package net.hellmann.platform.authproxy.proxy.filter; import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import static net.hellmann.platform.authproxy.proxy.header.Header.*; import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE; ; @Component public class RemoveDangerousHeader extends ZuulFilter { private static final Logger LOGGER = LoggerFactory.getLogger(RemoveDangerousHeader.class); private final static List IGNORED_HEADER = Arrays.asList("x-auth-secret", "x-auth-cn", HELLMANN_USER, HELLMANN_REQUEST_ID, SERVICE_TO_SERVICE, HELLMANN_USER_HEADER, HELLMANN_USER_HEADER_SIG, PERMISSIONS_FOR_USER, PERMISSIONS_FOR_USER_SIG, SECRET_KEY); @Override public String filterType() { return PRE_TYPE; } @Override public int filterOrder() { // RUN EARLY BEFORE ROUTE FILTER ADD ALL SECURITY HEADER return 1000; } @Override public boolean shouldFilter() { RequestContext context = RequestContext.getCurrentContext(); return context.getThrowable() == null && (context.getZuulRequestHeaders() != null && !context.getZuulRequestHeaders().isEmpty()); } @Override public Object run() { RequestContext context = RequestContext.getCurrentContext(); HttpServletRequest request = context.getRequest(); Map filteredResponseHeaders = new HashMap<>(); Map zuulRequestHeaders = context.getZuulRequestHeaders(); if (zuulRequestHeaders != null) { for (String headerKey : zuulRequestHeaders.keySet()) { if (!IGNORED_HEADER.contains(headerKey)) { filteredResponseHeaders.put(headerKey, zuulRequestHeaders.get(headerKey)); } else { LOGGER.info("Remove outside header " + headerKey + " value : " + zuulRequestHeaders.get(headerKey)); } } } context.remove("zuulRequestHeaders"); context.put("zuulRequestHeaders", filteredResponseHeaders); return null; } }