feat(proxy): add support to pass proxy bypass urls from configs (#5322)

2025-11-02 04:04:43 +08:00 · 2024-07-15 18:26:10 +05:30
parent da1f604bb8
commit 61b3aef661
8 changed files with 83 additions and 72 deletions
--- a/config/config.example.toml
+++ b/config/config.example.toml
@ -26,6 +26,7 @@ certificate = "/path/to/certificate.pem"
 # http_url = "http proxy url"   # Proxy all HTTP traffic via this proxy
 # https_url = "https proxy url" # Proxy all HTTPS traffic via this proxy
 idle_pool_connection_timeout = 90 # Timeout for idle pool connections (defaults to 90s)
+bypass_proxy_urls = []            # A list of URLs that should bypass the proxy


 # Configuration for the Key Manager Service
--- a/config/deployments/env_specific.toml
+++ b/config/deployments/env_specific.toml
@ -190,6 +190,7 @@ redis_expiry = 900          # Redis expiry time in milliseconds
 [proxy]
 http_url = "http://proxy_http_url"    # Outgoing proxy http URL to proxy the HTTP traffic
 https_url = "https://proxy_https_url" # Outgoing proxy https URL to proxy the HTTPS traffic
+bypass_proxy_urls = []                # A list of URLs that should bypass the proxy

 # Redis credentials
 [redis]
--- a/crates/router/src/bin/scheduler.rs
+++ b/crates/router/src/bin/scheduler.rs
@ -38,7 +38,7 @@ async fn main() -> CustomResult<(), ProcessTrackerError> {
    let api_client = Box::new(
        services::ProxyClient::new(
            conf.proxy.clone(),
-            services::proxy_bypass_urls(&conf.locker),
+            services::proxy_bypass_urls(&conf.locker, &conf.proxy.bypass_proxy_urls),
        )
        .change_context(ProcessTrackerError::ConfigurationError)?,
    );
--- a/crates/router/src/configs/defaults.rs
+++ b/crates/router/src/configs/defaults.rs
@ -55,6 +55,7 @@ impl Default for super::settings::Proxy {
            http_url: Default::default(),
            https_url: Default::default(),
            idle_pool_connection_timeout: Some(90),
+            bypass_proxy_urls: Vec::new(),
        }
    }
 }
--- a/crates/router/src/configs/settings.rs
+++ b/crates/router/src/configs/settings.rs
@ -582,6 +582,7 @@ pub struct Proxy {
    pub http_url: Option<String>,
    pub https_url: Option<String>,
    pub idle_pool_connection_timeout: Option<u64>,
+    pub bypass_proxy_urls: Vec<String>,
 }

 #[derive(Debug, Deserialize, Clone)]
@ -734,6 +735,7 @@ impl Settings<SecuredSecret> {
                    .with_list_parse_key("log.telemetry.route_to_trace")
                    .with_list_parse_key("redis.cluster_urls")
                    .with_list_parse_key("events.kafka.brokers")
+                    .with_list_parse_key("proxy.bypass_proxy_urls")
                    .with_list_parse_key("connectors.supported.wallets")
                    .with_list_parse_key("connector_request_reference_id_config.merchant_ids_send_payment_id_as_connector_request_id"),

--- a/crates/router/src/lib.rs
+++ b/crates/router/src/lib.rs
@ -192,7 +192,7 @@ pub async fn start_server(conf: settings::Settings<SecuredSecret>) -> Applicatio
    let api_client = Box::new(
        services::ProxyClient::new(
            conf.proxy.clone(),
-            services::proxy_bypass_urls(&conf.locker),
+            services::proxy_bypass_urls(&conf.locker, &conf.proxy.bypass_proxy_urls),
        )
        .map_err(|error| {
            errors::ApplicationError::ApiClientError(error.current_context().clone())
--- a/crates/router/src/services/api.rs
+++ b/crates/router/src/services/api.rs
@ -473,9 +473,12 @@ pub async fn send_request(
    let should_bypass_proxy = url
        .as_str()
        .starts_with(&state.conf.connectors.dummyconnector.base_url)
-        || proxy_bypass_urls(&state.conf.locker).contains(&url.to_string());
+        || proxy_bypass_urls(&state.conf.locker, &state.conf.proxy.bypass_proxy_urls)
+            .contains(&url.to_string());
    #[cfg(not(feature = "dummy_connector"))]
-    let should_bypass_proxy = proxy_bypass_urls(&state.conf.locker).contains(&url.to_string());
+    let should_bypass_proxy =
+        proxy_bypass_urls(&state.conf.locker, &state.conf.proxy.bypass_proxy_urls)
+            .contains(&url.to_string());
    let client = client::create_client(
        &state.conf.proxy,
        should_bypass_proxy,
--- a/crates/router/src/services/api/client.rs
+++ b/crates/router/src/services/api/client.rs
@ -110,10 +110,11 @@ pub fn create_client(
    }
 }

-pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
+pub fn proxy_bypass_urls(locker: &Locker, config_whitelist: &[String]) -> Vec<String> {
    let locker_host = locker.host.to_owned();
    let locker_host_rs = locker.host_rs.to_owned();
-    vec![
+
+    let proxy_list = [
        format!("{locker_host}/cards/add"),
        format!("{locker_host}/cards/fingerprint"),
        format!("{locker_host}/cards/retrieve"),
@ -125,7 +126,9 @@ pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
        format!("{locker_host}/card/addCard"),
        format!("{locker_host}/card/getCard"),
        format!("{locker_host}/card/deleteCard"),
-    ]
+    ];
+
+    [&proxy_list, config_whitelist].concat().to_vec()
 }

 pub trait RequestBuilder: Send + Sync {