@queue-it/fastly 3.6.0 → 4.4.3

package/src/index.ts

@@ -0,0 +1,3 @@
+export {IntegrationDetails, EnqueueTokenProviderFactory, IntegrationEndpointProvider, IntegrationEndpointCacheConfig, resolveIntegrationDetails} from "./integrationConfigProvider"
+export {onQueueITRequest, onQueueITResponse} from "./requestResponseHandler";
+export {RequestLogger} from "./helper";

package/src/integrationConfigProvider.ts

@@ -0,0 +1,199 @@
+import { ConfigStore } from "fastly:config-store";
+import { IEnqueueTokenProvider } from "@queue-it/connector-javascript";
+import { RequestLogger } from "./helper";
+
+export type EnqueueTokenProviderFactory = (
+  customerId: string,
+  secretKey: string,
+  validityTime: number,
+  clientIp: string,
+  withKey: boolean
+) => IEnqueueTokenProvider;
+
+export async function getIntegrationConfig(
+  details: IntegrationDetails,
+  endpointProvider: IntegrationEndpointProvider
+): Promise<string> {
+  const headers = new Headers();
+  headers.set("api-key", details.apiKey);
+  headers.set("host", endpointProvider.getHostname(details.customerId));
+  const request = new Request(
+    endpointProvider.getEndpoint(details.customerId),
+    {
+      method: "GET",
+      body: null,
+      headers: headers,
+    }
+  );
+  const cacheConf = endpointProvider.getCacheConfig();
+  const cacheInit: { ttl?: number; swr?: number } = {};
+  if (cacheConf.maxAge !== -1) cacheInit.ttl = cacheConf.maxAge;
+  if (cacheConf.staleWhileRevalidate !== -1) cacheInit.swr = cacheConf.staleWhileRevalidate;
+  const cacheOverride = new CacheOverride("override", cacheInit);
+
+  const beresp = await fetch(request, {
+    backend: details.queueItOrigin,
+    cacheOverride: cacheOverride,
+  });
+
+  if (!(details.logger instanceof MockLogger)) {
+    let cacheState = beresp.headers.get("x-cache");
+    let hits = beresp.headers.get("x-cache-hits");
+    if (hits == null) hits = "-1";
+    if (cacheState == null) cacheState = "n";
+    details.logger.log("IgnFetch:" + cacheState! + ":" + hits!);
+  }
+
+  if (beresp.status != 200) {
+    return "";
+  }
+  return await beresp.text();
+}
+
+const integrationCustomerId = "customerId",
+  integrationApiKey = "apiKey",
+  integrationSecret = "secret",
+  integrationQueueItOrigin = "queueItOrigin",
+  integrationDictionary = "IntegrationConfiguration",
+  workerHost = "workerHost",
+  enqueueTokenEnabledKey = "enqueueTokenEnabled",
+  enqueueTokenValidityTimeKey = "enqueueTokenValidityTime",
+  enqueueTokenKeyEnabledKey = "enqueueTokenKeyEnabled",
+  requestBodyEnabledKey = "requestBodyEnabled";
+
+export function resolveIntegrationDetails(): IntegrationDetails | null {
+  const dict = new ConfigStore(integrationDictionary);
+  if (
+    dict.get(integrationCustomerId) === null ||
+    dict.get(integrationApiKey) === null ||
+    dict.get(integrationSecret) === null ||
+    dict.get(integrationQueueItOrigin) === null
+  ) {
+    return null;
+  }
+
+  let workerHostValue = "";
+  const workerHostVal = dict.get(workerHost);
+  if (workerHostVal !== null) {
+    workerHostValue = workerHostVal;
+  }
+
+  let enqueueTokenEnabled = true;
+  const enqueueTokenEnabledVal = dict.get(enqueueTokenEnabledKey);
+  if (enqueueTokenEnabledVal !== null) {
+    enqueueTokenEnabled = enqueueTokenEnabledVal.toLowerCase() === "true";
+  }
+
+  let enqueueTokenValidityTime = 240000;
+  const enqueueTokenValidityTimeVal = dict.get(enqueueTokenValidityTimeKey);
+  if (enqueueTokenValidityTimeVal !== null) {
+    enqueueTokenValidityTime = parseInt(enqueueTokenValidityTimeVal, 10);
+  }
+
+  let enqueueTokenKeyEnabled = false;
+  const enqueueTokenKeyEnabledVal = dict.get(enqueueTokenKeyEnabledKey);
+  if (enqueueTokenKeyEnabledVal !== null) {
+    enqueueTokenKeyEnabled = enqueueTokenKeyEnabledVal.toLowerCase() === "true";
+  }
+
+  let requestBodyEnabled = false;
+  const requestBodyEnabledVal = dict.get(requestBodyEnabledKey);
+  if (requestBodyEnabledVal !== null) {
+    requestBodyEnabled = requestBodyEnabledVal.toLowerCase() === "true";
+  }
+
+  return new IntegrationDetails(
+    dict.get(integrationQueueItOrigin)!,
+    dict.get(integrationCustomerId)!,
+    dict.get(integrationSecret)!,
+    dict.get(integrationApiKey)!,
+    workerHostValue,
+    enqueueTokenEnabled,
+    enqueueTokenValidityTime,
+    enqueueTokenKeyEnabled,
+    requestBodyEnabled
+  );
+}
+
+export class IntegrationEndpointCacheConfig {
+  maxAge: number = -1;
+  staleWhileRevalidate: number = -1;
+}
+
+export interface IntegrationEndpointProvider {
+  getHostname(customerId: string): string;
+
+  getEndpoint(customerId: string): string;
+
+  getCacheConfig(): IntegrationEndpointCacheConfig;
+}
+
+export class QueueItIntegrationEndpointProvider
+  implements IntegrationEndpointProvider
+{
+  private readonly cacheConfig: IntegrationEndpointCacheConfig;
+
+  constructor() {
+    this.cacheConfig = new IntegrationEndpointCacheConfig();
+    this.cacheConfig.maxAge = 60 * 5;
+    this.cacheConfig.staleWhileRevalidate = 60 * 5;
+  }
+
+  getCacheConfig(): IntegrationEndpointCacheConfig {
+    return this.cacheConfig;
+  }
+
+  getHostname(customerId: string): string {
+    return customerId + ".queue-it.net";
+  }
+
+  getEndpoint(customerId: string): string {
+    const host = this.getHostname(customerId);
+    return "https://" + host + "/status/integrationconfig/secure/" + customerId;
+  }
+}
+
+class MockLogger implements RequestLogger {
+  log(message: string): void {}
+}
+
+export class IntegrationDetails {
+  public enqueueTokenProviderFactory: EnqueueTokenProviderFactory | null = null;
+
+  /**
+   * The client IP address of the end user. In Fastly Compute, the client IP is not available
+   * via request headers (unlike Cloudflare's cf-connecting-ip or Akamai's True-Client-IP).
+   * Instead, it must be obtained from event.client.address in the fetch event handler and
+   * passed here. Used by the SDK for IP-based trigger matching and enqueue token generation.
+   */
+  public clientIp: string = '';
+
+  constructor(
+    public queueItOrigin: string,
+    public customerId: string,
+    public secretKey: string,
+    public apiKey: string,
+    public workerHost: string,
+    public enqueueTokenEnabled: boolean = true,
+    public enqueueTokenValidityTime: number = 240000,
+    public enqueueTokenKeyEnabled: boolean = false,
+    public requestBodyEnabled: boolean = false,
+    public provider: IntegrationEndpointProvider = new QueueItIntegrationEndpointProvider(),
+    public logger: RequestLogger = new MockLogger()
+  ) {}
+
+  resolveWorkerRequestUrl(pureUrl: string): string {
+    if (this.workerHost == "") {
+      return pureUrl;
+    }
+    const protoEnding = pureUrl.indexOf("://") + 3;
+    const protocol = pureUrl.substr(0, protoEnding);
+    const urlWithoutProto = pureUrl.substr(protoEnding);
+    const pathAndQuery =
+      urlWithoutProto.indexOf("/") != -1
+        ? urlWithoutProto.substr(urlWithoutProto.indexOf("/"))
+        : "";
+    const rewrittenUrl = protocol + this.workerHost + pathAndQuery;
+    return rewrittenUrl;
+  }
+}

package/src/requestResponseHandler.ts

@@ -0,0 +1,200 @@
+import { KnownUser } from "@queue-it/connector-javascript";
+import { QueueITHelper } from "./helper";
+import { FastlyHttpContextProvider, getHttpHandler } from "./contextProvider";
+import {
+  getIntegrationConfig,
+  resolveIntegrationDetails,
+  IntegrationDetails,
+  QueueItIntegrationEndpointProvider,
+} from "./integrationConfigProvider";
+
+const QUEUEIT_FAILED_HEADERNAME = "x-queueit-failed";
+const QUEUEIT_CONNECTOR_EXECUTED_HEADER_NAME = "x-queueit-connector";
+
+let httpProvider: FastlyHttpContextProvider | null = null;
+let sendNoCacheHeaders: boolean = false;
+
+export async function onQueueITRequest(
+  req: Request,
+  conf: IntegrationDetails | null = null
+): Promise<Response | null> {
+  if (conf == null) {
+    conf = resolveIntegrationDetails();
+  }
+  if (conf == null) {
+    return new Response("No integration details found.", {
+      headers: new Headers(),
+      status: 404,
+    });
+  }
+
+  const integrationProvider =
+    conf.provider == null
+      ? new QueueItIntegrationEndpointProvider()
+      : conf.provider;
+
+  let bodyString = '';
+  if (conf.requestBodyEnabled) {
+    bodyString = ((await req.clone().text()) || '').substring(0, 2048);
+  }
+
+  httpProvider = getHttpHandler(req, conf.clientIp, bodyString);
+  sendNoCacheHeaders = false;
+
+  if (conf.enqueueTokenEnabled) {
+    const clientIp = httpProvider.getHttpRequest().getUserHostAddress();
+    if (conf.enqueueTokenProviderFactory) {
+      httpProvider.setCustomEnqueueTokenProvider(
+        conf.enqueueTokenProviderFactory(
+          conf.customerId,
+          conf.secretKey,
+          conf.enqueueTokenValidityTime,
+          clientIp,
+          conf.enqueueTokenKeyEnabled
+        )
+      );
+    } else {
+      httpProvider.setEnqueueTokenProvider(
+        conf.customerId,
+        conf.secretKey,
+        conf.enqueueTokenValidityTime,
+        clientIp,
+        conf.enqueueTokenKeyEnabled
+      );
+    }
+  }
+
+  try {
+    const integrationConfigJson = await getIntegrationConfig(conf, integrationProvider);
+    const requestUrl: string = conf.resolveWorkerRequestUrl(req.url);
+
+    const queueItToken = getQueueItToken(requestUrl, httpProvider);
+    const requestUrlWithoutToken = requestUrl.replace(
+      new RegExp("([?&])(" + KnownUser.QueueITTokenKey + "=[^&]*)", "i"),
+      ""
+    );
+
+    // The requestUrlWithoutToken is used to match Triggers and as the Target url (where to return the users to).
+    // It is therefor important that this is exactly the url of the users browsers. So, if your webserver is
+    // behind e.g. a load balancer that modifies the host name or port, reformat requestUrlWithoutToken before proceeding.
+
+    const validationResult = await KnownUser.validateRequestByIntegrationConfig(
+      requestUrlWithoutToken,
+      queueItToken,
+      integrationConfigJson,
+      conf.customerId,
+      conf.secretKey,
+      httpProvider!
+    );
+
+    if (validationResult.doRedirect()) {
+      if (validationResult.isAjaxResult) {
+        const response = new Response(null, {
+          status: 200,
+          headers: httpProvider!.getResponseHeaders(),
+        });
+        const headerKey = validationResult.getAjaxQueueRedirectHeaderKey();
+        const queueRedirectUrl = validationResult.getAjaxRedirectUrl();
+
+        // In case of ajax call send the user to the queue by sending a custom queue-it header and redirecting user to queue from javascript
+        response.headers.set(
+          headerKey,
+          QueueITHelper.addKUPlatformVersion(queueRedirectUrl)
+        );
+        response.headers.set("Access-Control-Expose-Headers", headerKey);
+        sendNoCacheHeaders = true;
+        return response;
+      } else {
+        const response = new Response(null, {
+          status: 302,
+          headers: httpProvider!.getResponseHeaders(),
+        });
+        // Send the user to the queue - either because hash was missing or because is was invalid
+        response.headers.set(
+          "Location",
+          QueueITHelper.addKUPlatformVersion(validationResult.redirectUrl)
+        );
+        sendNoCacheHeaders = true;
+        return response;
+      }
+    } else {
+      // Request can continue - we remove queueittoken from querystring parameter to avoid sharing of user specific token
+      if (
+        requestUrl !== requestUrlWithoutToken &&
+        validationResult.actionType === "Queue"
+      ) {
+        const response = new Response(null, {
+          status: 302,
+          headers: httpProvider!.getResponseHeaders(),
+        });
+        response.headers.set("Location", requestUrlWithoutToken);
+        sendNoCacheHeaders = true;
+        return response;
+      } else {
+        // lets caller decide the next step, or just serve the request normally
+        return null;
+      }
+    }
+  } catch (e) {
+    if (console && console.log) {
+      console.log("ERROR:" + e);
+    }
+    httpProvider!.isError = true;
+    return null;
+  }
+}
+
+// Fill in the Queue-it headers
+export function onQueueITResponse(res: Response): void {
+  res.headers.set(QUEUEIT_CONNECTOR_EXECUTED_HEADER_NAME, "fastly");
+
+  if (httpProvider) {
+    const contextHeaders = httpProvider.getResponseHeaders();
+    for (const key of contextHeaders.keys()) {
+      if (key.length == 0) continue;
+      const value = contextHeaders.get(key);
+      if (value != null && value.length > 0)
+        res.headers.append(key, value);
+    }
+
+    if (httpProvider.isError) {
+      res.headers.append(QUEUEIT_FAILED_HEADERNAME, "true");
+    }
+  }
+
+  if (sendNoCacheHeaders) {
+    addNoCacheHeaders(res);
+  }
+}
+
+function addNoCacheHeaders(res: Response): void {
+  res.headers.set('Cache-Control', 'no-cache, no-store, must-revalidate, max-age=0');
+  res.headers.set('Pragma', 'no-cache');
+  res.headers.set('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');
+}
+
+function getQueueItToken(
+  requestUrl: string,
+  httpContext: FastlyHttpContextProvider
+): string {
+  const queueItToken = getParameterByName(requestUrl, KnownUser.QueueITTokenKey);
+  if (queueItToken) {
+    return queueItToken;
+  }
+
+  const tokenHeaderName = `x-${KnownUser.QueueITTokenKey}`;
+  return httpContext.getHttpRequest().getHeader(tokenHeaderName);
+}
+
+function getParameterByName(url: string, name: string): string {
+  name = name.replace(/[\[\]]/g, '\\$&');
+  const regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)');
+  const results = regex.exec(url);
+  if (!results) return '';
+  if (!results[2]) return '';
+  try {
+    return decodeURIComponent(results[2].replace(/\+/g, ' '));
+  } catch {
+    return results[2];
+  }
+}

package/README-INTERNAL.md

@@ -1,21 +0,0 @@
-## Getting started
-- Install the [Fastly CLI](https://developer.fastly.com/reference/cli/)
-- Configure the CLI with the Fastly token.  
-  You can get a token in the Fastly platform.  
-  To configure the CLI run `fastly configure` and fill in the details.
-- You can list the Fastly services with `fastly service list`
-
-## Development workflow
-- Build and test locally
-- Align version in package.json and UserInQueueService.ts
-- Commit changes
-- Run the CI pipeline
-- Update Sample site with new changes.  
-This can be done by running `fastly compute build && fastly compute deploy`.
-- Sync with github
-
-## Deploying to the sample site
-- Make sure you have the right configuration in `fastly.toml`
-
-## Limitations
-- Since dictionary item values have a limit of 8k chars we poll the integration config with a 5 min TTL. 

package/asconfig.json

@@ -1,17 +0,0 @@
-{
-  "targets": {
-    "debug": {
-      "binaryFile": "bin/untouched.wasm",
-      "textFile": "bin/untouched.wat",
-      "sourceMap": true,
-      "debug": true
-    },
-    "release": {
-      "binaryFile": "bin/main.wasm",
-      "textFile": "bin/main.wat",
-      "sourceMap": true,
-      "optimize": true
-    }
-  },
-  "options": {}
-}