[TT-11683]: fixed header forwarding

[kofoworola]

User description

Description

This ticket adds the header forwarding logic fix from this PR to 5.2

TT-11683

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

---

Type

bug_fix, enhancement

---

Description

• Enhanced GraphQL proxy handling with the introduction of GraphQLProxyOnlyContextValues for better context management.
• Added a new function selectContentEncodingToBeUsed to determine the appropriate content encoding based on the Accept-Encoding header.
• Improved header forwarding in GraphQL proxy-only mode, including a new test case to validate this behavior.
• Updated a tracing test scenario for GraphQL to use the POST method.

---

Changes walkthrough

	Relevant files
Enhancement	reverse_proxy.go Enhancements and Fixes in GraphQL Proxy Handling                  gateway/reverse_proxy.go Imported httpclient from graphql-go-tools for handling HTTP client operations. Modified returnErrorsFromUpstream to use GraphQLProxyOnlyContextValues instead of GraphQLProxyOnlyContext. Added selectContentEncodingToBeUsed function to select the appropriate content encoding based on the Accept-Encoding header. Updated various functions to utilize the new GraphQLProxyOnlyContextValues structure for better header management. +35/-3    mw_graphql_transport.go Improved Context Management in GraphQL Transport Middleware gateway/mw_graphql_transport.go Introduced GraphQLProxyOnlyContextValues struct for better management of proxy-only context values. Added functions SetProxyOnlyContextValue and GetProxyOnlyContextValue for setting and retrieving proxy-only context values. Updated handleProxyOnly and setProxyOnlyHeaders to use the new context values structure. +36/-5
Tests	reverse_proxy_test.go New Test for Header Forwarding in GraphQL Proxy-Only Mode gateway/reverse_proxy_test.go Added a new test TestGraphQL_ProxyOnlyPassHeadersWithOTel to ensure headers are correctly passed in proxy-only mode with OpenTelemetry enabled. +38/-0    tyk_test-graphql-tracing-invalid_404.yml Update Tracing Test Scenario for GraphQL                                  ci/tests/tracing/scenarios/tyk_test-graphql-tracing-invalid_404.yml Changed the HTTP method from GET to POST in the tracing test scenario for GraphQL. +1/-1

---

✨ PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

API Changes

--- prev.txt	2024-03-21 15:44:10.141341602 +0000
+++ current.txt	2024-03-21 15:44:06.369322602 +0000
@@ -6546,6 +6546,7 @@
 
 func RevokeAllTokens(storage ExtendedOsinStorageInterface, clientId, clientSecret string) (int, []string, error)
 func RevokeToken(storage ExtendedOsinStorageInterface, token, tokenTypeHint string)
+func SetProxyOnlyContextValue(ctx context.Context, req *http.Request) context.Context
 func Start()
 func TestReq(t testing.TB, method, urlStr string, body interface{}) *http.Request
 func TestReqBody(t testing.TB, body interface{}) io.Reader
@@ -7543,6 +7544,12 @@
 
 func (g *GraphQLProxyOnlyContext) Response() *http.Response
 
+type GraphQLProxyOnlyContextValues struct {
+	// Has unexported fields.
+}
+
+func GetProxyOnlyContextValue(ctx context.Context) *GraphQLProxyOnlyContextValues
+
 type GraphQLRequest struct {
 	Query     string          `json:"query"`
 	Variables json.RawMessage `json:"variables"`

[github-actions]

PR Description updated to latest commit (67be164)

[github-actions]

PR Review

⏱️ Estimated effort to review [1-5]	4, due to the complexity of the changes involving GraphQL proxy handling, content encoding selection, and the integration with OpenTelemetry. The changes span across multiple files and introduce new logic for handling headers and content encoding in a GraphQL context, which requires a careful review to ensure correctness and performance.
🧪 Relevant tests	Yes
🔍 Possible issues	Possible Bug: The selectContentEncodingToBeUsed function returns the first supported encoding or the last value if none are supported. This might not be the intended behavior if the client supports multiple encodings but prefers them in a specific order.
	Performance Concern: The selectContentEncodingToBeUsed function iterates through all accepted encodings for each request. For high-throughput systems, this might introduce unnecessary overhead.
🔒 Security concerns	No

Code feedback:

---

relevant file	gateway/reverse_proxy.go
suggestion	Consider caching the result of selectContentEncodingToBeUsed for repeated headers to improve performance. This can be particularly beneficial for high-traffic environments where the overhead of parsing and selecting encodings for each request can accumulate. [medium]
relevant line	contentEncoding := selectContentEncodingToBeUsed(proxyOnlyCtx.forwardedRequest.Header.Get(httpclient.AcceptEncodingHeader))

---

relevant file	gateway/reverse_proxy.go
suggestion	Validate the acceptedEncoding string in selectContentEncodingToBeUsed to handle potential edge cases, such as empty strings or unsupported encodings, more gracefully. This can prevent unexpected behaviors and improve the robustness of the content encoding selection logic. [important]
relevant line	func selectContentEncodingToBeUsed(acceptedEncoding string) string {

---

relevant file	gateway/mw_graphql_transport.go
suggestion	In SetProxyOnlyContextValue, consider adding a mechanism to update ignoreForwardedHeaders dynamically based on configuration or headers present in the request. This would allow for more flexibility in handling headers that should not be forwarded in proxy-only mode. [medium]
relevant line	ignoreForwardedHeaders: map[string]bool{

---

relevant file	gateway/reverse_proxy_test.go
suggestion	Extend the TestGraphQL_ProxyOnlyPassHeadersWithOTel test case to cover scenarios where OpenTelemetry is disabled, ensuring that the header forwarding logic works as expected in both configurations. This can help catch potential issues related to the integration with OpenTelemetry. [important]
relevant line	func TestGraphQL_ProxyOnlyPassHeadersWithOTel(t *testing.T) {

---

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.
When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

Utilizing extra instructions The review tool can be configured with extra instructions, which can be used to guide the model to a feedback tailored to the needs of your project. Be specific, clear, and concise in the instructions. With extra instructions, you are the prompter. Specify the relevant sub-tool, and the relevant aspects of the PR that you want to emphasize. Examples for extra instructions: [pr_reviewer] # /review # extra_instructions=""" In the 'possible issues' section, emphasize the following: - Does the code logic cover relevant edge cases? - Is the code logic clear and easy to understand? - Is the code logic efficient? ... """ Use triple quotes to write multi-line instructions. Use bullet points to make the instructions more readable.

How to enable\disable automation When you first install PR-Agent app, the default mode for the review tool is: pr_commands = ["/review", ...] meaning the review tool will run automatically on every PR, with the default configuration. Edit this field to enable/disable the tool, or to change the used configurations

Auto-labels The review tool can auto-generate two specific types of labels for a PR: a possible security issue label, that detects possible security issues (enable_review_labels_security flag) a Review effort [1-5]: x label, where x is the estimated effort to review the PR (enable_review_labels_effort flag)

Extra sub-tools The review tool provides a collection of possible feedbacks about a PR. It is recommended to review the possible options, and choose the ones relevant for your use case. Some of the feature that are disabled by default are quite useful, and should be considered for enabling. For example: require_score_review, require_soc2_ticket, require_can_be_split_review, and more.

Auto-approve PRs By invoking: /review auto_approve The tool will automatically approve the PR, and add a comment with the approval. To ensure safety, the auto-approval feature is disabled by default. To enable auto-approval, you need to actively set in a pre-defined configuration file the following: [pr_reviewer] enable_auto_approval = true (this specific flag cannot be set with a command line argument, only in the configuration file, committed to the repository) You can also enable auto-approval only if the PR meets certain requirements, such as that the estimated_review_effort is equal or below a certain threshold, by adjusting the flag: [pr_reviewer] maximal_review_effort = 5

More PR-Agent commands To invoke the PR-Agent, add a comment using one of the following commands: /review: Request a review of your Pull Request. /describe: Update the PR title and description based on the contents of the PR. /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback. /ask <QUESTION>: Ask a question about the PR. /update_changelog: Update the changelog based on the PR's contents. /add_docs 💎: Generate docstring for new components introduced in the PR. /generate_labels 💎: Generate labels for the PR based on the PR's contents. /analyze 💎: Automatically analyzes the PR, and presents changes walkthrough for each component. See the tools guide for more details. To list the possible configuration parameters, add a /config comment.

See the review usage page for a comprehensive guide on using this tool.

[github-actions]

PR Code Suggestions

Category	Suggestions
Best practice	Use a pointer to an unexported context key type to avoid collisions. Using context.WithValue with a basic type as a key is discouraged as it can cause collisions. It's recommended to use a custom type with an unexported context key to avoid collisions. gateway/mw_graphql_transport.go [32] -var graphqlProxyContextInfo = contextKey{} +var graphqlProxyContextInfo = &contextKey{}
Enhancement	Make ignored headers configurable or define them as constants. The ignoreForwardedHeaders map is being statically defined with hardcoded values. Consider making this configurable or at least defining these values as constants to improve maintainability and flexibility. gateway/mw_graphql_transport.go [43-46] -ignoreForwardedHeaders: map[string]bool{ - http.CanonicalHeaderKey("date"): true, - http.CanonicalHeaderKey("content-type"): true, - http.CanonicalHeaderKey("content-length"): true, -} +ignoreForwardedHeaders: defaultIgnoreForwardedHeaders
	Add conditional logic for overwriting the request method in handleProxyOnly. The handleProxyOnly method modifies the request method directly from the forwarded request. This could lead to unexpected behavior if the original request method should be preserved for some reason. Consider adding logic to determine if the method should indeed be overwritten or preserved. gateway/mw_graphql_transport.go [115] -request.Method = proxyOnlyCtx.forwardedRequest.Method +if shouldOverrideRequestMethod { + request.Method = proxyOnlyCtx.forwardedRequest.Method +}
Possible issue	Handle empty acceptedEncoding string in selectContentEncodingToBeUsed. The selectContentEncodingToBeUsed function does not handle the case where the acceptedEncoding string is empty, which could lead to unexpected behavior. It's advisable to add a check for an empty string and return a default or an empty string accordingly. gateway/mw_graphql_transport.go [1212] func selectContentEncodingToBeUsed(acceptedEncoding string) string { + if acceptedEncoding == "" { + return "" + }
Performance	Improve performance by breaking the loop early in setProxyOnlyHeaders. The setProxyOnlyHeaders function continues to iterate through all headers even after finding a match in the ignoreForwardedHeaders map. Using a break statement after finding a match can improve performance by exiting the loop early. gateway/mw_graphql_transport.go [149-150] for forwardedHeaderKey, forwardedHeaderValues := range proxyOnlyCtx.forwardedRequest.Header { if proxyOnlyCtx.ignoreForwardedHeaders[forwardedHeaderKey] { - continue + break

---

✨ Improve tool usage guide:

---

Overview:
The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.
When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

/improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

With a configuration file, use the following template:

[pr_code_suggestions]
some_config1=...
some_config2=...

Enabling\disabling automation When you first install the app, the default mode for the improve tool is: pr_commands = ["/improve --pr_code_suggestions.summarize=true", ...] meaning the improve tool will run automatically on every PR, with summarization enabled. Delete this line to disable the tool from running automatically.

Utilizing extra instructions Extra instructions are very important for the improve tool, since they enable to guide the model to suggestions that are more relevant to the specific needs of the project. Be specific, clear, and concise in the instructions. With extra instructions, you are the prompter. Specify relevant aspects that you want the model to focus on. Examples for extra instructions: [pr_code_suggestions] # /improve # extra_instructions=""" Emphasize the following aspects: - Does the code logic cover relevant edge cases? - Is the code logic clear and easy to understand? - Is the code logic efficient? ... """ Use triple quotes to write multi-line instructions. Use bullet points to make the instructions more readable.

A note on code suggestions quality While the current AI for code is getting better and better (GPT-4), it's not flawless. Not all the suggestions will be perfect, and a user should not accept all of them automatically. Suggestions are not meant to be simplistic. Instead, they aim to give deep feedback and raise questions, ideas and thoughts to the user, who can then use his judgment, experience, and understanding of the code base. Recommended to use the 'extra_instructions' field to guide the model to suggestions that are more relevant to the specific needs of the project, or use the custom suggestions 💎 tool With large PRs, best quality will be obtained by using 'improve --extended' mode.

More PR-Agent commands To invoke the PR-Agent, add a comment using one of the following commands: /review: Request a review of your Pull Request. /describe: Update the PR title and description based on the contents of the PR. /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback. /ask <QUESTION>: Ask a question about the PR. /update_changelog: Update the changelog based on the PR's contents. /add_docs 💎: Generate docstring for new components introduced in the PR. /generate_labels 💎: Generate labels for the PR based on the PR's contents. /analyze 💎: Automatically analyzes the PR, and presents changes walkthrough for each component. See the tools guide for more details. To list the possible configuration parameters, add a /config comment.

See the improve usage page for a more comprehensive guide on using this tool.

[github-actions]

💥 CI tests failed 🙈

git-state

diff --git a/gateway/reverse_proxy.go b/gateway/reverse_proxy.go
index c2cb7c1..fcf7fac 100644
--- a/gateway/reverse_proxy.go
+++ b/gateway/reverse_proxy.go
@@ -18,7 +18,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"github.com/TykTechnologies/graphql-go-tools/pkg/engine/datasource/httpclient"
 	"io"
 	"io/ioutil"
 	"net"
@@ -29,6 +28,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/TykTechnologies/graphql-go-tools/pkg/engine/datasource/httpclient"
+
 	"github.com/buger/jsonparser"
 
 	"github.com/gorilla/websocket"

Please look at the run or in the Checks tab.

[github-actions]

💥 CI tests failed 🙈

git-state

all ok

Please look at the run or in the Checks tab.

[buger]

API tests result: failure 🚫
Branch used: refs/pull/6174/merge
Commit:
Triggered by: pull_request (@kofoworola)
Execution page

[buger]

API tests result: failure 🚫
Branch used: refs/pull/6174/merge
Commit: 2b08d90
Triggered by: pull_request (@kofoworola)
Execution page

[buger]

API tests result: failure 🚫
Branch used: refs/pull/6174/merge
Commit: c4ccee0
Triggered by: pull_request (@kofoworola)
Execution page

[sonarcloud]

Quality Gate failed

Failed conditions
65.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

[buger]

API tests result: failure 🚫
Branch used: refs/pull/6174/merge
Commit: 1a71d36
Triggered by: pull_request (@kofoworola)
Execution page

[kofoworola]

/release to release-5-lts

[tykbot]

Working on it! Note that it can take a few minutes.

[tykbot]

@kofoworola Succesfully merged PR