fix(exclude): get scheme to parse url, more debug logs and yaml fmt

README.md

@@ -99,7 +99,7 @@ The plugin is configured via the `envoy.yaml`-file. The following configuration
 | `reload_interval_in_hours` | `u64` | The interval in hours, after which the OIDC configuration is reloaded. | `24` | ✅ |
 | `exclude_hosts` | `Vec<Regex>` | A comma separated list Hosts (in Regex expressions), that are excluded from the filter. | `["localhost:10000"]` | ❌ |
 | `exclude_paths` | `Vec<Regex>` | A comma separated list of paths (in Regex expressions), that are excluded from the filter. | `["/health"]` | ❌ |
-| `exclude_urls` | `Vec<Regex>` | A comma separated list of URLs (in Regex expressions), that are excluded from the filter. | `["localhost:10000/health"]` | ❌ |
+| `exclude_urls` | `Vec<Regex>` | A comma separated list of URLs (in Regex expressions), that are excluded from the filter. | `["http://localhost:10000/health"]` | ❌ |
 | `access_token_header_name` | `string` | If set, this name will be used to forward the access token to the backend. | `X-Access-Token` | ❌ |
 | `access_token_header_prefix` | `string` | The prefix of the header, that is used to forward the access token, if empty "" is used. | `Bearer ` | ❌ |
 | `id_token_header_name` | `string` | If set, this name will be used to forward the id token to the backend. | `X-Id-Token` | ❌ |

demo/configmap.yml

@@ -44,9 +44,12 @@ data:
                               config_endpoint: "https://demo-wasm-oidc-plugin.eu.auth0.com/.well-known/openid-configuration"
                               reload_interval_in_h: 1 # in hours
 
-                              exclude_hosts: [] # or ["httpbin.org"]
-                              exclude_paths: [] # or ["/favicon.ico"]
-                              exclude_urls: [] # or ["http://localhost:10000/#/HTTP_Methods/get_get"]
+                              exclude_hosts:
+                                # - "httpbin.org"
+                              exclude_paths:
+                                # - "/favicon.ico"
+                              exclude_urls:
+                                # - https://httpbin.org/favicon.ico
 
                               access_token_header_name: # or "Authorization"
                               access_token_header_prefix: "Bearer "

envoy.yaml

@@ -34,9 +34,12 @@ static_resources:
                           config_endpoint: "https://accounts.google.com/.well-known/openid-configuration"
                           reload_interval_in_h: 1 # in hours
 
-                          exclude_hosts: [] # or ["httpbin.org"]
-                          exclude_paths: [] # or ["/favicon.ico"]
-                          exclude_urls: [] # or ["http://localhost:10000/#/HTTP_Methods/get_get"]
+                          exclude_hosts:
+                            # - "httpbin.org"
+                          exclude_paths:
+                            # - "/favicon.ico"
+                          exclude_urls:
+                            # - https://httpbin.org/favicon.ico
 
                           access_token_header_name: # or "Authorization"
                           access_token_header_prefix: "Bearer "

k8s/configmap.yml

@@ -45,9 +45,12 @@ data:
                               config_endpoint: "https://accounts.google.com/.well-known/openid-configuration"
                               reload_interval_in_h: 1 # in hours
 
-                              exclude_hosts: [] # or ["httpbin.org"]
-                              exclude_paths: [] # or ["/favicon.ico"]
-                              exclude_urls: [] # or ["http://localhost:10000/#/HTTP_Methods/get_get"]
+                              exclude_hosts:
+                                # - "httpbin.org"
+                              exclude_paths:
+                                # - "/favicon.ico"
+                              exclude_urls:
+                                # - https://httpbin.org/favicon.ico
 
                               access_token_header_name: # or "Authorization"
                               access_token_header_prefix: "Bearer "

src/lib.rs

@@ -108,16 +108,23 @@ struct ConfiguredOidc {
 impl HttpContext for ConfiguredOidc {
     /// This function is called when the request headers are received.
     fn on_http_request_headers(&mut self, _: usize, _: bool) -> Action {
-        // Check if the host regex matches one of the exclude hosts. If so, forward the request.
+        // Get the host, path and scheme from the request headers
         let host = self.get_host().unwrap_or_default();
+        debug!("host: {}", host);
         let path = self.get_http_request_header(":path").unwrap_or_default();
+        debug!("path: {}", path);
+        let scheme = self
+            .get_http_request_header(":scheme")
+            .unwrap_or("http".to_string());
+        debug!("scheme: {}", scheme);
 
         // Health check
         if path == "/plugin-health" {
             self.send_http_response(200, vec![], Some(b"OK"));
             return Action::Pause;
         }
 
+        // If the host is one of the exclude hosts, forward the request
         if self
             .plugin_config
             .exclude_hosts
@@ -141,8 +148,11 @@ impl HttpContext for ConfiguredOidc {
             return Action::Continue;
         }
 
-        let url = Url::parse(&format!("{}{}", host, path))
+        // Parse the URL and check if it is excluded
+        let url = Url::parse(&format!("{}://{}{}", scheme, host, path))
             .unwrap_or(Url::parse("http://example.com").unwrap());
+        debug!("url: {}", url);
+
         if self
             .plugin_config
             .exclude_urls
@@ -154,6 +164,7 @@ impl HttpContext for ConfiguredOidc {
             return Action::Continue;
         }
 
+        // If the request is for the OIDC callback, e.g the code is returned, this filter
         // exchanges the code for a token. The response is caught in on_http_call_response.
         // If the dispatch fails, a 503 is returned.
         if path.starts_with(self.plugin_config.redirect_uri.path()) {