2.8 KiB
2.8 KiB
HTTP-Transport-Only Plugin Example
This example demonstrates a plugin that only implements the HTTPTransportPlugin interface for HTTP-layer request/response interception.
Features
-
HTTPTransportPreHook: Intercepts HTTP requests before they enter Bifrost core
- Authentication validation
- Rate limiting (in-memory, per API key)
- Request validation (size limits)
- Custom header injection
- Request short-circuiting for auth failures
-
HTTPTransportPostHook: Intercepts HTTP responses after Bifrost core processing
- CORS header injection
- Security headers
- Request duration tracking
- Error response enrichment
- Response logging
Use Cases
-
Security
- Authentication/Authorization
- API key validation
- Request sanitization
-
Rate Limiting
- Per-user limits
- Per-endpoint limits
- Burst protection
-
Observability
- Request/response logging
- Performance monitoring
- Access tracking
-
Compliance
- CORS enforcement
- Security headers
- Request/response auditing
Building
make build
This creates build/http-transport-only.so
Configuration
Add to your Bifrost config:
{
"plugins": [
{
"path": "/path/to/http-transport-only.so",
"name": "http-transport-only",
"display_name": "Security & Rate Limiting",
"enabled": true,
"type": "http_transport",
"config": {
"require_auth": true,
"rate_limit": 100,
"rate_window": 60,
"max_body_size": 1048576
}
}
]
}
Note:
nameis the system identifier (fromGetName()) and is not editabledisplay_nameis shown in the UI and is editable by users
Configuration Options
| Option | Type | Default | Description |
|---|---|---|---|
require_auth |
boolean | true |
Enable/disable authentication header enforcement |
rate_limit |
integer | 10 |
Maximum requests per window (0 = unlimited) |
rate_window |
integer | 60 |
Rate limit window in seconds |
max_body_size |
integer | 1048576 |
Maximum request body size in bytes (0 = unlimited) |
Example Configurations
Disable authentication:
{
"config": {
"require_auth": false,
"rate_limit": 1000
}
}
Unlimited rate limiting:
{
"config": {
"require_auth": true,
"rate_limit": 0
}
}
Strict limits:
{
"config": {
"require_auth": true,
"rate_limit": 10,
"rate_window": 60,
"max_body_size": 512000
}
}
Notes
- This plugin operates at the HTTP transport layer only
- Works only when using bifrost-http, not when using Bifrost as a Go SDK
- Rate limiter is in-memory (resets on restart)
- For production, consider using Redis for distributed rate limiting