Files
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00
..
2026-04-26 21:52:23 +03:00
2026-04-26 21:52:23 +03:00
2026-04-26 21:52:23 +03:00
2026-04-26 21:52:23 +03:00
2026-04-26 21:52:23 +03:00

HTTP-Transport-Only Plugin Example

This example demonstrates a plugin that only implements the HTTPTransportPlugin interface for HTTP-layer request/response interception.

Features

  • HTTPTransportPreHook: Intercepts HTTP requests before they enter Bifrost core

    • Authentication validation
    • Rate limiting (in-memory, per API key)
    • Request validation (size limits)
    • Custom header injection
    • Request short-circuiting for auth failures
  • HTTPTransportPostHook: Intercepts HTTP responses after Bifrost core processing

    • CORS header injection
    • Security headers
    • Request duration tracking
    • Error response enrichment
    • Response logging

Use Cases

  • Security

    • Authentication/Authorization
    • API key validation
    • Request sanitization
  • Rate Limiting

    • Per-user limits
    • Per-endpoint limits
    • Burst protection
  • Observability

    • Request/response logging
    • Performance monitoring
    • Access tracking
  • Compliance

    • CORS enforcement
    • Security headers
    • Request/response auditing

Building

make build

This creates build/http-transport-only.so

Configuration

Add to your Bifrost config:

{
  "plugins": [
    {
      "path": "/path/to/http-transport-only.so",
      "name": "http-transport-only",
      "display_name": "Security & Rate Limiting",
      "enabled": true,
      "type": "http_transport",
      "config": {
        "require_auth": true,
        "rate_limit": 100,
        "rate_window": 60,
        "max_body_size": 1048576
      }
    }
  ]
}

Note:

  • name is the system identifier (from GetName()) and is not editable
  • display_name is shown in the UI and is editable by users

Configuration Options

Option Type Default Description
require_auth boolean true Enable/disable authentication header enforcement
rate_limit integer 10 Maximum requests per window (0 = unlimited)
rate_window integer 60 Rate limit window in seconds
max_body_size integer 1048576 Maximum request body size in bytes (0 = unlimited)

Example Configurations

Disable authentication:

{
  "config": {
    "require_auth": false,
    "rate_limit": 1000
  }
}

Unlimited rate limiting:

{
  "config": {
    "require_auth": true,
    "rate_limit": 0
  }
}

Strict limits:

{
  "config": {
    "require_auth": true,
    "rate_limit": 10,
    "rate_window": 60,
    "max_body_size": 512000
  }
}

Notes

  • This plugin operates at the HTTP transport layer only
  • Works only when using bifrost-http, not when using Bifrost as a Go SDK
  • Rate limiter is in-memory (resets on restart)
  • For production, consider using Redis for distributed rate limiting