Aspecto Privacy Rules
Privacy rules allow to specify which requests or fields need to be blocked or scrambled. Rules are described in a JSON with a certain structure and can be executed by PrivacyEngine.
Example
// specify some rules
const blockRule: PrivacyRuleDef = {
conditions: [{ conditionType: 'always' }],
actions: [{ actionType: 'block-request' }],
};
const scrambleFieldRule: PrivacyRuleDef = {
conditions: [{ conditionType: 'route', conditionData: { filterType: 'by-value', filterValue: '/users/' } }],
actions: [
{
actionType: 'scramble-field',
actionData: {
fieldTypes: ['header', 'body-json', 'query-param'],
filter: { filterType: 'by-key', filterValue: 'Authentication' },
},
},
{
actionType: 'scramble-field',
actionData: {
fieldTypes: ['header', 'body-json', 'query-param'],
filter: { filterType: 'by-key', filterValue: 'Bearer' },
},
},
],
};
const blockFieldRule: PrivacyRuleDef = {
conditions: [{ conditionType: 'service', conditionData: { filterType: 'by-value', filterValue: 'user-service' } }],
actions: [
{
actionType: 'block-field',
actionData: {
fieldTypes: ['header', 'body-json', 'query-param'],
filter: { filterType: 'by-key', filterValue: 'Authentication' },
},
},
{
actionType: 'block-field',
actionData: {
fieldTypes: ['header', 'body-json', 'query-param'],
filter: { filterType: 'by-key', filterValue: 'Bearer' },
},
},
],
};
// example message (http request-response)
export const sampleMessage: AspectoMessage = {
packageName: 'user-service',
HTTP_REQUEST: {
route: { path: '/users/' },
body: { user: 'daniel', password: 'craig' },
query: {
auth: 'token',
param1: 'notprivate',
},
requestHeaders: {
Bearer: 'req-token',
},
responseHeaders: {
Authentication: 'resp-token',
},
},
};
// create an instance of the engine, set rules and execute them
const privacyEngine = new PrivacyEngine();
const rules: any[] = [blockRule, blockFieldRule, scrambleFieldRule];
privacyEngine.setRules(rules);
// this will mutate the message, blocking or scrambling certain fields
const result = privacyEngine.executeRules(sampleMessage);