Merge pull request #133 from ngrok/bob/policy

Add policies configuration
ngrok · Jan 30, 2024 · 49b1575 · 49b1575
2 parents dcf2713 + a9acaeb
commit 49b1575
Show file tree

Hide file tree

Showing 11 changed files with 516 additions and 10 deletions.
diff --git a/ngrok/Cargo.toml b/ngrok/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ngrok"
-version = "0.14.0-pre.9"
+version = "0.14.0-pre.10"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "The ngrok agent SDK"

diff --git a/ngrok/assets/policy.json b/ngrok/assets/policy.json
@@ -0,0 +1,31 @@
+{
+  "inbound": [
+    {
+      "name": "test_in",
+      "expressions": [
+        "req.Method == 'PUT'"
+      ],
+      "actions": [
+        {
+          "type": "deny"
+        }
+      ]
+    }
+  ],
+  "outbound": [
+    {
+      "name": "test_out",
+      "expressions": [
+        "res.StatusCode == '200'"
+      ],
+      "actions": [
+        {
+          "type": "custom-response",
+          "config": {
+            "status_code": 201
+          }
+        }
+      ]
+    }
+  ]
+}
diff --git a/ngrok/examples/axum.rs b/ngrok/examples/axum.rs
@@ -61,6 +61,7 @@ async fn start_tunnel() -> anyhow::Result<HttpTunnel> {
         //         .allow_domain("<domain>")
         //         .scope("<scope>"),
         // )
+        // .policy(create_policy())?
         // .proxy_proto(ProxyProto::None)
         // .remove_request_header("X-Req-Nope")
         // .remove_response_header("X-Res-Nope")
@@ -77,3 +78,28 @@ async fn start_tunnel() -> anyhow::Result<HttpTunnel> {
 
     Ok(tun)
 }
+
+#[allow(dead_code)]
+fn create_policy() -> Result<Policy, InvalidPolicy> {
+    Ok(Policy::new()
+        .add_inbound(
+            Rule::new("deny_put")
+                .add_expression("req.Method == 'PUT'")
+                .add_action(Action::new("deny", None)?),
+        )
+        .add_outbound(
+            Rule::new("200_response")
+                .add_expression("res.StatusCode == '200'")
+                .add_action(Action::new(
+                    "custom-response",
+                    Some(
+                        r###"{
+                    "status_code": 200,
+                    "content_type": "text/html",
+                    "content": "Custom 200 response."
+                }"###,
+                    ),
+                )?),
+        )
+        .to_owned())
+}
diff --git a/ngrok/src/config/common.rs b/ngrok/src/config/common.rs
@@ -10,6 +10,7 @@ use url::Url;
 
 pub use crate::internals::proto::ProxyProto;
 use crate::{
+    config::policies::Policy,
     forwarder::Forwarder,
     internals::proto::{
         BindExtra,
@@ -198,6 +199,9 @@ pub(crate) struct CommonOpts {
     pub(crate) forwards_to: Option<String>,
     // Tunnel L7 app protocol
     pub(crate) forwards_proto: Option<String>,
+    // Policy that defines rules that should be applied to incoming or outgoing
+    // connections to the edge.
+    pub(crate) policy: Option<Policy>,
 }
 
 impl CommonOpts {

diff --git a/ngrok/src/config/http.rs b/ngrok/src/config/http.rs
@@ -11,7 +11,10 @@ use bytes::{
 use thiserror::Error;
 use url::Url;
 
-use super::common::ProxyProto;
+use super::{
+    common::ProxyProto,
+    Policy,
+};
 // These are used for doc comment links.
 #[allow(unused_imports)]
 use crate::config::{
@@ -182,6 +185,7 @@ impl TunnelConfig for HttpOptions {
                 .websocket_tcp_conversion
                 .then_some(WebsocketTcpConverter {}),
             user_agent_filter: self.user_agent_filter(),
+            policy: self.common_opts.policy.clone().map(From::from),
             ..Default::default()
         };
 
@@ -420,6 +424,15 @@ impl HttpTunnelBuilder {
         self
     }
 
+    /// Set the policy for this edge.
+    pub fn policy<S>(&mut self, s: S) -> Result<&mut Self, S::Error>
+    where
+        S: TryInto<Policy>,
+    {
+        self.options.common_opts.policy = Some(s.try_into()?);
+        Ok(self)
+    }
+
     pub(crate) async fn for_forwarding_to(&mut self, to_url: &Url) -> &mut Self {
         self.options.common_opts.for_forwarding_to(to_url);
         if let Some(host) = to_url.host_str().filter(|_| self.options.rewrite_host) {
@@ -432,6 +445,7 @@ impl HttpTunnelBuilder {
 #[cfg(test)]
 mod test {
     use super::*;
+    use crate::config::policies::test::POLICY_JSON;
 
     const METADATA: &str = "testmeta";
     const TEST_FORWARD: &str = "testforward";
@@ -488,6 +502,8 @@ mod test {
             .basic_auth("ngrok", "online1line")
             .forwards_to(TEST_FORWARD)
             .app_protocol("http2")
+            .policy(POLICY_JSON)
+            .unwrap()
             .options,
         );
     }