Skip to content

Extract client IP and TLS info once at adapter boundary (PR7)#599

Open
prk-Jr wants to merge 20 commits intofeature/edgezero-pr6-backend-http-clientfrom
feature/edgezero-pr7-geo-client-info
Open

Extract client IP and TLS info once at adapter boundary (PR7)#599
prk-Jr wants to merge 20 commits intofeature/edgezero-pr6-backend-http-clientfrom
feature/edgezero-pr7-geo-client-info

Conversation

@prk-Jr
Copy link
Copy Markdown
Collaborator

@prk-Jr prk-Jr commented Mar 31, 2026

Summary

  • Eliminates all req.get_client_ip_addr(), req.get_tls_protocol(), and req.get_tls_cipher_openssl_name() calls from active code in trusted-server-core; the adapter extracts these once into ClientInfo and threads it through RuntimeServices, keeping core fully platform-agnostic
  • Adds client_info: &'a ClientInfo to AuctionContext, changes RequestInfo::from_request and generate_synthetic_id to take &ClientInfo / &RuntimeServices instead of calling the Fastly SDK directly, and applies a warn-and-continue pattern for all geo lookups
  • Removes the last Fastly-specific IP/TLS SDK calls from core logic — after this PR, trusted-server-core contains zero direct calls to Fastly request introspection APIs

Changes

File Change
src/auction/types.rs Add client_info: &'a ClientInfo field to AuctionContext
src/auction/endpoints.rs Thread client_info into AuctionContext; replace deprecated geo call with warn-and-continue
src/auction/formats.rs Add services: &RuntimeServices and geo: Option<GeoInfo> params; use services.client_info.client_ip
src/auction/orchestrator.rs Thread client_info through mediator and provider context construction sites
src/http_util.rs RequestInfo::from_request takes &ClientInfo; detect_request_scheme takes TLS params directly
src/integrations/didomi.rs copy_headers takes client_ip: Option<IpAddr>; removes internal SDK call
src/integrations/prebid.rs Thread client_info into all RequestInfo::from_request call sites and AuctionContext construction
src/integrations/registry.rs Pass services to get_or_generate_synthetic_id
src/publisher.rs Thread services through; replace deprecated geo and synthetic ID calls
src/synthetic.rs generate_synthetic_id takes &RuntimeServices; use services.client_info.client_ip
src/platform/test_support.rs Add noop_services_with_client_ip test helper
adapter-fastly/src/main.rs Thread runtime_services into handle_publisher_request
src/auction/README.md Update route table to match current main.rs

Closes

Closes #488

Test plan

  • cargo test --workspace
  • cargo clippy --workspace --all-targets --all-features -- -D warnings
  • cargo fmt --all -- --check
  • JS tests: cd crates/js/lib && npx vitest run
  • JS format: cd crates/js/lib && npm run format
  • Docs format: cd docs && npm run format
  • WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1

Checklist

  • Changes follow CLAUDE.md conventions
  • No unwrap() in production code — use expect("should ...")
  • Uses log macros (not println!)
  • New code has tests
  • No secrets or credentials committed

prk-Jr added 20 commits March 30, 2026 18:00
@prk-Jr
Add PR7 design spec for geo lookup + client info extract-once
2ff0ce9 
Documents the call site migration plan: five Fastly SDK extraction
points in trusted-server-core replaced by RuntimeServices::client_info
reads, following Phase 1 injection pattern from the EdgeZero migration design.
@prk-Jr
Fix spec review issues in PR7 design doc
ead539c 
- Correct erroneous claim about generate_synthetic_id being called twice
  via DeviceInfo; it is called once (line 91 for fresh_id), DeviceInfo.ip
  is a separate req.get_client_ip_addr() call fixed independently
- Add before/after snippet for handle_publisher_request call site in main.rs
- Add noop_services import instruction for http_util.rs test module
- Clarify _services rename (drop underscore, not add new param) in didomi.rs
- Clarify nextjs #[allow(deprecated)] annotations are out of scope (different function)
@prk-Jr
Update PR7 spec to address all five agent review findings
8bbfc74 
- Change RequestInfo::from_request signature to &ClientInfo (not
  &RuntimeServices) so prebid can call it with context.client_info
- Scope SDK-call acceptance criteria to active non-deprecated code only
- List all six AuctionContext construction sites including two production
  sites in orchestrator.rs and three test helpers in orchestrator/prebid
- Add explicit warn-and-continue pattern for publisher.rs geo lookup
- Correct testing table: formats.rs and endpoints.rs have no test modules;
  add orchestrator.rs and prebid.rs test helper update rows
@prk-Jr
Add PR7 implementation plan and address plan review findings
b39cd79 
Plan covers 6 tasks in compilation-safe order: AuctionContext struct change
first, then from_request signature, then synthetic.rs cascade, then publisher
geo, then didomi. Includes two new copy_headers unit tests (Some/None).

Spec fixes: clarify injection pattern exceptions for &ClientInfo and
Option<IpAddr>; reword acceptance criterion to reflect that provider-layer
reads flow through AuctionContext.client_info.
@prk-Jr
Fix three plan review findings and two open questions
d6a624a 
- Finding 1 (High): Add missing publisher.rs test call site at line ~695
  for get_or_generate_synthetic_id — was omitted from Task 3 Step 6
- Finding 2 (Medium): Remove crate::geo::GeoInfo import from endpoints.rs
  rather than replacing it — type is not used by name after the change,
  keeping any import fails clippy -D warnings
- Finding 3 (Low): Replace interactive git add -p in Task 6 with explicit
  file staging instruction
- Open Q1: Add Task 2 step to update stale handle_publisher_request
  signature in auction/README.md
- Open Q2: Add Task 2 step to update from_request doc comment to reflect
  ClientInfo-based TLS detection instead of Fastly SDK calls
@prk-Jr
Broaden two low-severity doc cleanup steps in PR7 plan
986a1b2 
- Step 7: cover all four stale Fastly-SDK-specific locations in
  http_util.rs (SPOOFABLE_FORWARDED_HEADERS doc, RequestInfo struct doc,
  from_request doc, detect_request_scheme doc)
- Step 8: replace the whole routing snippet in auction/README.md, not
  just the one handle_publisher_request line — handle_auction and
  integration_registry.handle_proxy are also stale in that snippet
@prk-Jr
Fix two remaining low findings in PR7 plan
86079c5 
- Add missing Location 2 (RequestInfo.scheme field doc, line ~67) to
  Step 7; renumber subsequent locations 3-5
- Replace &runtime_services with runtime_services in Step 5 and README
  snippet — runtime_services is already &RuntimeServices in route_request
@prk-Jr
Fix count drift in Step 7: four → five locations
a03a765
@prk-Jr
Add client_info field to AuctionContext and fix all construction sites
ac79961
@prk-Jr
Change RequestInfo::from_request to take &ClientInfo, thread services…
b96aec0 
… into handle_publisher_request
@prk-Jr
Add Task 2 follow-up coverage and README route fixes
661e3df
@prk-Jr
Add services param to generate_synthetic_id, remove Fastly IP/geo cal…
774a07f 
…ls in formats and endpoints
@prk-Jr
Revert premature publisher geo change from Task 3
95ce45e
@prk-Jr
Replace deprecated GeoInfo::from_request in publisher.rs with service…
b10dcec 
…s.geo().lookup()
@prk-Jr
Remove Fastly IP extraction from Didomi copy_headers, use ClientInfo …
888170d 
…instead
@prk-Jr
Move IpAddr import to test module level in didomi.rs
f856b68
@prk-Jr
Apply rustfmt formatting to didomi.rs, publisher.rs, and synthetic.rs
eb12522 
Fix multi-line function call style in didomi.rs, line-break wrapping in
publisher.rs test, and import ordering in synthetic.rs test module.
@prk-Jr
Add test coverage for generate_synthetic_id with concrete client IP
7fcb3b4 
Adds noop_services_with_client_ip helper to test_support and a new
test that verifies the client_ip path through generate_synthetic_id
by asserting the HMAC differs when the IP changes.
@prk-Jr
Align geo lookup warn log format with codebase convention ({e} not {e…
1844290 
…:?})
@prk-Jr
Apply Prettier formatting to PR7 plan and spec docs
0132a36
@prk-Jr prk-Jr self-assigned this Mar 31, 2026
@prk-Jr prk-Jr changed the title Extract client IP and TLS info once at adapter boundary Extract client IP and TLS info once at adapter boundary (PR7) Mar 31, 2026
@prk-Jr prk-Jr linked an issue Mar 31, 2026 that may be closed by this pull request
Geo lookup + client info (extract-once) #488
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@prk-Jr prk-Jr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Geo lookup + client info (extract-once)

1 participant

@prk-Jr