tiny_proxy/auth/
headers.rs

1//! Header manipulation utilities for authentication
2//!
3//! This module provides utilities for processing header value substitutions
4//! including request headers, UUIDs, and environment variables.
5
6use hyper::Request;
7
8/// Process header value substitutions
9///
10/// Replaces placeholders in the header value with actual values:
11/// - `{header.Name}` - value of request header with that name
12/// - `{uuid}` - generates a random UUID
13/// - `{env.VAR}` - value of environment variable VAR
14///
15/// # Arguments
16///
17/// * `value` - The header value template with placeholders
18/// * `req` - The HTTP request to extract headers from
19///
20/// # Returns
21///
22/// The processed header value with all placeholders replaced
23///
24/// # Example
25///
26/// ```no_run
27/// # use hyper::Request;
28/// # use bytes::Bytes;
29/// # use http_body_util::Empty;
30/// # use tiny_proxy::auth::headers::process_header_substitution;
31/// # fn main() -> anyhow::Result<()> {
32/// # let req = Request::builder().body(Empty::<Bytes>::new()).unwrap();
33/// let result = process_header_substitution("X-Request-ID: {uuid}", &req)?;
34/// assert!(result.contains("X-Request-ID:"));
35/// # Ok(())
36/// # }
37/// ```
38pub fn process_header_substitution<B>(value: &str, req: &Request<B>) -> anyhow::Result<String> {
39    let mut result = value.to_string();
40
41    // Process {header.Name} substitutions
42    while let Some(start) = result.find("{header.") {
43        let end = result[start..]
44            .find('}')
45            .ok_or_else(|| anyhow::anyhow!("Unclosed header substitution at position {}", start))?
46            + start;
47
48        let header_name = &result[start + 8..end];
49
50        if let Some(header_value) = req.headers().get(header_name).and_then(|h| h.to_str().ok()) {
51            result.replace_range(start..=end, header_value);
52        } else {
53            // If header doesn't exist, remove the placeholder
54            result.replace_range(start..=end, "");
55        }
56    }
57
58    // Process {env.VAR} substitutions
59    while let Some(start) = result.find("{env.") {
60        let end = result[start..].find('}').ok_or_else(|| {
61            anyhow::anyhow!(
62                "Unclosed environment variable substitution at position {}",
63                start
64            )
65        })? + start;
66
67        let var_name = &result[start + 5..end];
68
69        if let Ok(env_value) = std::env::var(var_name) {
70            result.replace_range(start..=end, &env_value);
71        } else {
72            // If env var doesn't exist, remove the placeholder
73            result.replace_range(start..=end, "");
74        }
75    }
76
77    // Process {uuid} substitutions
78    result = result.replace("{uuid}", &uuid::Uuid::new_v4().to_string());
79
80    Ok(result)
81}
82
83/// Extract remote IP address from request headers
84///
85/// Looks for the X-Forwarded-For or X-Real-IP headers to determine the
86/// original client IP address.
87///
88/// # Arguments
89///
90/// * `req` - The HTTP request
91///
92/// # Returns
93///
94/// The remote IP address if found, None otherwise
95pub fn extract_remote_ip<B>(req: &Request<B>) -> Option<String> {
96    // Check X-Forwarded-For header (set by proxies)
97    if let Some(xff) = req.headers().get("X-Forwarded-For") {
98        if let Ok(xff_str) = xff.to_str() {
99            // X-Forwarded-For can contain multiple IPs, take the first one
100            let first_ip = xff_str.split(',').next()?.trim();
101            return Some(first_ip.to_string());
102        }
103    }
104
105    // Check X-Real-IP header
106    if let Some(xri) = req.headers().get("X-Real-IP") {
107        if let Ok(xri_str) = xri.to_str() {
108            return Some(xri_str.to_string());
109        }
110    }
111
112    None
113}
114
115#[cfg(test)]
116mod tests {
117    use super::*;
118    use bytes::Bytes;
119    use http_body_util::Empty;
120    use hyper::Request;
121
122    fn make_request() -> Request<Empty<Bytes>> {
123        Request::builder().body(Empty::new()).unwrap()
124    }
125
126    fn make_request_with_header(name: &str, value: &str) -> Request<Empty<Bytes>> {
127        Request::builder()
128            .header(name, value)
129            .body(Empty::new())
130            .unwrap()
131    }
132
133    #[test]
134    fn test_process_header_substitution_header() {
135        let req = make_request_with_header("X-User-ID", "12345");
136
137        let result = process_header_substitution("User: {header.X-User-ID}", &req).unwrap();
138        assert_eq!(result, "User: 12345");
139    }
140
141    #[test]
142    fn test_process_header_substitution_env() {
143        std::env::set_var("TEST_VAR", "test-value");
144        let req = make_request();
145
146        let result = process_header_substitution("Value: {env.TEST_VAR}", &req).unwrap();
147        assert_eq!(result, "Value: test-value");
148        std::env::remove_var("TEST_VAR");
149    }
150
151    #[test]
152    fn test_process_header_substitution_uuid() {
153        let req = make_request();
154
155        let result = process_header_substitution("ID: {uuid}", &req).unwrap();
156        assert!(result.starts_with("ID: "));
157        assert!(result.len() > 5); // UUID should be present
158    }
159
160    #[test]
161    fn test_process_header_substitution_missing_header() {
162        let req = make_request();
163
164        let result = process_header_substitution("Value: {header.Missing}", &req).unwrap();
165        assert_eq!(result, "Value: ");
166    }
167
168    #[test]
169    fn test_extract_remote_ip_xff() {
170        let req = make_request_with_header("X-Forwarded-For", "192.168.1.1, 10.0.0.1");
171
172        let ip = extract_remote_ip(&req);
173        assert_eq!(ip, Some("192.168.1.1".to_string()));
174    }
175
176    #[test]
177    fn test_extract_remote_ip_xri() {
178        let req = make_request_with_header("X-Real-IP", "192.168.1.2");
179
180        let ip = extract_remote_ip(&req);
181        assert_eq!(ip, Some("192.168.1.2".to_string()));
182    }
183
184    #[test]
185    fn test_extract_remote_ip_none() {
186        let req = make_request();
187
188        let ip = extract_remote_ip(&req);
189        assert!(ip.is_none());
190    }
191}
tiny_proxy/auth/headers.rs

tiny_proxy/auth/
headers.rs
