diff --git a/docker/gateway/src/gateway-api.ts b/docker/gateway/src/gateway-api.ts index 053f7133..4fdb93bc 100644 --- a/docker/gateway/src/gateway-api.ts +++ b/docker/gateway/src/gateway-api.ts @@ -1,6 +1,6 @@ /* jshint node: true */ import express from 'express' -import { createProxyMiddleware } from 'http-proxy-middleware' +import { createProxyMiddleware, responseInterceptor } from 'http-proxy-middleware' import helmet from 'helmet' import methodOverride from 'method-override' import cors from 'cors' @@ -11,6 +11,7 @@ import { logger, expressLogger } from './logger' import { proxyMasterGuard } from './master-guard' import { proxyJolokiaAgent } from './jolokia-agent' import { GatewayOptions } from './globals' +import { maskIPAddresses } from './utils' const environment = process.env.NODE_ENV || 'development' const port = process.env.HAWTIO_ONLINE_GATEWAY_APP_PORT || 3000 @@ -114,6 +115,10 @@ gatewayServer.use( changeOrigin: false, ws: true, secure: false, + /** + * IMPORTANT: avoid res.end being called automatically + **/ + selfHandleResponse: true, pathFilter: (path, _) => { const result = proxyMasterGuard('/master' + path) @@ -123,6 +128,16 @@ gatewayServer.use( pathRewrite: (path, _) => { return path.replace('/master', '') }, + + /** + * Intercept response + **/ + on: { + proxyRes: responseInterceptor(async (responseBuffer, proxyRes, req, res) => { + const jsonStr = responseBuffer.toString('utf8') + return maskIPAddresses(jsonStr) + }), + }, }), ) diff --git a/docker/gateway/src/jolokia-agent/jolokia-agent.ts b/docker/gateway/src/jolokia-agent/jolokia-agent.ts index 4d0e94b1..fceaa89d 100644 --- a/docker/gateway/src/jolokia-agent/jolokia-agent.ts +++ b/docker/gateway/src/jolokia-agent/jolokia-agent.ts @@ -5,7 +5,7 @@ import * as fs from 'fs' import { JolokiaRequest as MBeanRequest } from 'jolokia.js' import { logger } from '../logger' import { GatewayOptions } from '../globals' -import { isObject, isError } from '../utils' +import { isObject, isError, maskIPAddresses } from '../utils' import { AgentInfo, InterceptedResponse, @@ -62,7 +62,9 @@ function response(agentInfo: AgentInfo, res: SimpleResponse) { */ agentInfo.response.setHeader('content-type', 'application/json') - agentInfo.response.status(res.status).send(res.body) + const maskedResponse = maskIPAddresses(res.body) + + agentInfo.response.status(res.status).send(maskedResponse) } function reject(status: number, body: Record): Promise { diff --git a/docker/gateway/src/utils.ts b/docker/gateway/src/utils.ts index 1222ce32..53169e60 100644 --- a/docker/gateway/src/utils.ts +++ b/docker/gateway/src/utils.ts @@ -31,3 +31,15 @@ export function toStringArray(value: unknown): string[] { export function isError(obj: unknown): obj is Error { return obj instanceof Error } + +// IP Address Regex Matcher +const ipPattern = + /\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/gm + +export function maskIPAddresses(obj: string | object): string { + let jsonStr + if (isObject(obj)) jsonStr = JSON.stringify(obj) + else jsonStr = obj + + return jsonStr.replaceAll(ipPattern, '') +}