route.has_metadata()) {

1141

296

    auto filter_metadata = route.metadata().filter_metadata().find("envoy.filters.http.router");

1142

296

    if (filter_metadata == route.metadata().filter_metadata().end()) {

1143

295

      return ret;

1144

295

1145

2

    for (const auto& it : filter_metadata->second.fields()) {

1146

2

      if (it.second.kind_case() == Protobuf::Value::kStringValue) {

1147

2

        ret.emplace(it.first, it.second.string_value());

1148

2

1149

2

1150

1

1151

12500

  return ret;

1152

12795

1153

1154

std::unique_ptr<HedgePolicyImpl> RouteEntryImplBase::buildHedgePolicy(

1155

    HedgePolicyConstOptRef vhost_hedge_policy,

1156

12797

    const envoy::config::route::v3::RouteAction& route_config) const {

1157

  // Route specific policy wins, if available.

1158

12797

  if (route_config.has_hedge_policy()) {

1159

4

    return std::make_unique<HedgePolicyImpl>(route_config.hedge_policy());

1160

4

1161

1162

  // If not, we fall back to the virtual host policy if there is one.

1163

12793

  if (vhost_hedge_policy.has_value()) {

1164

1

    return std::make_unique<HedgePolicyImpl>(*vhost_hedge_policy);

1165

1

1166

1167

  // Otherwise, an empty policy will do.

1168

12792

  return nullptr;

1169

12793

1170

1171

absl::StatusOr<RetryPolicyConstSharedPtr> RouteEntryImplBase::buildRetryPolicy(

1172

    const RetryPolicyConstSharedPtr& vhost_retry_policy,

1173

    const envoy::config::route::v3::RouteAction& route_config,

1174

    ProtobufMessage::ValidationVisitor& validation_visitor,

1175

12790

    Server::Configuration::CommonFactoryContext& factory_context) const {

1176

  // Route specific policy wins, if available.

1177

12790

  if (route_config.has_retry_policy()) {

1178

136

    return RetryPolicyImpl::create(route_config.retry_policy(), validation_visitor,

1179

136

                                   factory_context);

1180

136

1181

1182

  // If not, we fallback to the virtual host policy if there is one. Note the

1183

  // virtual host policy may be nullptr.

1184

12654

  return vhost_retry_policy;

1185

12790

1186

1187

absl::StatusOr<std::unique_ptr<InternalRedirectPolicyImpl>>

1188

RouteEntryImplBase::buildInternalRedirectPolicy(

1189

    const envoy::config::route::v3::RouteAction& route_config,

1190

12797

    ProtobufMessage::ValidationVisitor& validator, absl::string_view current_route_name) const {

1191

12797

  if (route_config.has_internal_redirect_policy()) {

1192

418

    return InternalRedirectPolicyImpl::create(route_config.internal_redirect_policy(), validator,

1193

418

                                              current_route_name);

1194

418

1195

12379

  envoy::config::route::v3::InternalRedirectPolicy policy_config;

1196

12379

  switch (route_config.internal_redirect_action()) {

1197

  case envoy::config::route::v3::RouteAction::HANDLE_INTERNAL_REDIRECT:

1198

    break;

1199

12379

  case envoy::config::route::v3::RouteAction::PASS_THROUGH_INTERNAL_REDIRECT:

1200

12379

    FALLTHRU;

1201

12379

  default:

1202

12379

    return nullptr;

1203

12379

1204

  if (route_config.has_max_internal_redirects()) {

1205

    *policy_config.mutable_max_internal_redirects() = route_config.max_internal_redirects();

1206

1207

  return InternalRedirectPolicyImpl::create(policy_config, validator, current_route_name);

1208

12379

1209

1210

RouteEntryImplBase::OptionalTimeouts RouteEntryImplBase::buildOptionalTimeouts(

1211

12797

    const envoy::config::route::v3::RouteAction& route) const {

1212

  // Calculate how many values are actually set, to initialize `OptionalTimeouts` packed_struct,

1213

  // avoiding memory re-allocation on each set() call.

1214

12797

  int num_timeouts_set = route.has_idle_timeout() ? 1 : 0;

1215

12797

  num_timeouts_set += route.has_flush_timeout() ? 1 : 0;

1216

12797

  num_timeouts_set += route.has_max_grpc_timeout() ? 1 : 0;

1217

12797

  num_timeouts_set += route.has_grpc_timeout_offset() ? 1 : 0;

1218

12797

  if (route.has_max_stream_duration()) {

1219

7

    num_timeouts_set += route.max_stream_duration().has_max_stream_duration() ? 1 : 0;

1220

7

    num_timeouts_set += route.max_stream_duration().has_grpc_timeout_header_max() ? 1 : 0;

1221

7

    num_timeouts_set += route.max_stream_duration().has_grpc_timeout_header_offset() ? 1 : 0;

1222

7

1223

12797

  OptionalTimeouts timeouts(num_timeouts_set);

1224

12797

  if (route.has_idle_timeout()) {

1225

167

    timeouts.set<OptionalTimeoutNames::IdleTimeout>(

1226

167

        std::chrono::milliseconds(PROTOBUF_GET_MS_REQUIRED(route, idle_timeout)));

1227

167

1228

12797

  if (route.has_flush_timeout()) {

1229

    timeouts.set<OptionalTimeoutNames::FlushTimeout>(

1230

        std::chrono::milliseconds(PROTOBUF_GET_MS_REQUIRED(route, flush_timeout)));

1231

1232

12797

  if (route.has_max_grpc_timeout()) {

1233

5

    timeouts.set<OptionalTimeoutNames::MaxGrpcTimeout>(

1234

5

        std::chrono::milliseconds(PROTOBUF_GET_MS_REQUIRED(route, max_grpc_timeout)));

1235

5

1236

12797

  if (route.has_grpc_timeout_offset()) {

1237

3

    timeouts.set<OptionalTimeoutNames::GrpcTimeoutOffset>(

1238

3

        std::chrono::milliseconds(PROTOBUF_GET_MS_REQUIRED(route, grpc_timeout_offset)));

1239

3

1240

12797

  if (route.has_max_stream_duration()) {

1241

7

    if (route.max_stream_duration().has_max_stream_duration()) {

1242

1

      timeouts.set<OptionalTimeoutNames::MaxStreamDuration>(std::chrono::milliseconds(

1243

1

          PROTOBUF_GET_MS_REQUIRED(route.max_stream_duration(), max_stream_duration)));

1244

1

1245

7

    if (route.max_stream_duration().has_grpc_timeout_header_max()) {

1246

7

      timeouts.set<OptionalTimeoutNames::GrpcTimeoutHeaderMax>(std::chrono::milliseconds(

1247

7

          PROTOBUF_GET_MS_REQUIRED(route.max_stream_duration(), grpc_timeout_header_max)));

1248

7

1249

7

    if (route.max_stream_duration().has_grpc_timeout_header_offset()) {

1250

1

      timeouts.set<OptionalTimeoutNames::GrpcTimeoutHeaderOffset>(std::chrono::milliseconds(

1251

1

          PROTOBUF_GET_MS_REQUIRED(route.max_stream_duration(), grpc_timeout_header_offset)));

1252

1

1253

7

1254

12797

  return timeouts;

1255

12797

1256

1257

absl::StatusOr<PathRewriterSharedPtr>

1258

RouteEntryImplBase::buildPathRewriter(const envoy::config::route::v3::Route& route,

1259

12797

                                      ProtobufMessage::ValidationVisitor& validator) const {

1260

12797

  if (!route.route().has_path_rewrite_policy()) {

1261

12776

    return nullptr;

1262

12776

1263

1264

21

  auto& factory = Envoy::Config::Utility::getAndCheckFactory<PathRewriterFactory>(

1265

21

      route.route().path_rewrite_policy());

1266

1267

21

  ProtobufTypes::MessagePtr config = Envoy::Config::Utility::translateAnyToFactoryConfig(

1268

21

      route.route().path_rewrite_policy().typed_config(), validator, factory);

1269

1270

21

  absl::StatusOr<PathRewriterSharedPtr> rewriter = factory.createPathRewriter(*config);

1271

21

  RETURN_IF_NOT_OK_REF(rewriter.status());

1272

1273

21

  return rewriter.value();

1274

21

1275

1276

absl::StatusOr<PathMatcherSharedPtr>

1277

RouteEntryImplBase::buildPathMatcher(const envoy::config::route::v3::Route& route,

1278

12800

                                     ProtobufMessage::ValidationVisitor& validator) const {

1279

12800

  if (!route.match().has_path_match_policy()) {

1280

12771

    return nullptr;

1281

12771

1282

29

  auto& factory = Envoy::Config::Utility::getAndCheckFactory<PathMatcherFactory>(

1283

29

      route.match().path_match_policy());

1284

1285

29

  ProtobufTypes::MessagePtr config = Envoy::Config::Utility::translateAnyToFactoryConfig(

1286

29

      route.match().path_match_policy().typed_config(), validator, factory);

1287

1288

29

  absl::StatusOr<PathMatcherSharedPtr> matcher = factory.createPathMatcher(*config);

1289

29

  RETURN_IF_NOT_OK_REF(matcher.status());

1290

1291

26

  return matcher.value();

1292

29

1293

1294

12795

DecoratorConstPtr RouteEntryImplBase::parseDecorator(const envoy::config::route::v3::Route& route) {

1295

12795

  DecoratorConstPtr ret;

1296

12795

  if (route.has_decorator()) {

1297

2

    ret = DecoratorConstPtr(new DecoratorImpl(route.decorator()));

1298

2

1299

12795

  return ret;

1300

12795

1301

1302

RouteTracingConstPtr

1303

12795

RouteEntryImplBase::parseRouteTracing(const envoy::config::route::v3::Route& route) {

1304

12795

  RouteTracingConstPtr ret;

1305

12795

  if (route.has_tracing()) {

1306

3

    ret = RouteTracingConstPtr(new RouteTracingImpl(route.tracing()));

1307

3

1308

12795

  return ret;

1309

12795

1310

1311

44456

const DirectResponseEntry* RouteEntryImplBase::directResponseEntry() const {

1312

  // A route for a request can exclusively be a route entry, a direct response entry,

1313

  // or a redirect entry.

1314

44456

  if (isDirectResponse()) {

1315

246

    return this;

1316

44311

  } else {

1317

44210

    return nullptr;

1318

44210

1319

44456

1320

1321

538343

const RouteEntry* RouteEntryImplBase::routeEntry() const {

1322

  // A route for a request can exclusively be a route entry, a direct response entry,

1323

  // or a redirect entry.

1324

538343

  if (isDirectResponse()) {

1325

1254

    return nullptr;

1326

537394

  } else {

1327

537089

    return this;

1328

537089

1329

538343

1330

1331

RouteConstSharedPtr RouteEntryImplBase::clusterEntry(const Http::RequestHeaderMap& headers,

1332

                                                     const StreamInfo::StreamInfo& stream_info,

1333

88594

                                                     uint64_t random_value) const {

1334

88594

  if (cluster_specifier_plugin_ != nullptr) {

1335

391

    return cluster_specifier_plugin_->route(shared_from_this(), headers, stream_info, random_value);

1336

391

1337

88203

  return shared_from_this();

1338

88594

1339

1340

11477

absl::Status RouteEntryImplBase::validateClusters(const Upstream::ClusterManager& cm) const {

1341

11477

  if (!cluster_name_.empty()) {

1342

10722

    return !cm.hasCluster(cluster_name_) ? absl::InvalidArgumentError(fmt::format(

1343

3

                                               "route: unknown cluster '{}'", cluster_name_))

1344

10722

                                         : absl::OkStatus();

1345

10722

1346

755

  if (cluster_specifier_plugin_ != nullptr) {

1347

175

    return cluster_specifier_plugin_->validateClusters(cm);

1348

175

1349

580

  return absl::OkStatus();

1350

755

1351

1352

98985

absl::optional<bool> RouteEntryImplBase::filterDisabled(absl::string_view config_name) const {

1353

98985

  absl::optional<bool> result = per_filter_configs_->disabled(config_name);

1354

98985

  if (result.has_value()) {

1355

291

    return result.value();

1356

291

1357

98694

  return vhost_->filterDisabled(config_name);

1358

98985

1359

1360

RouteSpecificFilterConfigs

1361

1601

RouteEntryImplBase::perFilterConfigs(absl::string_view filter_name) const {

1362

1601

  auto result = vhost_->perFilterConfigs(filter_name);

1363

1364

1601

  const auto* maybe_route_config = per_filter_configs_->get(filter_name);

1365

1601

  if (maybe_route_config != nullptr) {

1366

79

    result.push_back(maybe_route_config);

1367

79

1368

1601

  return result;

1369

1601

1370

1371

416

const envoy::config::core::v3::Metadata& RouteEntryImplBase::metadata() const {

1372

416

  return metadata_ != nullptr ? metadata_->proto_metadata_

1373

416

                              : DefaultRouteMetadataPack::get().proto_metadata_;

1374

416

1375

3

const Envoy::Config::TypedMetadata& RouteEntryImplBase::typedMetadata() const {

1376

3

  return metadata_ != nullptr ? metadata_->typed_metadata_

1377

3

                              : DefaultRouteMetadataPack::get().typed_metadata_;

1378

3

1379

1380

UriTemplateMatcherRouteEntryImpl::UriTemplateMatcherRouteEntryImpl(

1381

    const CommonVirtualHostSharedPtr& vhost, const envoy::config::route::v3::Route& route,

1382

    Server::Configuration::ServerFactoryContext& factory_context,

1383

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1384

29

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status),

1385

29

      uri_template_(path_matcher_->uriTemplate()) {};

1386

1387

void UriTemplateMatcherRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1388

                                                         bool insert_envoy_original_path) const {

1389

  finalizePathHeaderForRedirect(headers, path_matcher_->uriTemplate(), insert_envoy_original_path);

1390

1391

1392

std::string UriTemplateMatcherRouteEntryImpl::currentUrlPathAfterRewrite(

1393

    const Http::RequestHeaderMap& headers, const Formatter::Context& context,

1394

20

    const StreamInfo::StreamInfo& stream_info) const {

1395

20

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info,

1396

20

                                                   path_matcher_->uriTemplate());

1397

20

1398

1399

RouteConstSharedPtr

1400

UriTemplateMatcherRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1401

                                          const StreamInfo::StreamInfo& stream_info,

1402

38

                                          uint64_t random_value) const {

1403

38

  if (RouteEntryImplBase::matchRoute(headers, stream_info, random_value) &&

1404

38

      path_matcher_->match(headers.getPathValue())) {

1405

31

    return clusterEntry(headers, stream_info, random_value);

1406

31

1407

7

  return nullptr;

1408

38

1409

1410

PrefixRouteEntryImpl::PrefixRouteEntryImpl(

1411

    const CommonVirtualHostSharedPtr& vhost, const envoy::config::route::v3::Route& route,

1412

    Server::Configuration::ServerFactoryContext& factory_context,

1413

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1414

12303

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status),

1415

12303

      path_matcher_(Matchers::PathMatcher::createPrefix(route.match().prefix(), !case_sensitive(),

1416

12303

                                                        factory_context)) {

1417

  // The createPrefix function never returns nullptr.

1418

12303

  ASSERT(path_matcher_ != nullptr);

1419

12303

1420

1421

void PrefixRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1422

147

                                             bool insert_envoy_original_path) const {

1423

147

  finalizePathHeaderForRedirect(headers, matcher(), insert_envoy_original_path);

1424

147

1425

1426

std::string

1427

PrefixRouteEntryImpl::currentUrlPathAfterRewrite(const Http::RequestHeaderMap& headers,

1428

                                                 const Formatter::Context& context,

1429

43577

                                                 const StreamInfo::StreamInfo& stream_info) const {

1430

43577

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info, matcher());

1431

43577

1432

1433

RouteConstSharedPtr PrefixRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1434

                                                  const StreamInfo::StreamInfo& stream_info,

1435

89924

                                                  uint64_t random_value) const {

1436

89924

  if (RouteEntryImplBase::matchRoute(headers, stream_info, random_value) &&

1437

89924

      path_matcher_->match(sanitizePathBeforePathMatching(headers.getPathValue()))) {

1438

87860

    return clusterEntry(headers, stream_info, random_value);

1439

87860

1440

2064

  return nullptr;

1441

89924

1442

1443

PathRouteEntryImpl::PathRouteEntryImpl(const CommonVirtualHostSharedPtr& vhost,

1444

                                       const envoy::config::route::v3::Route& route,

1445

                                       Server::Configuration::ServerFactoryContext& factory_context,

1446

                                       ProtobufMessage::ValidationVisitor& validator,

1447

                                       absl::Status& creation_status)

1448

178

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status),

1449

178

      path_matcher_(Matchers::PathMatcher::createExact(route.match().path(), !case_sensitive(),

1450

178

                                                       factory_context)) {

1451

  // The createExact function never returns nullptr.

1452

178

  ASSERT(path_matcher_ != nullptr);

1453

178

1454

1455

void PathRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1456

1

                                           bool insert_envoy_original_path) const {

1457

1

  finalizePathHeaderForRedirect(headers, matcher(), insert_envoy_original_path);

1458

1

1459

1460

std::string

1461

PathRouteEntryImpl::currentUrlPathAfterRewrite(const Http::RequestHeaderMap& headers,

1462

                                               const Formatter::Context& context,

1463

97

                                               const StreamInfo::StreamInfo& stream_info) const {

1464

97

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info, matcher());

1465

97

1466

1467

RouteConstSharedPtr PathRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1468

                                                const StreamInfo::StreamInfo& stream_info,

1469

757

                                                uint64_t random_value) const {

1470

757

  if (RouteEntryImplBase::matchRoute(headers, stream_info, random_value) &&

1471

757

      path_matcher_->match(sanitizePathBeforePathMatching(headers.getPathValue()))) {

1472

165

    return clusterEntry(headers, stream_info, random_value);

1473

165

1474

1475

592

  return nullptr;

1476

757

1477

1478

RegexRouteEntryImpl::RegexRouteEntryImpl(

1479

    const CommonVirtualHostSharedPtr& vhost, const envoy::config::route::v3::Route& route,

1480

    Server::Configuration::ServerFactoryContext& factory_context,

1481

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1482

32

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status),

1483

      path_matcher_(

1484

32

          Matchers::PathMatcher::createSafeRegex(route.match().safe_regex(), factory_context)) {

1485

32

  ASSERT(route.match().path_specifier_case() ==

1486

32

         envoy::config::route::v3::RouteMatch::PathSpecifierCase::kSafeRegex);

1487

  // The createSafeRegex function never returns nullptr.

1488

32

  ASSERT(path_matcher_ != nullptr);

1489

32

1490

1491

void RegexRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1492

5

                                            bool insert_envoy_original_path) const {

1493

5

  absl::string_view path = Http::PathUtil::removeQueryAndFragment(headers.getPathValue());

1494

  // TODO(yuval-k): This ASSERT can happen if the path was changed by a filter without clearing

1495

  // the route cache. We should consider if ASSERT-ing is the desired behavior in this case.

1496

5

  ASSERT(path_matcher_->match(sanitizePathBeforePathMatching(path)));

1497

5

  finalizePathHeaderForRedirect(headers, path, insert_envoy_original_path);

1498

5

1499

1500

std::string

1501

RegexRouteEntryImpl::currentUrlPathAfterRewrite(const Http::RequestHeaderMap& headers,

1502

                                                const Formatter::Context& context,

1503

6

                                                const StreamInfo::StreamInfo& stream_info) const {

1504

6

  const absl::string_view path = Http::PathUtil::removeQueryAndFragment(headers.getPathValue());

1505

6

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info, path);

1506

6

1507

1508

RouteConstSharedPtr RegexRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1509

                                                 const StreamInfo::StreamInfo& stream_info,

1510

106

                                                 uint64_t random_value) const {

1511

106

  if (RouteEntryImplBase::matchRoute(headers, stream_info, random_value)) {

1512

106

    if (path_matcher_->match(sanitizePathBeforePathMatching(headers.getPathValue()))) {

1513

41

      return clusterEntry(headers, stream_info, random_value);

1514

41

1515

106

1516

65

  return nullptr;

1517

106

1518

1519

ConnectRouteEntryImpl::ConnectRouteEntryImpl(

1520

    const CommonVirtualHostSharedPtr& vhost, const envoy::config::route::v3::Route& route,

1521

    Server::Configuration::ServerFactoryContext& factory_context,

1522

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1523

251

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status) {}

1524

1525

void ConnectRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1526

1

                                              bool insert_envoy_original_path) const {

1527

1

  const absl::string_view path = Http::PathUtil::removeQueryAndFragment(headers.getPathValue());

1528

1

  finalizePathHeaderForRedirect(headers, path, insert_envoy_original_path);

1529

1

1530

1531

std::string

1532

ConnectRouteEntryImpl::currentUrlPathAfterRewrite(const Http::RequestHeaderMap& headers,

1533

                                                  const Formatter::Context& context,

1534

473

                                                  const StreamInfo::StreamInfo& stream_info) const {

1535

473

  const absl::string_view path = Http::PathUtil::removeQueryAndFragment(headers.getPathValue());

1536

473

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info, path);

1537

473

1538

1539

RouteConstSharedPtr ConnectRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1540

                                                   const StreamInfo::StreamInfo& stream_info,

1541

504

                                                   uint64_t random_value) const {

1542

504

  if ((Http::HeaderUtility::isConnect(headers) ||

1543

504

       Http::HeaderUtility::isConnectUdpRequest(headers)) &&

1544

504

      RouteEntryImplBase::matchRoute(headers, stream_info, random_value)) {

1545

481

    return clusterEntry(headers, stream_info, random_value);

1546

481

1547

23

  return nullptr;

1548

504

1549

1550

PathSeparatedPrefixRouteEntryImpl::PathSeparatedPrefixRouteEntryImpl(

1551

    const CommonVirtualHostSharedPtr& vhost, const envoy::config::route::v3::Route& route,

1552

    Server::Configuration::ServerFactoryContext& factory_context,

1553

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1554

7

    : RouteEntryImplBase(vhost, route, factory_context, validator, creation_status),

1555

7

      path_matcher_(Matchers::PathMatcher::createPrefix(route.match().path_separated_prefix(),

1556

7

                                                        !case_sensitive(), factory_context)) {

1557

  // The createPrefix function never returns nullptr.

1558

7

  ASSERT(path_matcher_ != nullptr);

1559

7

1560

1561

void PathSeparatedPrefixRouteEntryImpl::rewritePathHeader(Http::RequestHeaderMap& headers,

1562

                                                          bool insert_envoy_original_path) const {

1563

  finalizePathHeaderForRedirect(headers, matcher(), insert_envoy_original_path);

1564

1565

1566

std::string PathSeparatedPrefixRouteEntryImpl::currentUrlPathAfterRewrite(

1567

    const Http::RequestHeaderMap& headers, const Formatter::Context& context,

1568

2

    const StreamInfo::StreamInfo& stream_info) const {

1569

2

  return currentUrlPathAfterRewriteWithMatchedPath(headers, context, stream_info, matcher());

1570

2

1571

1572

RouteConstSharedPtr

1573

PathSeparatedPrefixRouteEntryImpl::matches(const Http::RequestHeaderMap& headers,

1574

                                           const StreamInfo::StreamInfo& stream_info,

1575

23

                                           uint64_t random_value) const {

1576

23

  if (!RouteEntryImplBase::matchRoute(headers, stream_info, random_value)) {

1577

2

    return nullptr;

1578

2

1579

21

  absl::string_view sanitized_path = sanitizePathBeforePathMatching(

1580

21

      Http::PathUtil::removeQueryAndFragment(headers.getPathValue()));

1581

21

  const size_t sanitized_size = sanitized_path.size();

1582

21

  const size_t matcher_size = matcher().size();

1583

21

  if (sanitized_size >= matcher_size && path_matcher_->match(sanitized_path) &&

1584

21

      (sanitized_size == matcher_size || sanitized_path[matcher_size] == '/')) {

1585

16

    return clusterEntry(headers, stream_info, random_value);

1586

16

1587

5

  return nullptr;

1588

21

1589

1590

CommonVirtualHostImpl::CommonVirtualHostImpl(

1591

    const envoy::config::route::v3::VirtualHost& virtual_host,

1592

    const CommonConfigSharedPtr& global_route_config,

1593

    Server::Configuration::ServerFactoryContext& factory_context, Stats::Scope& scope,

1594

    ProtobufMessage::ValidationVisitor& validator, absl::Status& creation_status)

1595

11615

    : name_(virtual_host.name()),

1596

11615

      stat_name_storage_(virtual_host.name(), factory_context.scope().symbolTable()),

1597

11615

      global_route_config_(global_route_config),

1598

      per_filter_configs_(

1599

11615

          THROW_OR_RETURN_VALUE(PerFilterConfigs::create(virtual_host.typed_per_filter_config(),

1600

                                                         factory_context, validator),

1601

                                std::unique_ptr<PerFilterConfigs>)),

1602

      per_request_buffer_limit_(

1603

11615

          PROTOBUF_GET_OPTIONAL_WRAPPED(virtual_host, per_request_buffer_limit_bytes)),

1604

      request_body_buffer_limit_(

1605

11615

          PROTOBUF_GET_OPTIONAL_WRAPPED(virtual_host, request_body_buffer_limit)),

1606

11615

      include_attempt_count_in_request_(virtual_host.include_request_attempt_count()),

1607

11615

      include_attempt_count_in_response_(virtual_host.include_attempt_count_in_response()),

1608

11615

      include_is_timeout_retry_header_(virtual_host.include_is_timeout_retry_header()) {

1609

1610

11615

  if (!virtual_host.request_headers_to_add().empty() ||

1611

11615

      !virtual_host.request_headers_to_remove().empty()) {

1612

123

    request_headers_parser_ =

1613

123

        THROW_OR_RETURN_VALUE(HeaderParser::configure(virtual_host.request_headers_to_add(),

1614

123

                                                      virtual_host.request_headers_to_remove()),

1615

123

                              Router::HeaderParserPtr);

1616

123

1617

11615

  if (!virtual_host.response_headers_to_add().empty() ||

1618

11615

      !virtual_host.response_headers_to_remove().empty()) {

1619

277

    response_headers_parser_ =

1620

277

        THROW_OR_RETURN_VALUE(HeaderParser::configure(virtual_host.response_headers_to_add(),

1621

277

                                                      virtual_host.response_headers_to_remove()),

1622

277

                              Router::HeaderParserPtr);

1623

277

1624

1625

  // Retry and Hedge policies must be set before routes, since they may use them.

1626

11615

  if (virtual_host.has_retry_policy()) {

1627

2

    auto policy_or_error =

1628

2

        RetryPolicyImpl::create(virtual_host.retry_policy(), validator, factory_context);

1629

2

    SET_AND_RETURN_IF_NOT_OK(policy_or_error.status(), creation_status);

1630

2

    retry_policy_ = std::move(policy_or_error.value());

1631

2

1632

11615

  if (virtual_host.has_hedge_policy()) {

1633

1

    hedge_policy_ = std::make_unique<envoy::config::route::v3::HedgePolicy>();

1634

1

    hedge_policy_->CopyFrom(virtual_host.hedge_policy());

1635

1

1636

1637

11615

  if (!virtual_host.rate_limits().empty()) {

1638

7

    rate_limit_policy_ = std::make_unique<RateLimitPolicyImpl>(virtual_host.rate_limits(),

1639

7

                                                               factory_context, creation_status);

1640

7

    SET_AND_RETURN_IF_NOT_OK(creation_status, creation_status);

1641

7

1642

1643

11615

  shadow_policies_.reserve(virtual_host.request_mirror_policies().size());

1644

11615

  for (const auto& mirror_policy_config : virtual_host.request_mirror_policies()) {

1645

2

    auto policy_or_error = ShadowPolicyImpl::create(mirror_policy_config, factory_context);

1646

2

    SET_AND_RETURN_IF_NOT_OK(policy_or_error.status(), creation_status);

1647

2

    shadow_policies_.push_back(std::move(policy_or_error.value()));

1648

2

1649

1650

  // Inherit policies from the global config.

1651

11615

  if (shadow_policies_.empty()) {

1652

11589

    shadow_policies_ = global_route_config_->shadowPolicies();

1653

11589

1654

1655

11615

  if (virtual_host.has_matcher() && !virtual_host.routes().empty()) {

1656

1

    creation_status =

1657

1

        absl::InvalidArgumentError("cannot set both matcher and routes on virtual host");

1658

1

    return;

1659

1

1660

1661

11614

  if (!virtual_host.virtual_clusters().empty()) {

1662

19

    vcluster_scope_ = Stats::Utility::scopeFromStatNames(

1663

19

        scope, {stat_name_storage_.statName(),

1664

19

                factory_context.routerContext().virtualClusterStatNames().vcluster_});

1665

19

    virtual_cluster_catch_all_ = std::make_unique<CatchAllVirtualCluster>(

1666

19

        *vcluster_scope_, factory_context.routerContext().virtualClusterStatNames());

1667

19

    virtual_clusters_.reserve(virtual_host.virtual_clusters().size());

1668

42

    for (const auto& virtual_cluster : virtual_host.virtual_clusters()) {

1669

42

      if (virtual_cluster.headers().empty()) {

1670

1

        creation_status = absl::InvalidArgumentError("virtual clusters must define 'headers'");

1671

1

        return;

1672

1

1673

1674

41

      virtual_clusters_.emplace_back(virtual_cluster, *vcluster_scope_, factory_context,

1675

41

                                     factory_context.routerContext().virtualClusterStatNames());

1676

41

1677

19

1678

1679

11613

  if (virtual_host.has_cors()) {

1680

10

    cors_policy_ = std::make_unique<CorsPolicyImpl>(virtual_host.cors(), factory_context);

1681

10

1682

1683

11613

  if (virtual_host.has_metadata()) {

1684

256

    metadata_ = std::make_unique<RouteMetadataPack>(virtual_host.metadata());

1685

256

1686

11613

1687

1688

CommonVirtualHostImpl::VirtualClusterEntry::VirtualClusterEntry(

1689

    const envoy::config::route::v3::VirtualCluster& virtual_cluster, Stats::Scope& scope,

1690

    Server::Configuration::CommonFactoryContext& context, const VirtualClusterStatNames& stat_names)

1691

41

    : StatNameProvider(virtual_cluster.name(), scope.symbolTable()),

1692

41

      VirtualClusterBase(virtual_cluster.name(), stat_name_storage_.statName(),

1693

41

                         scope.scopeFromStatName(stat_name_storage_.statName()), stat_names) {

1694

41

  ASSERT(!virtual_cluster.headers().empty());

1695

41

  headers_ = Http::HeaderUtility::buildHeaderDataVector(virtual_cluster.headers(), context);

1696

41

1697

1698

4

const CommonConfig& CommonVirtualHostImpl::routeConfig() const { return *global_route_config_; }

1699

1700

98694

absl::optional<bool> CommonVirtualHostImpl::filterDisabled(absl::string_view config_name) const {

1701

98694

  absl::optional<bool> result = per_filter_configs_->disabled(config_name);

1702

98694

  if (result.has_value()) {

1703

189

    return result.value();

1704

189

1705

98505

  return global_route_config_->filterDisabled(config_name);

1706

98694

1707

1708

const RouteSpecificFilterConfig*

1709

4906

CommonVirtualHostImpl::mostSpecificPerFilterConfig(absl::string_view name) const {

1710

4906

  auto* per_filter_config = per_filter_configs_->get(name);

1711

4906

  return per_filter_config != nullptr ? per_filter_config

1712

4906

                                      : global_route_config_->perFilterConfig(name);

1713

4906

1714

RouteSpecificFilterConfigs

1715

1601

CommonVirtualHostImpl::perFilterConfigs(absl::string_view filter_name) const {

1716

1601

  RouteSpecificFilterConfigs result;

1717

1718

  // Parent first.

1719

1601

  if (auto* maybe_rc_config = global_route_config_->perFilterConfig(filter_name);

1720

1601

      maybe_rc_config != nullptr) {

1721

13

    result.push_back(maybe_rc_config);

1722

13

1723

1601

  if (auto* maybe_vhost_config = per_filter_configs_->get(filter_name);

1724

1601

      maybe_vhost_config != nullptr) {

1725

48

    result.push_back(maybe_vhost_config);

1726

48

1727

1601

  return result;

1728

1601

1729

1730

43

const envoy::config::core::v3::Metadata& CommonVirtualHostImpl::metadata() const {

1731

43

  return metadata_ != nullptr ? metadata_->proto_metadata_

1732

43

                              : DefaultRouteMetadataPack::get().proto_metadata_;

1733

43

1734

1

const Envoy::Config::TypedMetadata& CommonVirtualHostImpl::typedMetadata() const {

1735

1

  return metadata_ != nullptr ? metadata_->typed_metadata_

1736

1

                              : DefaultRouteMetadataPack::get().typed_metadata_;

1737

1

1738

1739

absl::StatusOr<std::shared_ptr<CommonVirtualHostImpl>>

1740

CommonVirtualHostImpl::create(const envoy::config::route::v3::VirtualHost& virtual_host,

1741

                              const CommonConfigSharedPtr& global_route_config,

1742

                              Server::Configuration::ServerFactoryContext& factory_context,

1743

11615

                              Stats::Scope& scope, ProtobufMessage::ValidationVisitor& validator) {

1744

11615

  absl::Status creation_status = absl::OkStatus();

1745

11615

  auto ret = std::shared_ptr<CommonVirtualHostImpl>(new CommonVirtualHostImpl(

1746

11615

      virtual_host, global_route_config, factory_context, scope, validator, creation_status));

1747

11615

  RETURN_IF_NOT_OK(creation_status);

1748

11613

  return ret;

1749

11615

1750

1751

VirtualHostImpl::VirtualHostImpl(const envoy::config::route::v3::VirtualHost& virtual_host,

1752

                                 const CommonConfigSharedPtr& global_route_config,

1753

                                 Server::Configuration::ServerFactoryContext& factory_context,

1754

                                 Stats::Scope& scope, ProtobufMessage::ValidationVisitor& validator,

1755

11615

                                 bool validate_clusters, absl::Status& creation_status) {

1756

1757

11615

  auto host_or_error = CommonVirtualHostImpl::create(virtual_host, global_route_config,

1758

11615

                                                     factory_context, scope, validator);

1759

11615

  SET_AND_RETURN_IF_NOT_OK(host_or_error.status(), creation_status);

1760

11613

  shared_virtual_host_ = std::move(host_or_error.value());

1761

1762

11613

  switch (virtual_host.require_tls()) {

1763

    PANIC_ON_PROTO_ENUM_SENTINEL_VALUES;

1764

11562

  case envoy::config::route::v3::VirtualHost::NONE:

1765

11562

    ssl_requirements_ = SslRequirements::None;

1766

11562

    break;

1767

4

  case envoy::config::route::v3::VirtualHost::EXTERNAL_ONLY:

1768

4

    ssl_requirements_ = SslRequirements::ExternalOnly;

1769

4

    break;

1770

22

  case envoy::config::route::v3::VirtualHost::ALL:

1771

22

    ssl_requirements_ = SslRequirements::All;

1772

22

    break;

1773

11613

1774

11588

  ssl_redirect_route_ = std::make_shared<SslRedirectRoute>(shared_virtual_host_);

1775

1776

11588

  if (virtual_host.has_matcher()) {

1777

12

    RouteActionContext context{shared_virtual_host_, factory_context};

1778

12

    RouteActionValidationVisitor validation_visitor;

1779

12

    Matcher::MatchTreeFactory<Http::HttpMatchingData, RouteActionContext> factory(

1780

12

        context, factory_context, validation_visitor);

1781

1782

12

    matcher_ = factory.create(virtual_host.matcher())();

1783

1784

12

    if (!validation_visitor.errors().empty()) {

1785

      // TODO(snowp): Output all violations.

1786

1

      creation_status = absl::InvalidArgumentError(

1787

1

          fmt::format("requirement violation while creating route match tree: {}",

1788

1

                      validation_visitor.errors()[0]));

1789

1

      return;

1790

1

1791

11579

  } else {

1792

11576

    routes_.reserve(virtual_host.routes().size());

1793

12781

    for (const auto& route : virtual_host.routes()) {

1794

12780

      auto route_or_error = RouteCreator::createAndValidateRoute(

1795

12780

          route, shared_virtual_host_, factory_context, validator, validate_clusters);

1796

12780

      SET_AND_RETURN_IF_NOT_OK(route_or_error.status(), creation_status);

1797

12754

      routes_.emplace_back(route_or_error.value());

1798

12754

1799

11576

1800

11588

1801

1802

RouteConstSharedPtr VirtualHostImpl::getRouteFromRoutes(

1803

    const RouteCallback& cb, const Http::RequestHeaderMap& headers,

1804

    const StreamInfo::StreamInfo& stream_info, uint64_t random_value,

1805

88659

    absl::Span<const RouteEntryImplBaseConstSharedPtr> routes) const {

1806

91447

  for (auto route = routes.begin(); route != routes.end(); ++route) {

1807

91373

    if (!headers.Path() && !(*route)->supportsPathlessHeaders()) {

1808

21

      continue;

1809

21

1810

1811

91352

    RouteConstSharedPtr route_entry = (*route)->matches(headers, stream_info, random_value);

1812

91352

    if (route_entry == nullptr) {

1813

2759

      continue;

1814

2759

1815

1816

88593

    if (cb == nullptr) {

1817

88580

      return route_entry;

1818

88580

1819

1820

13

    RouteEvalStatus eval_status = (std::next(route) == routes.end())

1821

13

                                      ? RouteEvalStatus::NoMoreRoutes

1822

13

                                      : RouteEvalStatus::HasMoreRoutes;

1823

13

    RouteMatchStatus match_status = cb(route_entry, eval_status);

1824

13

    if (match_status == RouteMatchStatus::Accept) {

1825

3

      return route_entry;

1826

3

1827

10

    if (match_status == RouteMatchStatus::Continue &&

1828

10

        eval_status == RouteEvalStatus::NoMoreRoutes) {

1829

2

      ENVOY_LOG(debug,

1830

2

                "return null when route match status is Continue but there is no more routes");

1831

2

      return nullptr;

1832

2

1833

10

1834

1835

74

  ENVOY_LOG(debug, "route was resolved but final route list did not match incoming request");

1836

74

  return nullptr;

1837

88659

1838

1839

RouteConstSharedPtr VirtualHostImpl::getRouteFromEntries(const RouteCallback& cb,

1840

                                                         const Http::RequestHeaderMap& headers,

1841

                                                         const StreamInfo::StreamInfo& stream_info,

1842

89807

                                                         uint64_t random_value) const {

1843

  // In the rare case that X-Forwarded-Proto and scheme disagree (say http URL over an HTTPS

1844

  // connection), force a redirect based on underlying protocol, rather than URL

1845

  // scheme, so don't force a redirect for a http:// url served over a TLS

1846

  // connection.

1847

89807

  const absl::string_view scheme = headers.getForwardedProtoValue();

1848

89807

  if (scheme.empty()) {

1849

    // No scheme header. This normally only happens when ActiveStream::decodeHeaders

1850

    // bails early (as it rejects a request), or a buggy filter removes the :scheme header.

1851

1127

    return nullptr;

1852

1127

1853

1854

  // First check for ssl redirect.

1855

88680

  if (ssl_requirements_ == SslRequirements::All && scheme != "https") {

1856

15

    return ssl_redirect_route_;

1857

88665

  } else if (ssl_requirements_ == SslRequirements::ExternalOnly && scheme != "https" &&

1858

88665

             !Http::HeaderUtility::isEnvoyInternalRequest(headers)) {

1859

3

    return ssl_redirect_route_;

1860

3

1861

1862

88662

  if (matcher_) {

1863

18

    Http::Matching::HttpMatchingDataImpl data(stream_info);

1864

18

    data.onRequestHeaders(headers);

1865

1866

18

    Matcher::ActionMatchResult match_result =

1867

18

        Matcher::evaluateMatch<Http::HttpMatchingData>(*matcher_, data);

1868

1869

18

    if (match_result.isMatch()) {

1870

15

      const auto result = match_result.actionByMove();

1871

15

      if (result->typeUrl() == RouteMatchAction::staticTypeUrl()) {

1872

9

        return getRouteFromRoutes(

1873

9

            cb, headers, stream_info, random_value,

1874

9

            {std::dynamic_pointer_cast<const RouteEntryImplBase>(std::move(result))});

1875

9

      } else if (result->typeUrl() == RouteListMatchAction::staticTypeUrl()) {

1876

6

        const RouteListMatchAction& action = result->getTyped<RouteListMatchAction>();

1877

6

        return getRouteFromRoutes(cb, headers, stream_info, random_value, action.routes());

1878

6

1879

      PANIC("Action in router matcher should be Route or RouteList");

1880

1881

1882

3

    ENVOY_LOG(debug, "failed to match incoming request: {}",

1883

3

              match_result.isNoMatch() ? "no match" : "insufficient data");

1884

1885

3

    return nullptr;

1886

18

1887

1888

  // Check for a route that matches the request.

1889

88644

  return getRouteFromRoutes(cb, headers, stream_info, random_value, routes_);

1890

88662

1891

1892

const VirtualHostImpl* RouteMatcher::findWildcardVirtualHost(

1893

    absl::string_view host, const RouteMatcher::WildcardVirtualHosts& wildcard_virtual_hosts,

1894

50

    RouteMatcher::SubstringFunction substring_function) const {

1895

  // We do a longest wildcard match against the host that's passed in

1896

  // (e.g. "foo-bar.baz.com" should match "*-bar.baz.com" before matching "*.baz.com" for suffix

1897

  // wildcards). This is done by scanning the length => wildcards map looking for every wildcard

1898

  // whose size is < length.

1899

92

  for (const auto& iter : wildcard_virtual_hosts) {

1900

92

    const uint32_t wildcard_length = iter.first;

1901

92

    const auto& wildcard_map = iter.second;

1902

    // >= because *.foo.com shouldn't match .foo.com.

1903

92

    if (wildcard_length >= host.size()) {

1904

49

      continue;

1905

49

1906

43

    const auto match = wildcard_map.find(substring_function(host, wildcard_length));

1907

43

    if (match != wildcard_map.end()) {

1908

7

      return match->second.get();

1909

7

1910

43

1911

43

  return nullptr;

1912

50

1913

absl::StatusOr<std::unique_ptr<RouteMatcher>>

1914

RouteMatcher::create(const envoy::config::route::v3::RouteConfiguration& route_config,

1915

                     const CommonConfigSharedPtr& global_route_config,

1916

                     Server::Configuration::ServerFactoryContext& factory_context,

1917

10160

                     ProtobufMessage::ValidationVisitor& validator, bool validate_clusters) {

1918

10160

  absl::Status creation_status = absl::OkStatus();

1919

10160

  auto ret = std::unique_ptr<RouteMatcher>{new RouteMatcher(route_config, global_route_config,

1920

10160

                                                            factory_context, validator,

1921

10160

                                                            validate_clusters, creation_status)};

1922

10160

  RETURN_IF_NOT_OK(creation_status);

1923

10124

  return ret;

1924

10160

1925

RouteMatcher::RouteMatcher(const envoy::config::route::v3::RouteConfiguration& route_config,

1926

                           const CommonConfigSharedPtr& global_route_config,

1927

                           Server::Configuration::ServerFactoryContext& factory_context,

1928

                           ProtobufMessage::ValidationVisitor& validator, bool validate_clusters,

1929

                           absl::Status& creation_status)

1930

10160

    : vhost_scope_(factory_context.scope().scopeFromStatName(

1931

10160

          factory_context.routerContext().virtualClusterStatNames().vhost_)),

1932

10160

      ignore_port_in_host_matching_(route_config.ignore_port_in_host_matching()),

1933

10160

      vhost_header_(route_config.vhost_header()) {

1934

11637

  for (const auto& virtual_host_config : route_config.virtual_hosts()) {

1935

11615

    VirtualHostImplSharedPtr virtual_host = std::make_shared<VirtualHostImpl>(

1936

11615

        virtual_host_config, global_route_config, factory_context, *vhost_scope_, validator,

1937

11615

        validate_clusters, creation_status);

1938

11615

    SET_AND_RETURN_IF_NOT_OK(creation_status, creation_status);

1939

11605

    for (const std::string& domain_name : virtual_host_config.domains()) {

1940

11591

      const Http::LowerCaseString lower_case_domain_name(domain_name);

1941

11591

      absl::string_view domain = lower_case_domain_name;

1942

11591

      bool duplicate_found = false;

1943

11591

      if ("*" == domain) {

1944

9627

        if (default_virtual_host_) {

1945

2

          creation_status = absl::InvalidArgumentError(fmt::format(

1946

2

              "Only a single wildcard domain is permitted in route {}", route_config.name()));

1947

2

          return;

1948

2

1949

9625

        default_virtual_host_ = virtual_host;

1950

10788

      } else if (!domain.empty() && '*' == domain[0]) {

1951

7

        duplicate_found = !wildcard_virtual_host_suffixes_[domain.size() - 1]

1952

7

                               .emplace(domain.substr(1), virtual_host)

1953

7

                               .second;

1954

1957

      } else if (!domain.empty() && '*' == domain[domain.size() - 1]) {

1955

4

        duplicate_found = !wildcard_virtual_host_prefixes_[domain.size() - 1]

1956

4

                               .emplace(domain.substr(0, domain.size() - 1), virtual_host)

1957

4

                               .second;

1958

1953

      } else {

1959

1953

        duplicate_found = !virtual_hosts_.emplace(domain, virtual_host).second;

1960

1953

1961

11589

      if (duplicate_found) {

1962

5

        creation_status = absl::InvalidArgumentError(

1963

5

            fmt::format("Only unique values for domains are permitted. Duplicate "

1964

5

                        "entry of domain {} in route {}",

1965

5

                        domain, route_config.name()));

1966

5

        return;

1967

5

1968

11589

1969

11586

1970

10160

1971

1972

91966

const VirtualHostImpl* RouteMatcher::findVirtualHost(const Http::RequestHeaderMap& headers) const {

1973

  // Fast path the case where we only have a default virtual host.

1974

91966

  if (virtual_hosts_.empty() && wildcard_virtual_host_suffixes_.empty() &&

1975

91966

      wildcard_virtual_host_prefixes_.empty()) {

1976

87878

    return default_virtual_host_.get();

1977

87878

1978

1979

4088

  absl::string_view host_header_value;

1980

4088

  if (!vhost_header_.get().empty()) {

1981

1

    auto result = headers.get(vhost_header_);

1982

    // If using an alternate header, it must not be empty.

1983

1

    if (result.empty()) {

1984

      return nullptr;

1985

1986

1

    host_header_value = result[0]->value().getStringView();

1987

4087

  } else {

1988

    // There may be no authority in early reply paths in the HTTP connection manager.

1989

4087

    if (headers.Host() == nullptr) {

1990

4

      return nullptr;

1991

4

1992

4083

    host_header_value = headers.getHostValue();

1993

4083

1994

1995

  // If 'ignore_port_in_host_matching' is set, ignore the port number in the host header(if any).

1996

4084

  if (ignorePortInHostMatching()) {

1997

4

    if (const absl::string_view::size_type port_start =

1998

4

            Http::HeaderUtility::getPortStart(host_header_value);

1999

4

        port_start != absl::string_view::npos) {

2000

3

      host_header_value = host_header_value.substr(0, port_start);

2001

3

2002

4

2003

  // TODO (@rshriram) Match Origin header in WebSocket

2004

  // request with VHost, using wildcard match

2005

  // Lower-case the value of the host header, as hostnames are case insensitive.

2006

4084

  const std::string host = absl::AsciiStrToLower(host_header_value);

2007

4084

  const auto iter = virtual_hosts_.find(host);

2008

4084

  if (iter != virtual_hosts_.end()) {

2009

1668

    return iter->second.get();

2010

1668

2011

2416

  if (!wildcard_virtual_host_suffixes_.empty()) {

2012

47

    const VirtualHostImpl* vhost = findWildcardVirtualHost(

2013

47

        host, wildcard_virtual_host_suffixes_,

2014

47

        [](absl::string_view h, int l) -> absl::string_view { return h.substr(h.size() - l); });

2015

47

    if (vhost != nullptr) {

2016

6

      return vhost;

2017

6

2018

47

2019

2410

  if (!wildcard_virtual_host_prefixes_.empty()) {

2020

3

    const VirtualHostImpl* vhost = findWildcardVirtualHost(

2021

3

        host, wildcard_virtual_host_prefixes_,

2022

3

        [](absl::string_view h, int l) -> absl::string_view { return h.substr(0, l); });

2023

3

    if (vhost != nullptr) {

2024

1

      return vhost;

2025

1

2026

3

2027

2409

  return default_virtual_host_.get();

2028

2410

2029

2030

VirtualHostRoute RouteMatcher::route(const RouteCallback& cb, const Http::RequestHeaderMap& headers,

2031

                                     const StreamInfo::StreamInfo& stream_info,

2032

91942

                                     uint64_t random_value) const {

2033

91942

  VirtualHostRoute route_result;

2034

91942

  const VirtualHostImpl* virtual_host = findVirtualHost(headers);

2035

91942

  if (virtual_host) {

2036

89807

    route_result.vhost = virtual_host->virtualHost();

2037

89807

    route_result.route = virtual_host->getRouteFromEntries(cb, headers, stream_info, random_value);

2038

89807

2039

2040

91942

  return route_result;

2041

91942

2042

2043

const SslRedirector SslRedirectRoute::SSL_REDIRECTOR;

2044

const envoy::config::core::v3::Metadata SslRedirectRoute::metadata_;

2045

const Envoy::Config::TypedMetadataImpl<Envoy::Config::TypedMetadataFactory>

2046

    SslRedirectRoute::typed_metadata_({});

2047

2048

const VirtualCluster*

2049

44100

CommonVirtualHostImpl::virtualClusterFromEntries(const Http::HeaderMap& headers) const {

2050

44365

  for (const VirtualClusterEntry& entry : virtual_clusters_) {

2051

352

    if (Http::HeaderUtility::matchHeaders(headers, entry.headers_)) {

2052

45

      return &entry;

2053

45

2054

352

2055

2056

44055

  if (!virtual_clusters_.empty()) {

2057

41

    return virtual_cluster_catch_all_.get();

2058

41

2059

2060

44014

  return nullptr;

2061

44055

2062

2063

absl::StatusOr<std::shared_ptr<CommonConfigImpl>>

2064

CommonConfigImpl::create(const envoy::config::route::v3::RouteConfiguration& config,

2065

                         Server::Configuration::ServerFactoryContext& factory_context,

2066

10161

                         ProtobufMessage::ValidationVisitor& validator) {

2067

10161

  absl::Status creation_status = absl::OkStatus();

2068

10161

  auto ret = std::shared_ptr<CommonConfigImpl>(

2069

10161

      new CommonConfigImpl(config, factory_context, validator, creation_status));

2070

10161

  RETURN_IF_NOT_OK(creation_status);

2071

10161

  return ret;

2072

10161

2073

2074

CommonConfigImpl::CommonConfigImpl(const envoy::config::route::v3::RouteConfiguration& config,

2075

                                   Server::Configuration::ServerFactoryContext& factory_context,

2076

                                   ProtobufMessage::ValidationVisitor& validator,

2077

                                   absl::Status& creation_status)

2078

10161

    : name_(config.name()), symbol_table_(factory_context.scope().symbolTable()),

2079

10161

      per_filter_configs_(THROW_OR_RETURN_VALUE(

2080

          PerFilterConfigs::create(config.typed_per_filter_config(), factory_context, validator),

2081

          std::unique_ptr<PerFilterConfigs>)),

2082

      max_direct_response_body_size_bytes_(

2083

10161

          PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, max_direct_response_body_size_bytes,

2084

                                          DEFAULT_MAX_DIRECT_RESPONSE_BODY_SIZE_BYTES)),

2085

10161

      uses_vhds_(config.has_vhds()),

2086

10161

      most_specific_header_mutations_wins_(config.most_specific_header_mutations_wins()),

2087

10161

      ignore_path_parameters_in_path_matching_(config.ignore_path_parameters_in_path_matching()) {

2088

10161

  if (!config.request_mirror_policies().empty()) {

2089

1

    shadow_policies_.reserve(config.request_mirror_policies().size());

2090

1

    for (const auto& mirror_policy_config : config.request_mirror_policies()) {

2091

1

      auto policy_or_error = ShadowPolicyImpl::create(mirror_policy_config, factory_context);

2092

1

      SET_AND_RETURN_IF_NOT_OK(policy_or_error.status(), creation_status);

2093

1

      shadow_policies_.push_back(std::move(policy_or_error.value()));

2094

1

2095

1

2096

2097

  // Initialize all cluster specifier plugins before creating route matcher. Because the route may

2098

  // reference it by name.

2099

10161

  for (const auto& plugin_proto : config.cluster_specifier_plugins()) {

2100

6

    auto plugin = THROW_OR_RETURN_VALUE(

2101

6

        getClusterSpecifierPluginByTheProto(plugin_proto, validator, factory_context),

2102

6

        ClusterSpecifierPluginSharedPtr);

2103

6

    cluster_specifier_plugins_.emplace(plugin_proto.extension().name(), std::move(plugin));

2104

6

2105

2106

10161

  for (const std::string& header : config.internal_only_headers()) {

2107

9

    internal_only_headers_.push_back(Http::LowerCaseString(header));

2108

9

2109

2110

10161

  if (!config.request_headers_to_add().empty() || !config.request_headers_to_remove().empty()) {

2111

27

    request_headers_parser_ =

2112

27

        THROW_OR_RETURN_VALUE(HeaderParser::configure(config.request_headers_to_add(),

2113

27

                                                      config.request_headers_to_remove()),

2114

27

                              Router::HeaderParserPtr);

2115

27

2116

10161

  if (!config.response_headers_to_add().empty() || !config.response_headers_to_remove().empty()) {

2117

22

    response_headers_parser_ =

2118

22

        THROW_OR_RETURN_VALUE(HeaderParser::configure(config.response_headers_to_add(),

2119

22

                                                      config.response_headers_to_remove()),

2120

22

                              Router::HeaderParserPtr);

2121

22

2122

2123

10161

  if (config.has_metadata()) {

2124

1

    metadata_ = std::make_unique<RouteMetadataPack>(config.metadata());

2125

1

2126

10161

2127

2128

absl::StatusOr<ClusterSpecifierPluginSharedPtr>

2129

4

CommonConfigImpl::clusterSpecifierPlugin(absl::string_view provider) const {

2130

4

  auto iter = cluster_specifier_plugins_.find(provider);

2131

4

  if (iter == cluster_specifier_plugins_.end() || iter->second == nullptr) {

2132

1

    return absl::InvalidArgumentError(

2133

1

        fmt::format("Unknown cluster specifier plugin name: {} is used in the route", provider));

2134

1

2135

3

  return iter->second;

2136

4

2137

2138

1

const envoy::config::core::v3::Metadata& CommonConfigImpl::metadata() const {

2139

1

  return metadata_ != nullptr ? metadata_->proto_metadata_

2140

1

                              : DefaultRouteMetadataPack::get().proto_metadata_;

2141

1

2142

1

const Envoy::Config::TypedMetadata& CommonConfigImpl::typedMetadata() const {

2143

1

  return metadata_ != nullptr ? metadata_->typed_metadata_

2144

1

                              : DefaultRouteMetadataPack::get().typed_metadata_;

2145

1

2146

2147

absl::StatusOr<std::shared_ptr<CommonConfigImpl>>

2148

create(const envoy::config::route::v3::RouteConfiguration& config,

2149

       Server::Configuration::ServerFactoryContext& factory_context,

2150

       ProtobufMessage::ValidationVisitor& validator) {

2151

  auto config_or_error = CommonConfigImpl::create(config, factory_context, validator);

2152

  RETURN_IF_NOT_OK(config_or_error.status());

2153

  return config_or_error.value();

2154

2155

2156

absl::StatusOr<std::shared_ptr<ConfigImpl>>

2157

ConfigImpl::create(const envoy::config::route::v3::RouteConfiguration& config,

2158

                   Server::Configuration::ServerFactoryContext& factory_context,

2159

9917

                   ProtobufMessage::ValidationVisitor& validator, bool validate_clusters_default) {

2160

9917

  absl::Status creation_status = absl::OkStatus();

2161

9917

  auto ret = std::shared_ptr<ConfigImpl>(new ConfigImpl(

2162

9917

      config, factory_context, validator, validate_clusters_default, creation_status));

2163

9917

  RETURN_IF_NOT_OK(creation_status);

2164

9913

  return ret;

2165

9917

2166

2167

ConfigImpl::ConfigImpl(const envoy::config::route::v3::RouteConfiguration& config,

2168

                       Server::Configuration::ServerFactoryContext& factory_context,

2169

                       ProtobufMessage::ValidationVisitor& validator,

2170

10161

                       bool validate_clusters_default, absl::Status& creation_status) {

2171

10161

  auto config_or_error = CommonConfigImpl::create(config, factory_context, validator);

2172

10161

  SET_AND_RETURN_IF_NOT_OK(config_or_error.status(), creation_status);

2173

10161

  shared_config_ = std::move(config_or_error.value());

2174

2175

10161

  auto matcher_or_error = RouteMatcher::create(

2176

10161

      config, shared_config_, factory_context, validator,

2177

10161

      PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, validate_clusters, validate_clusters_default));

2178

10161

  SET_AND_RETURN_IF_NOT_OK(matcher_or_error.status(), creation_status);

2179

10125

  route_matcher_ = std::move(matcher_or_error.value());

2180

10125

2181

2182

VirtualHostRoute ConfigImpl::route(const RouteCallback& cb, const Http::RequestHeaderMap& headers,

2183

                                   const StreamInfo::StreamInfo& stream_info,

2184

91942

                                   uint64_t random_value) const {

2185

91942

  return route_matcher_->route(cb, headers, stream_info, random_value);

2186

91942

2187

2188

1

const envoy::config::core::v3::Metadata& NullConfigImpl::metadata() const {

2189

1

  return DefaultRouteMetadataPack::get().proto_metadata_;

2190

1

2191

1

const Envoy::Config::TypedMetadata& NullConfigImpl::typedMetadata() const {

2192

1

  return DefaultRouteMetadataPack::get().typed_metadata_;

2193

1

2194

2195

Matcher::ActionConstSharedPtr

2196

RouteMatchActionFactory::createAction(const Protobuf::Message& config, RouteActionContext& context,

2197

11

                                      ProtobufMessage::ValidationVisitor& validation_visitor) {

2198

11

  const auto& route_config =

2199

11

      MessageUtil::downcastAndValidate<const envoy::config::route::v3::Route&>(config,

2200

11

                                                                               validation_visitor);

2201

11

  auto route = THROW_OR_RETURN_VALUE(

2202

11

      RouteCreator::createAndValidateRoute(route_config, context.vhost, context.factory_context,

2203

11

                                           validation_visitor, false),

2204

11

      RouteEntryImplBaseConstSharedPtr);

2205

11

  return route;

2206

11

2207

REGISTER_FACTORY(RouteMatchActionFactory, Matcher::ActionFactory<RouteActionContext>);

2208

2209

Matcher::ActionConstSharedPtr

2210

RouteListMatchActionFactory::createAction(const Protobuf::Message& config,

2211

                                          RouteActionContext& context,

2212

3

                                          ProtobufMessage::ValidationVisitor& validation_visitor) {

2213

3

  const auto& route_config =

2214

3

      MessageUtil::downcastAndValidate<const envoy::config::route::v3::RouteList&>(

2215

3

          config, validation_visitor);

2216

2217

3

  std::vector<RouteEntryImplBaseConstSharedPtr> routes;

2218

9

  for (const auto& route : route_config.routes()) {

2219

9

    routes.emplace_back(THROW_OR_RETURN_VALUE(

2220

9

        RouteCreator::createAndValidateRoute(route, context.vhost, context.factory_context,

2221

9

                                             validation_visitor, false),

2222

9

        RouteEntryImplBaseConstSharedPtr));

2223

9

2224

3

  return std::make_shared<RouteListMatchAction>(std::move(routes));

2225

3

2226

REGISTER_FACTORY(RouteListMatchActionFactory, Matcher::ActionFactory<RouteActionContext>);

2227

2228

} // namespace Router

2229

} // namespace Envoy