zuplo 6.67.32 → 6.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/docs/_index.md +44 -0
- package/docs/ai-gateway/apps.mdx +28 -0
- package/docs/ai-gateway/custom-providers.mdx +54 -0
- package/docs/ai-gateway/getting-started.mdx +224 -0
- package/docs/ai-gateway/guardrails.mdx +65 -0
- package/docs/ai-gateway/integrations/ai-sdk.mdx +109 -0
- package/docs/ai-gateway/integrations/claude-code.mdx +49 -0
- package/docs/ai-gateway/integrations/codex.mdx +78 -0
- package/docs/ai-gateway/integrations/goose.mdx +104 -0
- package/docs/ai-gateway/integrations/langchain.mdx +66 -0
- package/docs/ai-gateway/integrations/openai.mdx +99 -0
- package/docs/ai-gateway/introduction.mdx +85 -0
- package/docs/ai-gateway/managing-apps.mdx +46 -0
- package/docs/ai-gateway/managing-providers.mdx +66 -0
- package/docs/ai-gateway/managing-teams.mdx +63 -0
- package/docs/ai-gateway/policies/akamai-ai-firewall.mdx +125 -0
- package/docs/ai-gateway/policies/comet-opik-tracing.mdx +139 -0
- package/docs/ai-gateway/policies/galileo-tracing.mdx +147 -0
- package/docs/ai-gateway/providers.mdx +32 -0
- package/docs/ai-gateway/teams.mdx +38 -0
- package/docs/ai-gateway/universal-api.mdx +43 -0
- package/docs/ai-gateway/usage-limits.mdx +89 -0
- package/docs/api-management/introduction.md +127 -0
- package/docs/articles/accounts/audit-logs.mdx +227 -0
- package/docs/articles/accounts/billing.mdx +25 -0
- package/docs/articles/accounts/default-api-key.mdx +30 -0
- package/docs/articles/accounts/delete-account.mdx +36 -0
- package/docs/articles/accounts/enterprise-sso.mdx +116 -0
- package/docs/articles/accounts/managing-account-members.mdx +45 -0
- package/docs/articles/accounts/managing-project-members.mdx +37 -0
- package/docs/articles/accounts/members-and-roles.mdx +21 -0
- package/docs/articles/accounts/roles-and-permissions.mdx +115 -0
- package/docs/articles/accounts/zuplo-api-keys.mdx +94 -0
- package/docs/articles/add-api-to-backstage.mdx +216 -0
- package/docs/articles/advanced-path-matching.mdx +139 -0
- package/docs/articles/api-key-administration.mdx +47 -0
- package/docs/articles/api-key-api.mdx +220 -0
- package/docs/articles/api-key-authentication.mdx +195 -0
- package/docs/articles/api-key-buckets.mdx +61 -0
- package/docs/articles/api-key-end-users.mdx +52 -0
- package/docs/articles/api-key-leak-detection.mdx +75 -0
- package/docs/articles/api-key-management.mdx +100 -0
- package/docs/articles/api-key-react-component.mdx +90 -0
- package/docs/articles/api-key-service-limits.mdx +14 -0
- package/docs/articles/archiving-requests-to-storage.mdx +119 -0
- package/docs/articles/branch-based-deployments.mdx +184 -0
- package/docs/articles/bypass-policy-for-testing.mdx +117 -0
- package/docs/articles/check-ip-address.mdx +17 -0
- package/docs/articles/ci-cd-azure/basic-deployment.mdx +49 -0
- package/docs/articles/ci-cd-azure/deploy-and-test.mdx +47 -0
- package/docs/articles/ci-cd-azure/local-testing.mdx +59 -0
- package/docs/articles/ci-cd-azure/multi-stage-deployment.mdx +88 -0
- package/docs/articles/ci-cd-azure/pr-preview-environments.mdx +50 -0
- package/docs/articles/ci-cd-azure/tag-based-releases.mdx +37 -0
- package/docs/articles/ci-cd-bitbucket/basic-deployment.mdx +27 -0
- package/docs/articles/ci-cd-bitbucket/deploy-and-test.mdx +41 -0
- package/docs/articles/ci-cd-bitbucket/local-testing.mdx +34 -0
- package/docs/articles/ci-cd-bitbucket/multi-stage-deployment.mdx +52 -0
- package/docs/articles/ci-cd-bitbucket/pr-preview-environments.mdx +46 -0
- package/docs/articles/ci-cd-bitbucket/tag-based-releases.mdx +27 -0
- package/docs/articles/ci-cd-circleci/basic-deployment.mdx +34 -0
- package/docs/articles/ci-cd-circleci/deploy-and-test.mdx +44 -0
- package/docs/articles/ci-cd-circleci/local-testing.mdx +50 -0
- package/docs/articles/ci-cd-circleci/multi-stage-deployment.mdx +82 -0
- package/docs/articles/ci-cd-circleci/pr-preview-environments.mdx +47 -0
- package/docs/articles/ci-cd-circleci/tag-based-releases.mdx +38 -0
- package/docs/articles/ci-cd-github/basic-deployment.mdx +48 -0
- package/docs/articles/ci-cd-github/cleanup-on-branch-delete.mdx +123 -0
- package/docs/articles/ci-cd-github/deploy-and-test.mdx +82 -0
- package/docs/articles/ci-cd-github/local-testing.mdx +102 -0
- package/docs/articles/ci-cd-github/multi-stage-deployment.mdx +136 -0
- package/docs/articles/ci-cd-github/pr-preview-environments.mdx +106 -0
- package/docs/articles/ci-cd-github/tag-based-releases.mdx +99 -0
- package/docs/articles/ci-cd-gitlab/basic-deployment.mdx +28 -0
- package/docs/articles/ci-cd-gitlab/deploy-and-test.mdx +44 -0
- package/docs/articles/ci-cd-gitlab/local-testing.mdx +39 -0
- package/docs/articles/ci-cd-gitlab/mr-preview-environments.mdx +52 -0
- package/docs/articles/ci-cd-gitlab/multi-stage-deployment.mdx +64 -0
- package/docs/articles/ci-cd-gitlab/tag-based-releases.mdx +28 -0
- package/docs/articles/composite-policy-reference.mdx +284 -0
- package/docs/articles/configuring-auth0-for-mcp-auth.mdx +186 -0
- package/docs/articles/configuring-okta-for-mcp-auth.mdx +208 -0
- package/docs/articles/convert-urls-to-openapi.mdx +62 -0
- package/docs/articles/cors.mdx +447 -0
- package/docs/articles/custom-audit-log-policy.mdx +95 -0
- package/docs/articles/custom-ci-cd-azure.mdx +81 -0
- package/docs/articles/custom-ci-cd-bitbucket.mdx +80 -0
- package/docs/articles/custom-ci-cd-circleci.mdx +78 -0
- package/docs/articles/custom-ci-cd-github.mdx +99 -0
- package/docs/articles/custom-ci-cd-gitlab.mdx +79 -0
- package/docs/articles/custom-ci-cd.mdx +82 -0
- package/docs/articles/custom-code-patterns.md +418 -0
- package/docs/articles/custom-domains.mdx +258 -0
- package/docs/articles/custom-logging-example.mdx +139 -0
- package/docs/articles/ddos-protection.mdx +138 -0
- package/docs/articles/development-options.mdx +49 -0
- package/docs/articles/environment-variables.mdx +134 -0
- package/docs/articles/environments.mdx +143 -0
- package/docs/articles/fastly-zuplo-host-setup.mdx +41 -0
- package/docs/articles/github-deployment-testing.mdx +101 -0
- package/docs/articles/gke-with-upstream-auth-policy.mdx +192 -0
- package/docs/articles/graphql-security.mdx +180 -0
- package/docs/articles/handling-form-data.mdx +61 -0
- package/docs/articles/health-checks.mdx +109 -0
- package/docs/articles/hosting-options.mdx +70 -0
- package/docs/articles/lazy-load-configuration-into-cache.mdx +92 -0
- package/docs/articles/limits.mdx +98 -0
- package/docs/articles/local-development-debugging.mdx +44 -0
- package/docs/articles/local-development-env-variables.mdx +23 -0
- package/docs/articles/local-development-installing-packages.mdx +23 -0
- package/docs/articles/local-development-routes-designer.mdx +27 -0
- package/docs/articles/local-development-services.mdx +40 -0
- package/docs/articles/local-development-troubleshooting.mdx +56 -0
- package/docs/articles/local-development.mdx +81 -0
- package/docs/articles/log-plugin-aws-cloudwatch.mdx +83 -0
- package/docs/articles/log-plugin-datadog.mdx +84 -0
- package/docs/articles/log-plugin-dynatrace.mdx +75 -0
- package/docs/articles/log-plugin-gcp.mdx +75 -0
- package/docs/articles/log-plugin-loki.mdx +136 -0
- package/docs/articles/log-plugin-new-relic.mdx +84 -0
- package/docs/articles/log-plugin-splunk.mdx +104 -0
- package/docs/articles/log-plugin-sumo.mdx +73 -0
- package/docs/articles/log-plugin-vmware-log-insight.mdx +154 -0
- package/docs/articles/log-request-response-data.mdx +398 -0
- package/docs/articles/logging.mdx +115 -0
- package/docs/articles/manual-mcp-oauth-testing.mdx +193 -0
- package/docs/articles/mcp-quickstart.mdx +135 -0
- package/docs/articles/metrics-plugins.mdx +371 -0
- package/docs/articles/migrate-from-apigee.md +408 -0
- package/docs/articles/migrate-from-aws-api-gateway.md +248 -0
- package/docs/articles/migrate-from-azure-apim.md +292 -0
- package/docs/articles/migrate-from-kong.md +300 -0
- package/docs/articles/migration-overview.md +81 -0
- package/docs/articles/monetization/api-access.mdx +69 -0
- package/docs/articles/monetization/billing-models.md +520 -0
- package/docs/articles/monetization/developer-portal.md +167 -0
- package/docs/articles/monetization/features.mdx +98 -0
- package/docs/articles/monetization/index.mdx +113 -0
- package/docs/articles/monetization/meters.mdx +135 -0
- package/docs/articles/monetization/monetization-policy.md +314 -0
- package/docs/articles/monetization/plan-examples.mdx +366 -0
- package/docs/articles/monetization/plans.mdx +266 -0
- package/docs/articles/monetization/pricing-models.mdx +225 -0
- package/docs/articles/monetization/private-plans.md +154 -0
- package/docs/articles/monetization/quickstart.md +355 -0
- package/docs/articles/monetization/rate-cards.mdx +171 -0
- package/docs/articles/monetization/stripe-integration.md +195 -0
- package/docs/articles/monetization/subscription-lifecycle.md +298 -0
- package/docs/articles/monetization/tax-collection.md +166 -0
- package/docs/articles/monetization/troubleshooting.md +272 -0
- package/docs/articles/monetization-custom.mdx +71 -0
- package/docs/articles/monetization-integrations.mdx +104 -0
- package/docs/articles/monitoring-your-gateway.mdx +53 -0
- package/docs/articles/monorepo-deployment.mdx +350 -0
- package/docs/articles/multiple-auth-policies.mdx +81 -0
- package/docs/articles/non-standard-ports.mdx +30 -0
- package/docs/articles/oauth-authentication.mdx +54 -0
- package/docs/articles/openapi-server-urls.mdx +60 -0
- package/docs/articles/openapi.mdx +130 -0
- package/docs/articles/opentelemetry.mdx +250 -0
- package/docs/articles/per-user-rate-limits-using-db.mdx +112 -0
- package/docs/articles/performance-testing.mdx +304 -0
- package/docs/articles/plugin-akamai-api-security.mdx +76 -0
- package/docs/articles/plugin-azure-blob.mdx +73 -0
- package/docs/articles/plugin-azure-event-hubs.mdx +64 -0
- package/docs/articles/plugin-hydrolix-traffic-peak.mdx +147 -0
- package/docs/articles/policies.mdx +33 -0
- package/docs/articles/rename-or-move-project.mdx +39 -0
- package/docs/articles/rick-and-morty-api-developer-portal-example.mdx +23 -0
- package/docs/articles/routing.mdx +193 -0
- package/docs/articles/s3-signed-url-uploads.mdx +521 -0
- package/docs/articles/secure-tunnel.mdx +84 -0
- package/docs/articles/securing-backend-mtls.mdx +268 -0
- package/docs/articles/securing-your-backend.mdx +148 -0
- package/docs/articles/security.mdx +105 -0
- package/docs/articles/sharing-code-across-projects.mdx +412 -0
- package/docs/articles/source-control-setup-azure.mdx +13 -0
- package/docs/articles/source-control-setup-bitbucket.mdx +43 -0
- package/docs/articles/source-control-setup-github.mdx +172 -0
- package/docs/articles/source-control-setup-gitlab.mdx +12 -0
- package/docs/articles/source-control.mdx +80 -0
- package/docs/articles/step-1-setup-basic-gateway-local.mdx +136 -0
- package/docs/articles/step-1-setup-basic-gateway.mdx +118 -0
- package/docs/articles/step-2-add-rate-limiting-local.mdx +126 -0
- package/docs/articles/step-2-add-rate-limiting.mdx +82 -0
- package/docs/articles/step-3-add-api-key-auth-local.mdx +199 -0
- package/docs/articles/step-3-add-api-key-auth.mdx +166 -0
- package/docs/articles/step-4-deploying-to-the-edge.mdx +220 -0
- package/docs/articles/step-5-dynamic-rate-limiting.mdx +167 -0
- package/docs/articles/support.mdx +144 -0
- package/docs/articles/terraform.mdx +114 -0
- package/docs/articles/testing-graphql.mdx +34 -0
- package/docs/articles/testing.mdx +522 -0
- package/docs/articles/troubleshooting-slow-responses.mdx +301 -0
- package/docs/articles/troubleshooting.md +302 -0
- package/docs/articles/tsconfig.mdx +105 -0
- package/docs/articles/tunnel-setup.mdx +195 -0
- package/docs/articles/tunnel-troubleshooting.mdx +50 -0
- package/docs/articles/update-zup-in-github-action.mdx +110 -0
- package/docs/articles/use-openapi-extension-data.mdx +79 -0
- package/docs/articles/users/multifactor-authentication.mdx +64 -0
- package/docs/articles/users/profile.mdx +13 -0
- package/docs/articles/versioning-on-zuplo.mdx +89 -0
- package/docs/articles/waf-ddos-akamai.md +133 -0
- package/docs/articles/waf-ddos-aws-waf-shield.mdx +85 -0
- package/docs/articles/waf-ddos-fastly.mdx +251 -0
- package/docs/articles/waf-ddos.mdx +140 -0
- package/docs/articles/zuplo-waf.mdx +156 -0
- package/docs/ask.mdx +3 -0
- package/docs/cli/authentication.mdx +56 -0
- package/docs/cli/connectivity.mdx +38 -0
- package/docs/cli/create-zuplo-api.mdx +80 -0
- package/docs/cli/delete.mdx +79 -0
- package/docs/cli/deploy.mdx +156 -0
- package/docs/cli/deploy.partial.mdx +46 -0
- package/docs/cli/dev.mdx +115 -0
- package/docs/cli/docs.mdx +66 -0
- package/docs/cli/editor.mdx +50 -0
- package/docs/cli/global-options.mdx +19 -0
- package/docs/cli/init.mdx +74 -0
- package/docs/cli/link.mdx +74 -0
- package/docs/cli/list.mdx +55 -0
- package/docs/cli/mtls-certificate-create.mdx +94 -0
- package/docs/cli/mtls-certificate-delete.mdx +55 -0
- package/docs/cli/mtls-certificate-describe.mdx +55 -0
- package/docs/cli/mtls-certificate-disable.mdx +55 -0
- package/docs/cli/mtls-certificate-list.mdx +47 -0
- package/docs/cli/mtls-certificate-update.mdx +72 -0
- package/docs/cli/openapi-convert.mdx +111 -0
- package/docs/cli/openapi-merge.mdx +138 -0
- package/docs/cli/openapi-merge.partial.mdx +29 -0
- package/docs/cli/openapi-overlay.mdx +123 -0
- package/docs/cli/overview.mdx +78 -0
- package/docs/cli/project-create.mdx +43 -0
- package/docs/cli/source-migrate.mdx +18 -0
- package/docs/cli/source-upgrade.mdx +41 -0
- package/docs/cli/test.mdx +70 -0
- package/docs/cli/test.partial.mdx +7 -0
- package/docs/cli/tunnel-create.mdx +53 -0
- package/docs/cli/tunnel-create.partial.mdx +9 -0
- package/docs/cli/tunnel-delete.mdx +35 -0
- package/docs/cli/tunnel-delete.partial.mdx +9 -0
- package/docs/cli/tunnel-describe.mdx +45 -0
- package/docs/cli/tunnel-describe.partial.mdx +5 -0
- package/docs/cli/tunnel-list.mdx +35 -0
- package/docs/cli/tunnel-list.partial.mdx +9 -0
- package/docs/cli/tunnel-rate-token.partial.mdx +9 -0
- package/docs/cli/tunnel-rotate-token.mdx +39 -0
- package/docs/cli/tunnel-services-describe.mdx +45 -0
- package/docs/cli/tunnel-services-describe.partial.mdx +9 -0
- package/docs/cli/tunnel-services-update.mdx +48 -0
- package/docs/cli/variable-create.mdx +91 -0
- package/docs/cli/variable-create.partial.mdx +5 -0
- package/docs/cli/variable-update.mdx +75 -0
- package/docs/cli/variable-update.partial.mdx +5 -0
- package/docs/concepts/api-keys.md +146 -0
- package/docs/concepts/authentication.mdx +109 -0
- package/docs/concepts/how-zuplo-works.mdx +120 -0
- package/docs/concepts/project-structure.mdx +174 -0
- package/docs/concepts/rate-limiting.md +246 -0
- package/docs/concepts/request-lifecycle.mdx +56 -0
- package/docs/concepts/source-control-and-deployment.mdx +229 -0
- package/docs/conferences/conference-prize-terms.mdx +80 -0
- package/docs/dedicated/akamai/ai-powered-applications.mdx +223 -0
- package/docs/dedicated/akamai/architecture.mdx +280 -0
- package/docs/dedicated/akamai/caching.mdx +212 -0
- package/docs/dedicated/akamai/cdn.mdx +156 -0
- package/docs/dedicated/architecture.mdx +208 -0
- package/docs/dedicated/custom-domains.mdx +31 -0
- package/docs/dedicated/federated-gateways.mdx +80 -0
- package/docs/dedicated/networking.mdx +69 -0
- package/docs/dedicated/overview.mdx +80 -0
- package/docs/dedicated/source-control.mdx +63 -0
- package/docs/dev-portal/dev-portal-create-consumer-on-auth.mdx +134 -0
- package/docs/dev-portal/introduction.mdx +65 -0
- package/docs/dev-portal/local-development.mdx +72 -0
- package/docs/dev-portal/migration.mdx +526 -0
- package/docs/dev-portal/node-modules.mdx +45 -0
- package/docs/dev-portal/updating.mdx +28 -0
- package/docs/dev-portal/zudoku/components/alert.mdx +130 -0
- package/docs/dev-portal/zudoku/components/badge.mdx +70 -0
- package/docs/dev-portal/zudoku/components/button.mdx +132 -0
- package/docs/dev-portal/zudoku/components/callout.mdx +112 -0
- package/docs/dev-portal/zudoku/components/card.mdx +104 -0
- package/docs/dev-portal/zudoku/components/checkbox.mdx +72 -0
- package/docs/dev-portal/zudoku/components/client-only.mdx +79 -0
- package/docs/dev-portal/zudoku/components/code-tabs.mdx +179 -0
- package/docs/dev-portal/zudoku/components/dialog.mdx +167 -0
- package/docs/dev-portal/zudoku/components/head.mdx +199 -0
- package/docs/dev-portal/zudoku/components/icons.mdx +27 -0
- package/docs/dev-portal/zudoku/components/input.mdx +96 -0
- package/docs/dev-portal/zudoku/components/label.mdx +86 -0
- package/docs/dev-portal/zudoku/components/link.mdx +242 -0
- package/docs/dev-portal/zudoku/components/markdown.mdx +151 -0
- package/docs/dev-portal/zudoku/components/mermaid.mdx +81 -0
- package/docs/dev-portal/zudoku/components/playground.mdx +87 -0
- package/docs/dev-portal/zudoku/components/secret.mdx +78 -0
- package/docs/dev-portal/zudoku/components/select.mdx +176 -0
- package/docs/dev-portal/zudoku/components/shadcn.mdx +73 -0
- package/docs/dev-portal/zudoku/components/slider.mdx +108 -0
- package/docs/dev-portal/zudoku/components/slot.mdx +119 -0
- package/docs/dev-portal/zudoku/components/stepper.mdx +138 -0
- package/docs/dev-portal/zudoku/components/switch.mdx +96 -0
- package/docs/dev-portal/zudoku/components/syntax-highlight.mdx +602 -0
- package/docs/dev-portal/zudoku/components/textarea.mdx +78 -0
- package/docs/dev-portal/zudoku/components/tooltip.mdx +195 -0
- package/docs/dev-portal/zudoku/components/typography.mdx +61 -0
- package/docs/dev-portal/zudoku/configuration/ai-assistants.md +64 -0
- package/docs/dev-portal/zudoku/configuration/api-catalog.md +108 -0
- package/docs/dev-portal/zudoku/configuration/api-reference.md +397 -0
- package/docs/dev-portal/zudoku/configuration/authentication-auth0.md +173 -0
- package/docs/dev-portal/zudoku/configuration/authentication-azure-ad.md +238 -0
- package/docs/dev-portal/zudoku/configuration/authentication-clerk.md +110 -0
- package/docs/dev-portal/zudoku/configuration/authentication-firebase.md +61 -0
- package/docs/dev-portal/zudoku/configuration/authentication-pingfederate.md +136 -0
- package/docs/dev-portal/zudoku/configuration/authentication-supabase.md +225 -0
- package/docs/dev-portal/zudoku/configuration/authentication.md +199 -0
- package/docs/dev-portal/zudoku/configuration/build-configuration.mdx +147 -0
- package/docs/dev-portal/zudoku/configuration/docs.md +282 -0
- package/docs/dev-portal/zudoku/configuration/footer.mdx +214 -0
- package/docs/dev-portal/zudoku/configuration/llms.md +89 -0
- package/docs/dev-portal/zudoku/configuration/navigation.mdx +408 -0
- package/docs/dev-portal/zudoku/configuration/overview.md +380 -0
- package/docs/dev-portal/zudoku/configuration/protected-routes.md +149 -0
- package/docs/dev-portal/zudoku/configuration/search.md +169 -0
- package/docs/dev-portal/zudoku/configuration/sentry.mdx +44 -0
- package/docs/dev-portal/zudoku/configuration/site.md +124 -0
- package/docs/dev-portal/zudoku/configuration/slots.mdx +124 -0
- package/docs/dev-portal/zudoku/configuration/vite-config.md +18 -0
- package/docs/dev-portal/zudoku/custom-plugins.md +287 -0
- package/docs/dev-portal/zudoku/customization/colors-theme.mdx +275 -0
- package/docs/dev-portal/zudoku/customization/fonts.md +110 -0
- package/docs/dev-portal/zudoku/extending/events.md +124 -0
- package/docs/dev-portal/zudoku/guides/custom-pages.md +106 -0
- package/docs/dev-portal/zudoku/guides/environment-variables.md +99 -0
- package/docs/dev-portal/zudoku/guides/mermaid.mdx +70 -0
- package/docs/dev-portal/zudoku/guides/navigation-migration.md +87 -0
- package/docs/dev-portal/zudoku/guides/navigation-rules.mdx +197 -0
- package/docs/dev-portal/zudoku/guides/processors.mdx +234 -0
- package/docs/dev-portal/zudoku/guides/static-files.md +55 -0
- package/docs/dev-portal/zudoku/guides/transforming-examples.md +156 -0
- package/docs/dev-portal/zudoku/guides/using-multiple-apis.md +87 -0
- package/docs/dev-portal/zudoku/markdown/admonitions.md +128 -0
- package/docs/dev-portal/zudoku/markdown/code-blocks.md +196 -0
- package/docs/dev-portal/zudoku/markdown/frontmatter.md +172 -0
- package/docs/dev-portal/zudoku/markdown/mdx.md +68 -0
- package/docs/dev-portal/zudoku/markdown/overview.md +275 -0
- package/docs/dev-portal/zudoku/plugins.md +5 -0
- package/docs/dev-portal/zudoku/writing.mdx +72 -0
- package/docs/errors/bad-request.mdx +39 -0
- package/docs/errors/build-error.mdx +45 -0
- package/docs/errors/fatal-project-error.mdx +39 -0
- package/docs/errors/gateway-timeout.mdx +33 -0
- package/docs/errors/get-head-body-error.mdx +41 -0
- package/docs/errors/main-mod-error.mdx +40 -0
- package/docs/errors/no-project-set.mdx +41 -0
- package/docs/errors/not-found.mdx +43 -0
- package/docs/errors/rate-limit-exceeded.mdx +31 -0
- package/docs/errors/schema-validation-failed.mdx +51 -0
- package/docs/errors/system-configuration-error.mdx +44 -0
- package/docs/errors/unauthorized.mdx +50 -0
- package/docs/errors/unknown-error.mdx +42 -0
- package/docs/errors.mdx +14 -0
- package/docs/guides/canary-routing-for-employees.mdx +385 -0
- package/docs/guides/geolocation-backend-routing.mdx +404 -0
- package/docs/guides/modify-openapi-paths.mdx +371 -0
- package/docs/guides/openapi-overlays.mdx +492 -0
- package/docs/guides/overview.mdx +12 -0
- package/docs/guides/user-based-backend-routing.mdx +437 -0
- package/docs/handlers/aws-lambda.mdx +201 -0
- package/docs/handlers/custom-handler.mdx +112 -0
- package/docs/handlers/legacy-dev-portal-handler.mdx +135 -0
- package/docs/handlers/mcp-server.mdx +730 -0
- package/docs/handlers/openapi.mdx +78 -0
- package/docs/handlers/redirect.mdx +115 -0
- package/docs/handlers/system-handlers.mdx +41 -0
- package/docs/handlers/url-forward.mdx +204 -0
- package/docs/handlers/url-rewrite.mdx +224 -0
- package/docs/handlers/websocket-handler.mdx +154 -0
- package/docs/home.mdx +6 -0
- package/docs/managed-edge/overview.md +78 -0
- package/docs/mcp-server/configuration-migration-guide.mdx +344 -0
- package/docs/mcp-server/custom-tools.mdx +487 -0
- package/docs/mcp-server/graphql.mdx +241 -0
- package/docs/mcp-server/introduction.mdx +122 -0
- package/docs/mcp-server/openai-apps-sdk.mdx +160 -0
- package/docs/mcp-server/prompts.mdx +283 -0
- package/docs/mcp-server/resources.mdx +288 -0
- package/docs/mcp-server/testing.mdx +53 -0
- package/docs/mcp-server/tools.mdx +306 -0
- package/docs/policies/_index.md +92 -0
- package/docs/policies/ab-test-inbound/intro.md +8 -0
- package/docs/policies/ab-test-inbound/policy.ts +14 -0
- package/docs/policies/ab-test-inbound/schema.json +27 -0
- package/docs/policies/ab-test-outbound/intro.md +8 -0
- package/docs/policies/ab-test-outbound/policy.ts +26 -0
- package/docs/policies/ab-test-outbound/schema.json +27 -0
- package/docs/policies/acl-policy-inbound/intro.md +5 -0
- package/docs/policies/acl-policy-inbound/policy.ts +32 -0
- package/docs/policies/acl-policy-inbound/schema.json +52 -0
- package/docs/policies/akamai-ai-firewall/schema.json +98 -0
- package/docs/policies/amberflo-metering-inbound/doc.md +183 -0
- package/docs/policies/amberflo-metering-inbound/intro.md +20 -0
- package/docs/policies/amberflo-metering-inbound/schema.json +108 -0
- package/docs/policies/api-key-inbound/doc.md +77 -0
- package/docs/policies/api-key-inbound/intro.md +30 -0
- package/docs/policies/api-key-inbound/schema.json +84 -0
- package/docs/policies/archive-request-aws-s3-inbound/intro.md +4 -0
- package/docs/policies/archive-request-aws-s3-inbound/policy.ts +58 -0
- package/docs/policies/archive-request-aws-s3-inbound/schema.json +68 -0
- package/docs/policies/archive-request-azure-storage-inbound/doc.md +31 -0
- package/docs/policies/archive-request-azure-storage-inbound/intro.md +4 -0
- package/docs/policies/archive-request-azure-storage-inbound/policy.ts +54 -0
- package/docs/policies/archive-request-azure-storage-inbound/schema.json +53 -0
- package/docs/policies/archive-request-gcp-storage-inbound/doc.md +63 -0
- package/docs/policies/archive-request-gcp-storage-inbound/intro.md +4 -0
- package/docs/policies/archive-request-gcp-storage-inbound/policy.ts +68 -0
- package/docs/policies/archive-request-gcp-storage-inbound/schema.json +47 -0
- package/docs/policies/archive-response-aws-s3-outbound/intro.md +2 -0
- package/docs/policies/archive-response-aws-s3-outbound/policy.ts +59 -0
- package/docs/policies/archive-response-aws-s3-outbound/schema.json +68 -0
- package/docs/policies/archive-response-azure-storage-outbound/doc.md +31 -0
- package/docs/policies/archive-response-azure-storage-outbound/intro.md +3 -0
- package/docs/policies/archive-response-azure-storage-outbound/policy.ts +54 -0
- package/docs/policies/archive-response-azure-storage-outbound/schema.json +53 -0
- package/docs/policies/audit-log-inbound/doc.md +78 -0
- package/docs/policies/audit-log-inbound/intro.md +10 -0
- package/docs/policies/audit-log-inbound/schema.json +81 -0
- package/docs/policies/auth0-jwt-auth-inbound/doc.md +125 -0
- package/docs/policies/auth0-jwt-auth-inbound/intro.md +17 -0
- package/docs/policies/auth0-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/authzen-inbound/doc.md +24 -0
- package/docs/policies/authzen-inbound/intro.md +31 -0
- package/docs/policies/authzen-inbound/schema.json +126 -0
- package/docs/policies/axiomatics-authz-inbound/doc.md +144 -0
- package/docs/policies/axiomatics-authz-inbound/intro.md +11 -0
- package/docs/policies/axiomatics-authz-inbound/schema.json +161 -0
- package/docs/policies/basic-auth-inbound/intro.md +9 -0
- package/docs/policies/basic-auth-inbound/schema.json +99 -0
- package/docs/policies/bot-detection-inbound/intro.md +4 -0
- package/docs/policies/bot-detection-inbound/schema.json +56 -0
- package/docs/policies/brownout-inbound/doc.md +55 -0
- package/docs/policies/brownout-inbound/intro.md +12 -0
- package/docs/policies/brownout-inbound/schema.json +115 -0
- package/docs/policies/caching-inbound/doc.md +209 -0
- package/docs/policies/caching-inbound/intro.md +23 -0
- package/docs/policies/caching-inbound/schema.json +98 -0
- package/docs/policies/change-method-inbound/schema.json +56 -0
- package/docs/policies/clear-headers-inbound/schema.json +59 -0
- package/docs/policies/clear-headers-outbound/schema.json +59 -0
- package/docs/policies/clerk-jwt-auth-inbound/doc.md +85 -0
- package/docs/policies/clerk-jwt-auth-inbound/intro.md +4 -0
- package/docs/policies/clerk-jwt-auth-inbound/schema.json +68 -0
- package/docs/policies/cognito-jwt-auth-inbound/intro.md +7 -0
- package/docs/policies/cognito-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/comet-opik-tracing-inbound/schema.json +65 -0
- package/docs/policies/complex-rate-limit-inbound/doc.md +20 -0
- package/docs/policies/complex-rate-limit-inbound/intro.md +23 -0
- package/docs/policies/complex-rate-limit-inbound/schema.json +142 -0
- package/docs/policies/composite-inbound/doc.md +69 -0
- package/docs/policies/composite-inbound/intro.md +15 -0
- package/docs/policies/composite-inbound/schema.json +59 -0
- package/docs/policies/composite-outbound/intro.md +6 -0
- package/docs/policies/composite-outbound/schema.json +59 -0
- package/docs/policies/curity-phantom-token-inbound/doc.md +109 -0
- package/docs/policies/curity-phantom-token-inbound/intro.md +3 -0
- package/docs/policies/curity-phantom-token-inbound/schema.json +68 -0
- package/docs/policies/custom-code-inbound/doc.md +267 -0
- package/docs/policies/custom-code-inbound/intro.md +2 -0
- package/docs/policies/custom-code-inbound/schema.json +48 -0
- package/docs/policies/custom-code-outbound/doc.md +235 -0
- package/docs/policies/custom-code-outbound/intro.md +2 -0
- package/docs/policies/custom-code-outbound/schema.json +43 -0
- package/docs/policies/firebase-jwt-inbound/intro.md +6 -0
- package/docs/policies/firebase-jwt-inbound/schema.json +68 -0
- package/docs/policies/formdata-to-json-inbound/schema.json +60 -0
- package/docs/policies/galileo-tracing-inbound/schema.json +65 -0
- package/docs/policies/geo-filter-inbound/doc.md +33 -0
- package/docs/policies/geo-filter-inbound/schema.json +108 -0
- package/docs/policies/graphql-complexity-limit-inbound/doc.md +48 -0
- package/docs/policies/graphql-complexity-limit-inbound/intro.md +2 -0
- package/docs/policies/graphql-complexity-limit-inbound/schema.json +90 -0
- package/docs/policies/graphql-disable-introspection-inbound/doc.md +66 -0
- package/docs/policies/graphql-disable-introspection-inbound/intro.md +15 -0
- package/docs/policies/graphql-disable-introspection-inbound/schema.json +48 -0
- package/docs/policies/graphql-introspection-filter-outbound/doc.md +148 -0
- package/docs/policies/graphql-introspection-filter-outbound/schema.json +79 -0
- package/docs/policies/hmac-auth-inbound/doc.md +30 -0
- package/docs/policies/hmac-auth-inbound/intro.md +10 -0
- package/docs/policies/hmac-auth-inbound/policy.ts +70 -0
- package/docs/policies/hmac-auth-inbound/schema.json +53 -0
- package/docs/policies/http-deprecation-outbound/doc.md +73 -0
- package/docs/policies/http-deprecation-outbound/schema.json +83 -0
- package/docs/policies/ip-restriction-inbound/intro.md +8 -0
- package/docs/policies/ip-restriction-inbound/policy.ts +40 -0
- package/docs/policies/ip-restriction-inbound/schema.json +58 -0
- package/docs/policies/jwt-scopes-inbound/schema.json +59 -0
- package/docs/policies/ldap-auth-inbound/schema.json +56 -0
- package/docs/policies/mock-api-inbound/schema.json +72 -0
- package/docs/policies/moesif-inbound/doc.md +44 -0
- package/docs/policies/moesif-inbound/intro.md +6 -0
- package/docs/policies/moesif-inbound/schema.json +68 -0
- package/docs/policies/monetization-inbound/doc.md +87 -0
- package/docs/policies/monetization-inbound/intro.md +6 -0
- package/docs/policies/monetization-inbound/schema.json +102 -0
- package/docs/policies/mtls-auth-inbound/intro.md +6 -0
- package/docs/policies/mtls-auth-inbound/schema.json +68 -0
- package/docs/policies/okta-fga-authz-inbound/doc.md +181 -0
- package/docs/policies/okta-fga-authz-inbound/intro.md +20 -0
- package/docs/policies/okta-fga-authz-inbound/schema.json +104 -0
- package/docs/policies/okta-jwt-auth-inbound/intro.md +7 -0
- package/docs/policies/okta-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/open-id-jwt-auth-inbound/doc.md +58 -0
- package/docs/policies/open-id-jwt-auth-inbound/intro.md +30 -0
- package/docs/policies/open-id-jwt-auth-inbound/schema.json +128 -0
- package/docs/policies/openfga-authz-inbound/doc.md +207 -0
- package/docs/policies/openfga-authz-inbound/intro.md +17 -0
- package/docs/policies/openfga-authz-inbound/schema.json +191 -0
- package/docs/policies/openmeter-inbound/doc.md +163 -0
- package/docs/policies/openmeter-inbound/intro.md +18 -0
- package/docs/policies/openmeter-inbound/schema.json +183 -0
- package/docs/policies/prompt-injection-outbound/doc.md +106 -0
- package/docs/policies/prompt-injection-outbound/intro.md +4 -0
- package/docs/policies/prompt-injection-outbound/schema.json +74 -0
- package/docs/policies/propel-auth-jwt-inbound/doc.md +88 -0
- package/docs/policies/propel-auth-jwt-inbound/intro.md +4 -0
- package/docs/policies/propel-auth-jwt-inbound/schema.json +74 -0
- package/docs/policies/query-param-to-header-inbound/doc.md +70 -0
- package/docs/policies/query-param-to-header-inbound/intro.md +5 -0
- package/docs/policies/query-param-to-header-inbound/schema.json +74 -0
- package/docs/policies/quota-inbound/doc.md +235 -0
- package/docs/policies/quota-inbound/intro.md +7 -0
- package/docs/policies/quota-inbound/schema.json +133 -0
- package/docs/policies/rate-limit-inbound/doc.md +78 -0
- package/docs/policies/rate-limit-inbound/intro.md +30 -0
- package/docs/policies/rate-limit-inbound/schema.json +134 -0
- package/docs/policies/rbac-policy-inbound/intro.md +3 -0
- package/docs/policies/rbac-policy-inbound/policy.ts +42 -0
- package/docs/policies/rbac-policy-inbound/schema.json +52 -0
- package/docs/policies/readme-metrics-inbound/doc.md +1 -0
- package/docs/policies/readme-metrics-inbound/intro.md +3 -0
- package/docs/policies/readme-metrics-inbound/schema.json +84 -0
- package/docs/policies/remove-headers-inbound/schema.json +59 -0
- package/docs/policies/remove-headers-outbound/schema.json +59 -0
- package/docs/policies/remove-query-params-inbound/schema.json +59 -0
- package/docs/policies/replace-string-outbound/schema.json +69 -0
- package/docs/policies/request-size-limit-inbound/schema.json +60 -0
- package/docs/policies/request-validation-inbound/doc.md +72 -0
- package/docs/policies/request-validation-inbound/intro.md +24 -0
- package/docs/policies/request-validation-inbound/schema.json +98 -0
- package/docs/policies/require-origin-inbound/intro.md +12 -0
- package/docs/policies/require-origin-inbound/schema.json +65 -0
- package/docs/policies/secret-masking-outbound/doc.md +41 -0
- package/docs/policies/secret-masking-outbound/intro.md +13 -0
- package/docs/policies/secret-masking-outbound/schema.json +65 -0
- package/docs/policies/semantic-cache-inbound/doc.md +63 -0
- package/docs/policies/semantic-cache-inbound/intro.md +4 -0
- package/docs/policies/semantic-cache-inbound/schema.json +179 -0
- package/docs/policies/set-body-inbound/intro.md +7 -0
- package/docs/policies/set-body-inbound/schema.json +56 -0
- package/docs/policies/set-headers-inbound/doc.md +41 -0
- package/docs/policies/set-headers-inbound/intro.md +2 -0
- package/docs/policies/set-headers-inbound/schema.json +83 -0
- package/docs/policies/set-headers-outbound/schema.json +83 -0
- package/docs/policies/set-query-params-inbound/schema.json +83 -0
- package/docs/policies/set-status-outbound/schema.json +62 -0
- package/docs/policies/sleep-inbound/schema.json +56 -0
- package/docs/policies/stripe-webhook-verification-inbound/intro.md +2 -0
- package/docs/policies/stripe-webhook-verification-inbound/schema.json +60 -0
- package/docs/policies/supabase-jwt-auth-inbound/doc.md +29 -0
- package/docs/policies/supabase-jwt-auth-inbound/intro.md +12 -0
- package/docs/policies/supabase-jwt-auth-inbound/schema.json +86 -0
- package/docs/policies/transform-body-inbound/intro.md +8 -0
- package/docs/policies/transform-body-inbound/policy.ts +16 -0
- package/docs/policies/transform-body-inbound/schema.json +27 -0
- package/docs/policies/transform-body-outbound/intro.md +8 -0
- package/docs/policies/transform-body-outbound/policy.ts +19 -0
- package/docs/policies/transform-body-outbound/schema.json +27 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/doc.md +82 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/intro.md +20 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +84 -0
- package/docs/policies/upstream-firebase-admin-auth-inbound/intro.md +10 -0
- package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +68 -0
- package/docs/policies/upstream-firebase-user-auth-inbound/intro.md +2 -0
- package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +113 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/doc.md +139 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/intro.md +21 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +96 -0
- package/docs/policies/upstream-gcp-jwt-inbound/intro.md +10 -0
- package/docs/policies/upstream-gcp-jwt-inbound/schema.json +62 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/doc.md +132 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/intro.md +25 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +95 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/doc.md +213 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/intro.md +16 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +101 -0
- package/docs/policies/validate-json-schema-inbound/doc.md +129 -0
- package/docs/policies/validate-json-schema-inbound/intro.md +7 -0
- package/docs/policies/validate-json-schema-inbound/schema.json +56 -0
- package/docs/policies/web-bot-auth-inbound/doc.md +104 -0
- package/docs/policies/web-bot-auth-inbound/intro.md +16 -0
- package/docs/policies/web-bot-auth-inbound/schema.json +76 -0
- package/docs/policies/xml-to-json-outbound/doc.md +71 -0
- package/docs/policies/xml-to-json-outbound/intro.md +4 -0
- package/docs/policies/xml-to-json-outbound/schema.json +117 -0
- package/docs/programmable-api/audit-log.mdx +74 -0
- package/docs/programmable-api/background-dispatcher.mdx +124 -0
- package/docs/programmable-api/background-loader.mdx +104 -0
- package/docs/programmable-api/cache.mdx +186 -0
- package/docs/programmable-api/compatibility-dates.mdx +201 -0
- package/docs/programmable-api/console-logging.mdx +48 -0
- package/docs/programmable-api/context-data.mdx +127 -0
- package/docs/programmable-api/custom-cors-policy.mdx +64 -0
- package/docs/programmable-api/environment.mdx +328 -0
- package/docs/programmable-api/hooks.mdx +569 -0
- package/docs/programmable-api/http-problems.mdx +385 -0
- package/docs/programmable-api/jwt-service-plugin.mdx +420 -0
- package/docs/programmable-api/logger.mdx +223 -0
- package/docs/programmable-api/memory-zone-read-through-cache.mdx +96 -0
- package/docs/programmable-api/node-modules.mdx +67 -0
- package/docs/programmable-api/not-found-handler.mdx +47 -0
- package/docs/programmable-api/oauth-protected-resource-plugin.mdx +46 -0
- package/docs/programmable-api/overview.mdx +213 -0
- package/docs/programmable-api/problem-response-formatter.mdx +183 -0
- package/docs/programmable-api/request-user.mdx +289 -0
- package/docs/programmable-api/reusing-code.mdx +26 -0
- package/docs/programmable-api/route-raw.mdx +55 -0
- package/docs/programmable-api/runtime-behaviors.mdx +25 -0
- package/docs/programmable-api/runtime-errors.mdx +246 -0
- package/docs/programmable-api/runtime-extensions.mdx +340 -0
- package/docs/programmable-api/safely-clone-a-request-or-response.mdx +57 -0
- package/docs/programmable-api/streaming-zone-cache.mdx +155 -0
- package/docs/programmable-api/web-crypto-apis.mdx +219 -0
- package/docs/programmable-api/web-standard-apis.mdx +109 -0
- package/docs/programmable-api/zone-cache.mdx +131 -0
- package/docs/programmable-api/zp-body-removed.mdx +32 -0
- package/docs/programmable-api/zuplo-context.mdx +414 -0
- package/docs/programmable-api/zuplo-id-token.mdx +90 -0
- package/docs/programmable-api/zuplo-json.mdx +91 -0
- package/docs/programmable-api/zuplo-request.mdx +200 -0
- package/docs/sample-apis.mdx +78 -0
- package/docs/self-hosted/overview.md +60 -0
- package/package.json +6 -5
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
This policy filters GraphQL introspection responses to selectively hide types
|
|
2
|
+
and fields from your schema. It intercepts introspection query responses and
|
|
3
|
+
removes configured types and fields, allowing you to expose a subset of your
|
|
4
|
+
GraphQL schema to external clients (like MCP servers or AI agents).
|
|
5
|
+
|
|
6
|
+
### How It Works
|
|
7
|
+
|
|
8
|
+
The policy processes responses from GraphQL introspection queries, which are
|
|
9
|
+
typically made by GraphQL clients and development tools to discover your API's
|
|
10
|
+
schema structure. When an introspection response is detected (containing
|
|
11
|
+
`__schema` as a top level key), the policy filters out:
|
|
12
|
+
|
|
13
|
+
- Entire types specified in `excludeTypes`
|
|
14
|
+
- Specific fields on types specified in `excludeTypeFields`
|
|
15
|
+
|
|
16
|
+
This allows you to hide internal types, sensitive fields, or admin-only
|
|
17
|
+
operations from public consumers while keeping them available for internal use.
|
|
18
|
+
|
|
19
|
+
### Policy Configuration
|
|
20
|
+
|
|
21
|
+
Configure the policy with optional `excludeTypes` and `excludeTypeFields`
|
|
22
|
+
options:
|
|
23
|
+
|
|
24
|
+
```json
|
|
25
|
+
{
|
|
26
|
+
"name": "filter-introspection",
|
|
27
|
+
"policyType": "graphql-introspection-filter-outbound",
|
|
28
|
+
"handler": {
|
|
29
|
+
"export": "GraphQLIntrospectionFilterOutboundPolicy",
|
|
30
|
+
"module": "$import(@zuplo/graphql)",
|
|
31
|
+
"options": {
|
|
32
|
+
"excludeTypes": ["UserInternal", "AdminType", "DebugInfo"],
|
|
33
|
+
"excludeTypeFields": {
|
|
34
|
+
"User": ["password", "ssn"],
|
|
35
|
+
"Query": ["adminUsers", "debugInfo"]
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Configuration Options
|
|
43
|
+
|
|
44
|
+
- **excludeTypes** (optional): Array of GraphQL type names to completely remove
|
|
45
|
+
from the schema. Types must match exactly.
|
|
46
|
+
|
|
47
|
+
- **excludeTypeFields** (optional): Object mapping type names to arrays of field
|
|
48
|
+
names to remove. Only specified fields on the given types will be filtered.
|
|
49
|
+
|
|
50
|
+
### Usage Examples
|
|
51
|
+
|
|
52
|
+
#### Hiding Internal Types
|
|
53
|
+
|
|
54
|
+
Remove internal implementation types from the public schema:
|
|
55
|
+
|
|
56
|
+
```json
|
|
57
|
+
{
|
|
58
|
+
"name": "hide-internal-types",
|
|
59
|
+
"policyType": "graphql-introspection-filter-outbound",
|
|
60
|
+
"handler": {
|
|
61
|
+
"export": "GraphQLIntrospectionFilterOutboundPolicy",
|
|
62
|
+
"module": "$import(@zuplo/graphql)",
|
|
63
|
+
"options": {
|
|
64
|
+
"excludeTypes": ["InternalMetadata", "DebugInfo", "SystemStatus"]
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
#### Filtering Sensitive Fields
|
|
71
|
+
|
|
72
|
+
Hide sensitive fields like passwords and admin operations:
|
|
73
|
+
|
|
74
|
+
```json
|
|
75
|
+
{
|
|
76
|
+
"name": "filter-sensitive-fields",
|
|
77
|
+
"policyType": "graphql-introspection-filter-outbound",
|
|
78
|
+
"handler": {
|
|
79
|
+
"export": "GraphQLIntrospectionFilterOutboundPolicy",
|
|
80
|
+
"module": "$import(@zuplo/graphql)",
|
|
81
|
+
"options": {
|
|
82
|
+
"excludeTypeFields": {
|
|
83
|
+
"User": ["password", "ssn", "creditCard"],
|
|
84
|
+
"Query": ["adminUsers", "systemDiagnostics"],
|
|
85
|
+
"Mutation": ["deleteAllUsers", "resetDatabase"]
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
#### Complete Example with URL Rewrite
|
|
93
|
+
|
|
94
|
+
Apply filtering on a route that forwards to a GraphQL endpoint:
|
|
95
|
+
|
|
96
|
+
```json
|
|
97
|
+
{
|
|
98
|
+
"paths": {
|
|
99
|
+
"/graphql": {
|
|
100
|
+
"x-zuplo-path": {
|
|
101
|
+
"pathMode": "open-api"
|
|
102
|
+
},
|
|
103
|
+
"post": {
|
|
104
|
+
"summary": "GraphQL API",
|
|
105
|
+
"x-zuplo-route": {
|
|
106
|
+
"corsPolicy": "anything-goes",
|
|
107
|
+
"handler": {
|
|
108
|
+
"export": "urlRewriteHandler",
|
|
109
|
+
"module": "$import(@zuplo/runtime)",
|
|
110
|
+
"options": {
|
|
111
|
+
"rewritePattern": "https://api.example.com/graphql"
|
|
112
|
+
}
|
|
113
|
+
},
|
|
114
|
+
"policies": {
|
|
115
|
+
"outbound": ["filter-introspection"]
|
|
116
|
+
}
|
|
117
|
+
},
|
|
118
|
+
"responses": {}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
### Important Notes
|
|
126
|
+
|
|
127
|
+
- This policy only filters introspection responses - it does not enforce
|
|
128
|
+
authorization on the actual GraphQL operations. You must still implement
|
|
129
|
+
proper authorization in your GraphQL resolvers.
|
|
130
|
+
- If a client tries to query a filtered field or type directly, that will be
|
|
131
|
+
handled by your GraphQL server's validation, not by this policy.
|
|
132
|
+
- The policy only processes successful (200 OK) JSON responses that contain
|
|
133
|
+
`__schema` in the response body.
|
|
134
|
+
- If the response cannot be parsed as JSON or is not an introspection response,
|
|
135
|
+
the original response is returned unchanged.
|
|
136
|
+
- Non-introspection GraphQL queries and mutations pass through without
|
|
137
|
+
modification.
|
|
138
|
+
|
|
139
|
+
### Security Considerations
|
|
140
|
+
|
|
141
|
+
- Filtering introspection is a form of security through obscurity - always
|
|
142
|
+
implement proper authentication and authorization at the resolver level
|
|
143
|
+
- Consider combining this policy with authentication policies to control who can
|
|
144
|
+
access your GraphQL endpoint
|
|
145
|
+
- Use this policy to reduce information disclosure about your API's internal
|
|
146
|
+
structure, but don't rely on it as your only security measure
|
|
147
|
+
- Keep in mind that determined attackers may still discover hidden fields
|
|
148
|
+
through other means
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
+
"$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
|
|
4
|
+
"type": "object",
|
|
5
|
+
"title": "GraphQL Introspection Filter",
|
|
6
|
+
"isDeprecated": false,
|
|
7
|
+
"isPaidAddOn": false,
|
|
8
|
+
"isEnterprise": false,
|
|
9
|
+
"isInternal": false,
|
|
10
|
+
"isBeta": false,
|
|
11
|
+
"isHidden": false,
|
|
12
|
+
"products": ["api-gateway"],
|
|
13
|
+
"description": "Filters GraphQL introspection responses to exclude specific types and fields.\n\nThis policy intercepts GraphQL introspection query responses and removes configured types and fields from the schema. Useful for hiding internal types or sensitive fields from the public schema.",
|
|
14
|
+
"deprecatedMessage": "",
|
|
15
|
+
"required": ["handler"],
|
|
16
|
+
"properties": {
|
|
17
|
+
"handler": {
|
|
18
|
+
"type": "object",
|
|
19
|
+
"default": {},
|
|
20
|
+
"required": ["export", "module", "options"],
|
|
21
|
+
"properties": {
|
|
22
|
+
"export": {
|
|
23
|
+
"const": "GraphQLIntrospectionFilterOutboundPolicy",
|
|
24
|
+
"description": "The name of the exported type"
|
|
25
|
+
},
|
|
26
|
+
"module": {
|
|
27
|
+
"const": "$import(@zuplo/graphql)",
|
|
28
|
+
"description": "The module containing the policy"
|
|
29
|
+
},
|
|
30
|
+
"options": {
|
|
31
|
+
"title": "GraphQLIntrospectionFilterOutboundPolicyOptions",
|
|
32
|
+
"type": "object",
|
|
33
|
+
"description": "The options for the GraphQL introspection filtering outbound policy.",
|
|
34
|
+
"required": [],
|
|
35
|
+
"additionalProperties": false,
|
|
36
|
+
"properties": {
|
|
37
|
+
"excludeTypes": {
|
|
38
|
+
"type": "array",
|
|
39
|
+
"items": {
|
|
40
|
+
"type": "string"
|
|
41
|
+
},
|
|
42
|
+
"description": "GraphQL Types to exclude from the schema (exact match).",
|
|
43
|
+
"examples": ["UserInternal", "Admin", "DebugInfo"]
|
|
44
|
+
},
|
|
45
|
+
"excludeTypeFields": {
|
|
46
|
+
"type": "object",
|
|
47
|
+
"additionalProperties": {
|
|
48
|
+
"type": "array",
|
|
49
|
+
"items": {
|
|
50
|
+
"type": "string"
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
"description": "Fields on specific GraphQL Types to exclude.",
|
|
54
|
+
"examples": [
|
|
55
|
+
{
|
|
56
|
+
"User": ["password", "email"],
|
|
57
|
+
"Query": ["adminUsers"]
|
|
58
|
+
}
|
|
59
|
+
]
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
},
|
|
64
|
+
"examples": [
|
|
65
|
+
{
|
|
66
|
+
"export": "GraphQLIntrospectionFilterOutboundPolicy",
|
|
67
|
+
"module": "$import(@zuplo/graphql)",
|
|
68
|
+
"options": {
|
|
69
|
+
"excludeTypeFields": {
|
|
70
|
+
"User": ["password", "email"],
|
|
71
|
+
"Query": ["adminUsers"]
|
|
72
|
+
},
|
|
73
|
+
"excludeTypes": "UserInternal"
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
]
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
The example below demonstrates how you could sign a value in order to create an
|
|
2
|
+
HMAC signature for use with this policy.
|
|
3
|
+
|
|
4
|
+
```ts
|
|
5
|
+
const token = await sign("my data", environment.MY_SECRET);
|
|
6
|
+
|
|
7
|
+
async function sign(
|
|
8
|
+
key: string | ArrayBuffer,
|
|
9
|
+
val: string,
|
|
10
|
+
): Promise<ArrayBuffer> {
|
|
11
|
+
const encoder = new TextEncoder();
|
|
12
|
+
const cryptoKey = await crypto.subtle.importKey(
|
|
13
|
+
"raw",
|
|
14
|
+
typeof key === "string" ? encoder.encode(key) : key,
|
|
15
|
+
{ name: "HMAC", hash: { name: "SHA-256" } },
|
|
16
|
+
false,
|
|
17
|
+
["sign"],
|
|
18
|
+
);
|
|
19
|
+
const token = await crypto.subtle.sign(
|
|
20
|
+
"HMAC",
|
|
21
|
+
cryptoKey,
|
|
22
|
+
encoder.encode(val),
|
|
23
|
+
);
|
|
24
|
+
return Array.prototype.map
|
|
25
|
+
.call(new Uint8Array(token), function (x) {
|
|
26
|
+
return ("0" + x.toString(16)).slice(-2);
|
|
27
|
+
})
|
|
28
|
+
.join("");
|
|
29
|
+
}
|
|
30
|
+
```
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
This example policy demonstrates how to use a shared secret to create an
|
|
2
|
+
[HMAC](https://en.wikipedia.org/wiki/HMAC) signature to sign a payload (in this
|
|
3
|
+
case the body). When the request is sent, the signature is sent in the request
|
|
4
|
+
header. The policy can then verify that the signature matches the payload - thus
|
|
5
|
+
ensuring that the sender had the same shared secret.
|
|
6
|
+
|
|
7
|
+
This policy is configured with the value of the `secret`. Normally, you would
|
|
8
|
+
store this as an environment variable secret. Additionally, the policy option
|
|
9
|
+
`headerName` is used to set the header that will be used by the client to send
|
|
10
|
+
the signature.
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { HttpProblems, ZuploContext, ZuploRequest } from "@zuplo/runtime";
|
|
2
|
+
|
|
3
|
+
interface PolicyOptions {
|
|
4
|
+
secret: string;
|
|
5
|
+
headerName: string;
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
export default async function (
|
|
9
|
+
request: ZuploRequest,
|
|
10
|
+
context: ZuploContext,
|
|
11
|
+
options: PolicyOptions,
|
|
12
|
+
policyName: string,
|
|
13
|
+
) {
|
|
14
|
+
// Validate the policy options
|
|
15
|
+
if (typeof options.secret !== "string") {
|
|
16
|
+
throw new Error(
|
|
17
|
+
`The option 'secret' on policy '${policyName}' must be a string. Received ${typeof options.secret}.`,
|
|
18
|
+
);
|
|
19
|
+
}
|
|
20
|
+
if (typeof options.headerName !== "string") {
|
|
21
|
+
throw new Error(
|
|
22
|
+
`The option 'headerName' on policy '${policyName}' must be a string. Received ${typeof options.headerName}.`,
|
|
23
|
+
);
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// Get the authorization header
|
|
27
|
+
const token = request.headers.get(options.headerName);
|
|
28
|
+
|
|
29
|
+
// No auth header, unauthorized
|
|
30
|
+
if (!token) {
|
|
31
|
+
return HttpProblems.unauthorized(request, context);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
// Convert the hex encoded token to an Uint8Array
|
|
35
|
+
const tokenData = new Uint8Array(
|
|
36
|
+
token.match(/../g)!.map((h) => parseInt(h, 16)),
|
|
37
|
+
);
|
|
38
|
+
|
|
39
|
+
// Get the data to verify
|
|
40
|
+
// This could be anything (headers, query parameter, etc.)
|
|
41
|
+
// For this example, we will just verify the entire body value
|
|
42
|
+
const data = await request.text();
|
|
43
|
+
|
|
44
|
+
// Create a crypto key from a secret stored as an environment variable
|
|
45
|
+
const encoder = new TextEncoder();
|
|
46
|
+
const encodedSecret = encoder.encode(options.secret);
|
|
47
|
+
const key = await crypto.subtle.importKey(
|
|
48
|
+
"raw",
|
|
49
|
+
encodedSecret,
|
|
50
|
+
{ name: "HMAC", hash: "SHA-256" },
|
|
51
|
+
false,
|
|
52
|
+
["verify"],
|
|
53
|
+
);
|
|
54
|
+
|
|
55
|
+
// Verify that the data
|
|
56
|
+
const verified = await crypto.subtle.verify(
|
|
57
|
+
"HMAC",
|
|
58
|
+
key,
|
|
59
|
+
tokenData,
|
|
60
|
+
encoder.encode(data),
|
|
61
|
+
);
|
|
62
|
+
|
|
63
|
+
// Check if the data is verified, if not return unauthorized
|
|
64
|
+
if (!verified) {
|
|
65
|
+
return HttpProblems.unauthorized(request, context);
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
// Request is authorized, continue
|
|
69
|
+
return request;
|
|
70
|
+
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
+
"$id": "http://zuplo.com/schemas/policies/hmac-auth-inbound.json",
|
|
4
|
+
"type": "object",
|
|
5
|
+
"title": "HMAC Auth",
|
|
6
|
+
"isCustom": true,
|
|
7
|
+
"products": ["api-gateway"],
|
|
8
|
+
"description": "Authenticate requests using the HMAC-SHA256 authentication scheme.",
|
|
9
|
+
"required": ["handler"],
|
|
10
|
+
"properties": {
|
|
11
|
+
"handler": {
|
|
12
|
+
"type": "object",
|
|
13
|
+
"default": {},
|
|
14
|
+
"required": ["export", "module", "options"],
|
|
15
|
+
"properties": {
|
|
16
|
+
"export": {
|
|
17
|
+
"const": "default",
|
|
18
|
+
"description": "The export from the custom policy"
|
|
19
|
+
},
|
|
20
|
+
"module": {
|
|
21
|
+
"const": "$import(./modules/YOUR_MODULE)",
|
|
22
|
+
"description": "The module containing the policy"
|
|
23
|
+
},
|
|
24
|
+
"options": {
|
|
25
|
+
"type": "object",
|
|
26
|
+
"description": "The options for this policy",
|
|
27
|
+
"required": ["secret", "headerName"],
|
|
28
|
+
"properties": {
|
|
29
|
+
"secret": {
|
|
30
|
+
"type": "string",
|
|
31
|
+
"description": "The secret to use for HMAC authentication"
|
|
32
|
+
},
|
|
33
|
+
"headerName": {
|
|
34
|
+
"type": "string",
|
|
35
|
+
"description": "The header where the HMAC signature is send"
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
},
|
|
40
|
+
"examples": [
|
|
41
|
+
{
|
|
42
|
+
"_name": "basic",
|
|
43
|
+
"export": "default",
|
|
44
|
+
"module": "$import(./modules/YOUR_MODULE)",
|
|
45
|
+
"options": {
|
|
46
|
+
"secret": "$env(MY_SECRET)",
|
|
47
|
+
"headerName": "signed-request"
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
]
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
This policy adds HTTP deprecation headers to outgoing responses following the
|
|
2
|
+
[IETF HTTP Deprecation Header](https://datatracker.ietf.org/doc/html/draft-ietf-httpapi-deprecation-header)
|
|
3
|
+
standard. It supports the `Deprecation`, `Sunset`, and `Link` headers to signal
|
|
4
|
+
to API consumers that an endpoint is deprecated.
|
|
5
|
+
|
|
6
|
+
## Configuration
|
|
7
|
+
|
|
8
|
+
- `deprecation` **(required)**: The deprecation value. Use `true` to indicate
|
|
9
|
+
the endpoint is already deprecated, an ISO 8601 date string with timezone
|
|
10
|
+
offset (e.g. `"2024-12-31T23:59:59Z"`) for a specific deprecation date, or a
|
|
11
|
+
Unix timestamp number.
|
|
12
|
+
- `sunset`: An ISO 8601 date string with timezone offset indicating when the
|
|
13
|
+
endpoint will be removed. Sets the `Sunset` header.
|
|
14
|
+
- `link`: A URL to documentation about the deprecation or a migration guide.
|
|
15
|
+
Sets the `Link` header.
|
|
16
|
+
|
|
17
|
+
## Usage
|
|
18
|
+
|
|
19
|
+
Apply this policy to outbound responses in your route configuration:
|
|
20
|
+
|
|
21
|
+
```json
|
|
22
|
+
{
|
|
23
|
+
"policies": [
|
|
24
|
+
{
|
|
25
|
+
"name": "http-deprecation-policy",
|
|
26
|
+
"policyType": "http-deprecation-outbound",
|
|
27
|
+
"handler": {
|
|
28
|
+
"export": "HttpDeprecationOutboundPolicy",
|
|
29
|
+
"module": "$import(@zuplo/runtime)",
|
|
30
|
+
"options": {
|
|
31
|
+
"deprecation": "2025-01-15T00:00:00Z",
|
|
32
|
+
"sunset": "2025-06-30T23:59:59Z",
|
|
33
|
+
"link": "https://example.com/docs/v2-migration"
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
If the endpoint is already deprecated and you don't need a specific date, you
|
|
42
|
+
can set `deprecation` to `true`:
|
|
43
|
+
|
|
44
|
+
```json
|
|
45
|
+
{
|
|
46
|
+
"policies": [
|
|
47
|
+
{
|
|
48
|
+
"name": "http-deprecation-policy",
|
|
49
|
+
"policyType": "http-deprecation-outbound",
|
|
50
|
+
"handler": {
|
|
51
|
+
"export": "HttpDeprecationOutboundPolicy",
|
|
52
|
+
"module": "$import(@zuplo/runtime)",
|
|
53
|
+
"options": {
|
|
54
|
+
"deprecation": true,
|
|
55
|
+
"link": "https://example.com/docs/v2-migration"
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
]
|
|
60
|
+
}
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Response Headers
|
|
64
|
+
|
|
65
|
+
Based on the configuration above, the policy sets the following headers on the
|
|
66
|
+
response:
|
|
67
|
+
|
|
68
|
+
- **`Deprecation`** - Set to the string `"true"` when input is `true`, an
|
|
69
|
+
HTTP-date when input is an ISO 8601 string, or an RFC 9651 timestamp
|
|
70
|
+
(`@epoch`) when input is a Unix timestamp number.
|
|
71
|
+
- **`Sunset`** - An HTTP-date indicating when the endpoint will be removed.
|
|
72
|
+
- **`Link`** - A link to deprecation documentation, formatted as
|
|
73
|
+
`<URL>; rel="deprecation"; type="text/html"`.
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
+
"$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
|
|
4
|
+
"type": "object",
|
|
5
|
+
"title": "HTTP Deprecation",
|
|
6
|
+
"isDeprecated": false,
|
|
7
|
+
"isPaidAddOn": false,
|
|
8
|
+
"isEnterprise": false,
|
|
9
|
+
"isInternal": false,
|
|
10
|
+
"isBeta": false,
|
|
11
|
+
"isHidden": false,
|
|
12
|
+
"products": ["api-gateway"],
|
|
13
|
+
"description": "Sets HTTP deprecation headers on the outgoing response following the IETF HTTP Deprecation Header standard. Supports the Deprecation, Sunset, and Link headers.",
|
|
14
|
+
"deprecatedMessage": "",
|
|
15
|
+
"required": ["handler"],
|
|
16
|
+
"properties": {
|
|
17
|
+
"handler": {
|
|
18
|
+
"type": "object",
|
|
19
|
+
"default": {},
|
|
20
|
+
"required": ["export", "module", "options"],
|
|
21
|
+
"properties": {
|
|
22
|
+
"export": {
|
|
23
|
+
"const": "HttpDeprecationOutboundPolicy",
|
|
24
|
+
"description": "The name of the exported type"
|
|
25
|
+
},
|
|
26
|
+
"module": {
|
|
27
|
+
"const": "$import(@zuplo/runtime)",
|
|
28
|
+
"description": "The module containing the policy"
|
|
29
|
+
},
|
|
30
|
+
"options": {
|
|
31
|
+
"title": "HttpDeprecationOutboundPolicyOptions",
|
|
32
|
+
"type": "object",
|
|
33
|
+
"description": "The options for the HTTP Deprecation outbound policy.",
|
|
34
|
+
"additionalProperties": false,
|
|
35
|
+
"required": ["deprecation"],
|
|
36
|
+
"properties": {
|
|
37
|
+
"deprecation": {
|
|
38
|
+
"oneOf": [
|
|
39
|
+
{
|
|
40
|
+
"type": "boolean",
|
|
41
|
+
"const": true,
|
|
42
|
+
"description": "Set to true to indicate the endpoint is deprecated without a specific date."
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"type": "string",
|
|
46
|
+
"description": "An ISO 8601 date string indicating when the endpoint was or will be deprecated. Converted to an HTTP-date in the header."
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"type": "number",
|
|
50
|
+
"description": "A Unix timestamp indicating when the endpoint was or will be deprecated. Formatted as an RFC 9651 date in the header."
|
|
51
|
+
}
|
|
52
|
+
],
|
|
53
|
+
"description": "The deprecation value. Use `true` for already deprecated, an ISO 8601 date string for a specific date, or a Unix timestamp number.",
|
|
54
|
+
"examples": [true, "2024-12-31T23:59:59Z", 1735689599]
|
|
55
|
+
},
|
|
56
|
+
"sunset": {
|
|
57
|
+
"type": "string",
|
|
58
|
+
"description": "An ISO 8601 date string indicating when the endpoint will be removed. Sets the Sunset header.",
|
|
59
|
+
"examples": ["2025-06-30T23:59:59Z"]
|
|
60
|
+
},
|
|
61
|
+
"link": {
|
|
62
|
+
"type": "string",
|
|
63
|
+
"format": "uri",
|
|
64
|
+
"description": "A URL to documentation about the deprecation or migration guide. Sets the Link header.",
|
|
65
|
+
"examples": ["https://example.com/docs/v2-migration"]
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
},
|
|
70
|
+
"examples": [
|
|
71
|
+
{
|
|
72
|
+
"export": "HttpDeprecationOutboundPolicy",
|
|
73
|
+
"module": "$import(@zuplo/runtime)",
|
|
74
|
+
"options": {
|
|
75
|
+
"deprecation": true,
|
|
76
|
+
"link": "https://example.com/docs/v2-migration",
|
|
77
|
+
"sunset": "2025-06-30T23:59:59Z"
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
]
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
This custom policy allows you to specify a set of IP addresses that are allowed
|
|
2
|
+
or blocked from making requests on your API. This can be useful for adding
|
|
3
|
+
light-weight security to your API in non-critical scenarios. For example, if you
|
|
4
|
+
want to ensure only employees on your corporate VPN can't access development
|
|
5
|
+
environments.
|
|
6
|
+
|
|
7
|
+
Generally, this policy shouldn't be relied upon as the only security for
|
|
8
|
+
protecting sensitive workloads.
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { HttpProblems, ZuploContext, ZuploRequest } from "@zuplo/runtime";
|
|
2
|
+
import ipRangeCheck from "ip-range-check";
|
|
3
|
+
|
|
4
|
+
interface PolicyOptions {
|
|
5
|
+
allowedIpAddresses?: string[];
|
|
6
|
+
blockedIpAddresses?: string[];
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
export default async function (
|
|
10
|
+
request: ZuploRequest,
|
|
11
|
+
context: ZuploContext,
|
|
12
|
+
options: PolicyOptions,
|
|
13
|
+
policyName: string,
|
|
14
|
+
) {
|
|
15
|
+
// TODO: Validate the policy options. Skipping in the example for brevity
|
|
16
|
+
|
|
17
|
+
// Get the incoming IP address
|
|
18
|
+
const ip = request.headers.get("true-client-ip");
|
|
19
|
+
|
|
20
|
+
// If the allowed IP addresses are set, then the incoming IP
|
|
21
|
+
// must be in that list
|
|
22
|
+
if (options.allowedIpAddresses) {
|
|
23
|
+
const allowed = ipRangeCheck(ip, options.allowedIpAddresses);
|
|
24
|
+
if (!allowed) {
|
|
25
|
+
return HttpProblems.unauthorized(request, context);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
// If the blocked IP addresses are set, then the incoming IP
|
|
30
|
+
// can't be in that list
|
|
31
|
+
if (options.blockedIpAddresses) {
|
|
32
|
+
const blocked = ipRangeCheck(ip, options.allowedIpAddresses);
|
|
33
|
+
if (blocked) {
|
|
34
|
+
return HttpProblems.unauthorized(request, context);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
// If we made it this far, the IP address is allowed, continue
|
|
39
|
+
return request;
|
|
40
|
+
}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
+
"$id": "http://zuplo.com/schemas/policies/ip-restriction-inbound.json",
|
|
4
|
+
"type": "object",
|
|
5
|
+
"title": "IP Restriction",
|
|
6
|
+
"isCustom": true,
|
|
7
|
+
"products": ["api-gateway"],
|
|
8
|
+
"description": "Block or allow requests based on their IP address.",
|
|
9
|
+
"required": ["handler"],
|
|
10
|
+
"properties": {
|
|
11
|
+
"handler": {
|
|
12
|
+
"type": "object",
|
|
13
|
+
"default": {},
|
|
14
|
+
"required": ["export", "module", "options"],
|
|
15
|
+
"properties": {
|
|
16
|
+
"export": {
|
|
17
|
+
"const": "default",
|
|
18
|
+
"description": "The name of the exported type"
|
|
19
|
+
},
|
|
20
|
+
"module": {
|
|
21
|
+
"const": "$import(./modules/YOUR_MODULE)",
|
|
22
|
+
"description": "The module containing the policy"
|
|
23
|
+
},
|
|
24
|
+
"options": {
|
|
25
|
+
"type": "object",
|
|
26
|
+
"description": "The options for this policy",
|
|
27
|
+
"required": [],
|
|
28
|
+
"properties": {
|
|
29
|
+
"allowedIpAddresses": {
|
|
30
|
+
"type": "array",
|
|
31
|
+
"items": {
|
|
32
|
+
"type": "string"
|
|
33
|
+
},
|
|
34
|
+
"description": "The IP addresses or CIDR ranges to allow"
|
|
35
|
+
},
|
|
36
|
+
"blockedIpAddresses": {
|
|
37
|
+
"type": "array",
|
|
38
|
+
"items": {
|
|
39
|
+
"type": "string"
|
|
40
|
+
},
|
|
41
|
+
"description": "The IP addresses or CIDR ranges to allow"
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
},
|
|
46
|
+
"examples": [
|
|
47
|
+
{
|
|
48
|
+
"_name": "basic",
|
|
49
|
+
"export": "default",
|
|
50
|
+
"module": "$import(./modules/YOUR_MODULE)",
|
|
51
|
+
"options": {
|
|
52
|
+
"allowedIpAddresses": ["184.42.1.4", "102.1.5.2/24"]
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
]
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
}
|