Allow injecting request headers on the proxy module

Author: johansmitsnl

examples/proxy/Trunk.toml

@@ -21,6 +21,7 @@ ws = true
 # E.G., `/api/v1/resource/x/y/z` -> `/resource/x/y/z`
 rewrite = "/api/v1/"
 backend = "http://localhost:9090/"
+request_headers = { "x-api-key" = "some-special-key" }
 
 [[proxy]]
 # This proxy specifies only the backend, which is the only required field. In this example,

schemas/config.json

@@ -360,6 +360,15 @@
           "default": false,
           "type": "boolean"
         },
+        "request_headers": {
+          "description": "Configure additional headers to send in proxied requests.",
+          "default": {},
+          "deprecated": true,
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
         "rewrite": {
           "description": "An optional URI prefix which is to be used as the base URI for proxying requests, which defaults to the URI of the backend.\n\nWhen a value is specified, requests received on this URI will have this URI segment replaced with the URI of the `backend`.",
           "type": [

src/cmd/serve.rs

@@ -141,6 +141,7 @@ impl Serve {
             // we have a single proxy from the command line
             config.proxies.0.push(Proxy {
                 backend: backend.into(),
+                request_headers: Default::default(),
                 rewrite: proxy_rewrite,
                 ws: proxy_ws,
                 insecure: proxy_insecure,

src/config/models/mod.rs

@@ -101,6 +101,7 @@ impl ConfigModel for Configuration {
             log::warn!("The proxy fields in the configuration are deprecated and will be removed in a future version. Migrate those settings into an entry of the `proxies` field, which allows adding more than one.");
             self.proxies.0.push(Proxy {
                 backend,
+                request_headers: Default::default(),
                 rewrite: self.serve.proxy_rewrite.take(),
                 ws: self.serve.proxy_ws.unwrap_or_default(),
                 insecure: self.serve.proxy_insecure.unwrap_or_default(),

src/config/models/proxy.rs

@@ -1,3 +1,5 @@
+use std::collections::HashMap;
+
 use crate::{config::models::ConfigModel, config::types::Uri};
 use schemars::JsonSchema;
 use serde::Deserialize;
@@ -13,6 +15,9 @@ pub struct Proxy {
     /// When a value is specified, requests received on this URI will have this URI segment
     /// replaced with the URI of the `backend`.
     pub rewrite: Option<String>,
+    /// A set of headers to pass to the proxied backend.
+    #[serde(default)]
+    pub request_headers: HashMap<String, String>,
     /// Configure the proxy for handling WebSockets.
     #[serde(default)]
     pub ws: bool,

src/proxy.rs

@@ -6,15 +6,15 @@ use axum::{
         ws::{Message as MsgAxm, WebSocket, WebSocketUpgrade},
         Request, State,
     },
-    http::{Response, Uri},
+    http::{HeaderName, Response, Uri},
     routing::{any, get, Router},
     RequestExt,
 };
 use bytes::BytesMut;
 use futures_util::{sink::SinkExt, stream::StreamExt, TryStreamExt};
 use hyper::{header::HOST, HeaderMap};
 use reqwest::header::HeaderValue;
-use std::sync::Arc;
+use std::{collections::HashMap, str::FromStr, sync::Arc};
 use tokio_tungstenite::{
     connect_async,
     tungstenite::{protocol::CloseFrame, Message as MsgTng},
@@ -34,6 +34,8 @@ pub(crate) struct ProxyHandlerHttp {
     client: reqwest::Client,
     /// The URL of the backend to which requests are to be proxied.
     backend: Uri,
+    /// The headers to inject with the request
+    request_headers: HashMap<String, String>,
     /// An optional rewrite path to be used as the listening URI prefix, but which will be
     /// stripped before being sent to the proxy backend.
     rewrite: Option<String>,
@@ -102,10 +104,16 @@ fn make_outbound_request(
 
 impl ProxyHandlerHttp {
     /// Construct a new instance.
-    pub fn new(client: reqwest::Client, backend: Uri, rewrite: Option<String>) -> Arc<Self> {
+    pub fn new(
+        client: reqwest::Client,
+        backend: Uri,
+        request_headers: HashMap<String, String>,
+        rewrite: Option<String>,
+    ) -> Arc<Self> {
         Arc::new(Self {
             client,
             backend,
+            request_headers,
             rewrite,
         })
     }
@@ -135,10 +143,21 @@ impl ProxyHandlerHttp {
     ) -> ServerResult<Response<Body>> {
         // Construct the outbound URI & build a new request to be sent to the proxy backend.
         let outbound_uri = make_outbound_uri(&state.backend, req.uri())?;
+
+        let mut headers = req.headers().clone();
+        for (header_name, header_value) in state.request_headers.clone() {
+            headers.insert(
+                HeaderName::from_str(&header_name).context("Error building the header key")?,
+                header_value
+                    .parse()
+                    .context("Error building the header value")?,
+            );
+        }
+
         let mut outbound_req = state
             .client
             .request(req.method().clone(), outbound_uri.to_string())
-            .headers(req.headers().clone())
+            .headers(headers.clone())
             .body(reqwest::Body::from(
                 // It would be better to use a stream for this. However, right now,
                 // .into_data_stream() returns a stream which is not Send+Sync, so we can't pass it
@@ -153,10 +172,12 @@ impl ProxyHandlerHttp {
             .build()
             .context("error building outbound request to proxy backend")?;
 
-        // Ensure the host header is set to target the backend.
-        if let Some(host) = state.backend.authority().map(|authority| authority.host()) {
-            if let Ok(host) = HeaderValue::from_str(host) {
-                outbound_req.headers_mut().insert("host", host);
+        // Ensure the host header is set to target the backend if not given in the header override list.
+        if !headers.contains_key(HOST) {
+            if let Some(host) = state.backend.authority().map(|authority| authority.host()) {
+                if let Ok(host) = HeaderValue::from_str(host) {
+                    outbound_req.headers_mut().insert("host", host);
+                }
             }
         }
 

src/serve/mod.rs

@@ -367,6 +367,7 @@ fn router(state: Arc<State>, cfg: Arc<RtcServe>) -> Result<Router> {
         builder = builder.register_proxy(
             proxy.ws,
             &proxy.backend,
+            &proxy.request_headers,
             proxy.rewrite.clone(),
             ProxyClientOptions {
                 insecure: proxy.insecure,

src/serve/proxy.rs

@@ -30,6 +30,7 @@ impl ProxyBuilder {
         mut self,
         ws: bool,
         backend: &Uri,
+        request_headers: &HashMap<String, String>,
         rewrite: Option<String>,
         opts: ProxyClientOptions,
     ) -> anyhow::Result<Self> {
@@ -47,12 +48,18 @@ impl ProxyBuilder {
             let no_sys_proxy = opts.no_system_proxy;
             let insecure = opts.insecure;
             let client = self.clients.get_client(opts)?;
-            let handler = ProxyHandlerHttp::new(client, backend.clone(), rewrite);
+            let handler =
+                ProxyHandlerHttp::new(client, backend.clone(), request_headers.clone(), rewrite);
             tracing::info!(
-                "{}proxying {} -> {}{}{}",
+                "{}proxying {} -> {} {} {}{}",
                 SERVER,
                 handler.path(),
                 &backend,
+                &request_headers
+                    .iter()
+                    .map(|(header_name, header_value)| format!("{header_name}={header_value}"))
+                    .collect::<Vec<String>>()
+                    .join(";"),
                 if no_sys_proxy {
                     "; ignoring system proxy"
                 } else {