Session based poisons
MixMasterMitch opened this issue · 2 comments
This is related to my other question: #36
I need to be able to poison requests conditionally on the session (or similar identifier). For example I want to be able to poison user A's request to /some-end-point without poisoning user B's request to /some-end-point. Specifically, I want user A to be able to hit the troxy admin API and specify a new poison with a specific bandwidth and have the poison only applied to user A's requests. In my custom throttling implementation, I do this using sessions. I am sure this can be accomplished with toxy, but I want to know: what would be the most straight forward mechanism for implementing this with toxy?
I think that can be trivially done using rules. Rules has been mostly designed for that kind of scenarios. An example worth more than words (however it was radically simplified compared to a realistic scenario):
var sessions = ['secret-session-token']
const proxy = toxy()
proxy.forward('http://my-sane-server')
// Route-specific configuration
proxy
.get('/some-end-point')
.poison(toxy.poisons.bandwidth(1024)) // or use another poison
.withRule(function (req, res, next) {
var userToken = req.headers.authorization // perhaps you want to retrieve this from cookies, you can do it too
if (~sessions.indexOf(userToken)) {
return next(null, false) // if session found, must enable the poison (so false because we don't want to ignore it)
}
next(null, true) // otherwise, ignore the poison
})
// Route the rest of the traffic
proxy.all('/*')
// Bind server to port
proxy.listen(3000)I figured that a custom rule was probably the recommended approach, I just wanted to confirm that I wasn't missing a built-in solution.