[Dev process violation] How to configure routing through a proxy server?

[SF-LI]

Hello,
I attempted to implement request forwarding to a proxy server in my API Gateway. Despite reading the documentation and searching the internet for solutions, I found nothing helpful.

During my documentation review, I discovered the option of using a DelegatingHandler. Since I only need a proxy server for specific routes, this seemed practical. I created a ProxyHandler (DelegatingHandler) that sends requests via a new HTTP client with a designated proxy server. This appeared to be the only entry point for setting a proxy server on the HTTP-Client.

However, during testing, I encountered an exception:

Error Code: UnableToCompleteRequestError Message: Error making http request, exception: System.InvalidOperationException:
The request message was already sent. Cannot send the same request message multiple times.

To address this issue, I consulted ChatGPT, which provided a solution. However, I'm not entirely satisfied with it and still have some doubts. ChatGPT suggested cloning the request beforehand to resolve the problem.

I'm unsure if this is the best way to define a proxy server. I would like to know if such an approach is viable and if there are potential vulnerabilities or risks that I should be aware of.

Sourcode:

/// <summary>
/// Used to utilize a configured proxy server when sending a request.
/// </summary>
public class ProxyHandler : DelegatingHandler
{   
    /// <summary>
    /// Sends the request using the proxy server configured in appsettings.json.
    /// </summary>
    /// <param name="request">The HTTP request message being processed (Request)</param>
    /// <param name="cancellationToken">Used to cancel an asynchronous operation</param>
    /// <returns>HTTP response message</returns>
    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        string proxyUrl = "http://127.0.0.1:8080";
        string proxyUser = "";
        string proxyPassword = "";
        
        var httpClientHandler = new HttpClientHandler()
        {
            Proxy = new WebProxy()
            {
                Address = new Uri(proxyUrl),
                BypassProxyOnLocal = false,
                UseDefaultCredentials = false,
                Credentials = string.IsNullOrEmpty(proxyUser) ? null : new NetworkCredential(proxyUser, proxyPassword)
            }
        };

        //! Only for test purposes!
        //  Bypass certificate validation (Accept any server certificate)
        httpClientHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
        
        //TODO: Adding getting HTTP-Client using factory...
        using (var httpClient = new HttpClient(httpClientHandler))
        {
            // Clone the request to avoid the "already sent" issue.
            var clonedRequest = await CloneHttpRequestMessage(request);
            
            return await httpClient.SendAsync(clonedRequest, cancellationToken);
        }
    }

    private async Task<HttpRequestMessage> CloneHttpRequestMessage(HttpRequestMessage request)
    {
        // Create a new HttpRequestMessage object with the same method and URI as the original message object.
        var clonedRequest = new HttpRequestMessage(request.Method, request.RequestUri);

        // Copy the header from the original message object to the cloned object.
        foreach (var header in request.Headers)
        {
            clonedRequest.Headers.TryAddWithoutValidation(header.Key, header.Value);
        }

        if (request.Content != null)
        {
            // Create a new StreamContent object and copy the content from the original message object.
            clonedRequest.Content = new StreamContent(await request.Content.ReadAsStreamAsync());

            // Copy the headers of the content (Content Headers) to the cloned Content object.
            if (request.Content.Headers != null)
            {
                foreach (var header in request.Content.Headers)
                {
                    clonedRequest.Content.Headers.TryAddWithoutValidation(header.Key, header.Value);
                }
            }
        }

        return clonedRequest;
    }
}

[raman-m]

Hi Wilko!

However, during testing, I encountered an exception:

Error Code: `UnableToCompleteRequestError` Message: Error making http request, exception: System.InvalidOperationException:
The request message was already sent. Cannot send the same request message multiple times.

Well... This is very common error being processed and caught by HttpExceptionToErrorMapper | Line 34
So, actual reason is: System.InvalidOperationException: The request message was already sent. Cannot send the same request message multiple times.
Probably, it is caused by additional creation of additional request by this method:

private async Task<HttpRequestMessage> CloneHttpRequestMessage(HttpRequestMessage request)
{ }

I don't understand why do you create this extra request?

[raman-m]

To address this issue, I consulted ChatGPT, which provided a solution. However, I'm not entirely satisfied with it and still have some doubts. ChatGPT suggested cloning the request beforehand to resolve the problem.

Do you really consult ChatGPT in development? Come on!
I wish you, Good luck!

[raman-m]

I'm unsure if this is the best way to define a proxy server. I would like to know if such an approach is viable and if there are potential vulnerabilities or risks that I should be aware of.

You use ChatGPT for consultancy and now you are asking Ocelot development team, and worrying about vulnerabilities etc.?
Are you seriously doing this?

I have a couple of direct questions for you

• Your account is closed. It has private project(s), probably... Do you really contribute to open source projects? Show us at least one example please!
• Your repos are empty. It seems you are not contributor to open source at all... At least on GitHub. You haven't even forked Ocelot repo to your account! You haven't even forked other repos to your account! You don't have any public repos...

Taking all these facts into account, I would say that you don't follow Ocelot's development process.
Sorry, we cannot help you!
Sorry, we cannot answer your questions!
The reason: You are not open source contributor.

@ggnaegi @RaynaldM @ks1990cn
FYI All such inquiries from ghost accounts will be closed! They violate our development process which mentioned on the Welcome page of Ocelot docs. Please inform me about such cases via mentioning me in CC!
I'm going to pin this Q&A topic to get the attention of our community.
Please reply in this thread with what you understand, like: "Got it!"

[RaynaldM]

Ok for me

[ks1990cn]

Sure

[raman-m]

@ggnaegi Gui, what about you?

[ggnaegi]

@ggnaegi Gui, what about you?

@raman-m yes sure