pub struct CredentialInjectionFilter { /* private fields */ }Expand description
Injects per-cluster API credentials into upstream requests.
For each configured cluster, injects a header (e.g.
Authorization: Bearer sk-...) and optionally strips
client-provided values for that header to prevent
credential forwarding.
Credentials are resolved at construction time (inline values or environment variables). The filter matches on the cluster name selected by the router filter earlier in the pipeline.
§YAML configuration
filter: credential_injection
clusters:
- name: provider-a
header: Authorization
env_var: PROVIDER_A_API_KEY
header_prefix: "Bearer "
strip_client_credential: true
- name: internal
header: x-api-key
value: "internal-secret"§Example
use praxis_filter::CredentialInjectionFilter;
let yaml: serde_yaml::Value = serde_yaml::from_str(
r#"
clusters:
- name: backend
header: x-api-key
value: "secret-123"
strip_client_credential: true
"#,
)
.unwrap();
let filter = CredentialInjectionFilter::from_config(&yaml).unwrap();
assert_eq!(filter.name(), "credential_injection");Implementations§
Source§impl CredentialInjectionFilter
impl CredentialInjectionFilter
Sourcepub fn from_config(config: &Value) -> Result<Box<dyn HttpFilter>, FilterError>
pub fn from_config(config: &Value) -> Result<Box<dyn HttpFilter>, FilterError>
Create from YAML config.
Resolves all credentials (inline or from environment variables) at construction time so that per-request processing is a simple map lookup.
use praxis_filter::CredentialInjectionFilter;
let yaml: serde_yaml::Value = serde_yaml::from_str(
r#"
clusters:
- name: my-cluster
header: Authorization
value: "token-abc"
header_prefix: "Bearer "
"#,
)
.unwrap();
let filter = CredentialInjectionFilter::from_config(&yaml).unwrap();
assert_eq!(filter.name(), "credential_injection");§Errors
Returns FilterError if:
clustersis empty- Both
valueandenv_varare set (or neither) - An
env_varis not set in the environment
Trait Implementations§
Source§impl HttpFilter for CredentialInjectionFilter
impl HttpFilter for CredentialInjectionFilter
Source§fn name(&self) -> &'static str
fn name(&self) -> &'static str
Unique name identifying this filter type (e.g.
"router", "rate_limit").Source§fn on_request<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn on_request<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Called for each incoming request, in pipeline order.
Source§fn on_response<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn on_response<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Called for each response, in reverse pipeline order. Read more
Source§fn request_body_access(&self) -> BodyAccess
fn request_body_access(&self) -> BodyAccess
Declares what access this filter needs to request bodies. Read more
Source§fn response_body_access(&self) -> BodyAccess
fn response_body_access(&self) -> BodyAccess
Declares what access this filter needs to response bodies. Read more
Source§fn request_body_mode(&self) -> BodyMode
fn request_body_mode(&self) -> BodyMode
Declares the delivery mode for request body chunks. Read more
Source§fn response_body_mode(&self) -> BodyMode
fn response_body_mode(&self) -> BodyMode
Declares the delivery mode for response body chunks. Read more
Source§fn needs_request_context(&self) -> bool
fn needs_request_context(&self) -> bool
Whether this filter needs the original request context
during body phases. Read more
Source§fn apply_insecure_options(&self, _options: &InsecureOptions)
fn apply_insecure_options(&self, _options: &InsecureOptions)
Apply global
InsecureOptions to this filter. Read moreSource§fn compression_config(&self) -> Option<&CompressionConfig>
fn compression_config(&self) -> Option<&CompressionConfig>
Returns the compression configuration if this filter enables
response compression. Read more
Source§fn on_request_body<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
body: &'life3 mut Option<Bytes>,
end_of_stream: bool,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn on_request_body<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
body: &'life3 mut Option<Bytes>,
end_of_stream: bool,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Called for each chunk of request body data, in pipeline order. Read more
Source§fn on_response_body(
&self,
ctx: &mut HttpFilterContext<'_>,
body: &mut Option<Bytes>,
end_of_stream: bool,
) -> Result<FilterAction, FilterError>
fn on_response_body( &self, ctx: &mut HttpFilterContext<'_>, body: &mut Option<Bytes>, end_of_stream: bool, ) -> Result<FilterAction, FilterError>
Called for each chunk of response body data, in reverse
pipeline order. Read more
Auto Trait Implementations§
impl Freeze for CredentialInjectionFilter
impl RefUnwindSafe for CredentialInjectionFilter
impl Send for CredentialInjectionFilter
impl Sync for CredentialInjectionFilter
impl Unpin for CredentialInjectionFilter
impl UnsafeUnpin for CredentialInjectionFilter
impl UnwindSafe for CredentialInjectionFilter
Blanket Implementations§
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more