• This repository has been archived on 19/Nov/2023
  • Stars
    star
    2,733
  • Rank 16,663 (Top 0.4 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created over 9 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hackable HTTP proxy for resiliency testing and simulated network conditions

toxy Build Status Code Climate NPM js-standard-style

Not actively maintained, may not work with latest node.js runtimes. If you are interested in maintaining toxy, please open an issue.

Hackable HTTP proxy to simulate server failure scenarios, systems resiliency testing and unexpected network conditions, built for node.js.

It was mainly designed for failure resistance testing, when toxy becomes particularly useful in order to cover fault tolerance and resiliency capabilities of a system, especially in disruption-tolerant networks and service-oriented architectures, where toxy may act as MitM proxy among services in order to inject failure.

toxy allows you to plug in poisons, optionally filtered by rules, which essentially can intercept and alter the HTTP flow as you need, performing multiple evil actions in the middle of that process, such as limiting the bandwidth, delaying network packets, injecting network jitter latency or replying with a custom error or status code. It primarily operates at L7, although it can simulate L3 network conditions.

toxy can be fluently used programmatically or via HTTP API. It was built on top of rocky, a full-featured middleware-oriented HTTP proxy, and it's also pluggable in connect/express as standard middleware.

Requires node.js +4.

Contents

Features

  • Full-featured HTTP/S proxy (backed by rocky and http-proxy)
  • Hackable and elegant programmatic API (inspired on connect/express)
  • Admin HTTP API for external management and dynamic configuration
  • Featured built-in router with nested configuration
  • Hierarchical and composable poisoning with rule based filtering
  • Hierarchical middleware layer (both global and route scopes)
  • Easily augmentable via middleware (based on connect/express middleware)
  • Supports both incoming and outgoing traffic poisoning
  • Built-in poisons (bandwidth, error, abort, latency, slow read...)
  • Rule-based poisoning (probabilistic, HTTP method, headers, body...)
  • Supports third-party poisons and rules
  • Built-in balancer and traffic interceptor via middleware
  • Inherits API and features from rocky
  • Compatible with connect/express (and most of their middleware)
  • Able to run as standalone HTTP proxy

Introduction

Why toxy?

There're some other similar solutions like toxy in the market, but most of them do not provide a proper programmatic control and usually are not easy to hack, configure or are directly closed to extensibility.

Furthermore, the majority of those solutions only operates at TCP L3 level stack instead of providing high-level abstractions to cover common requirements in the specific domain and nature of the HTTP L7 protocol, like toxy tries to provide

toxy brings a powerful hackable and extensible solution with a convenient abstraction, but without losing a proper low-level interface capabilities to deal with HTTP protocol primitives easily.

toxy was designed based on the rules of composition, simplicity and extensibility. Via its built-in hierarchical domain specific middleware layer you can easily augment toxy features to your own needs.

Concepts

toxy introduces two directives: poisons and rules.

Poisons are the specific logic which infects an incoming or outgoing HTTP transaction (e.g: injecting a latency, replying with an error). One HTTP transaction can be poisoned by one or multiple poisons, and those poisons can be also configured to infect both global or route level traffic.

Rules are a kind of match validation filters that inspects an HTTP request/response in order to determine, given a certain rules, if the HTTP transaction should be poisoned or not (e.g: if headers matches, query params, method, body...). Rules can be reused and applied to both incoming and outgoing traffic flows, including different scopes: global, route or poison level.

How it works

↓  ( Incoming request )  ↓
↓          |||           ↓
↓    +-------------+     ↓
↓    | Toxy Router |     ↓ -> Match the incoming request
↓    +-------------+     ↓
↓          |||           ↓
↓ +--------------------+ ↓
↓ |   Incoming phase   | ↓ -> The proxy receives the request from the client
↓ |~~~~~~~~~~~~~~~~~~~~| ↓
↓ |  ----------------  | ↓
↓ |  |  Exec Rules  |  | ↓ -> Apply configured rules for the incoming request
↓ |  ----------------  | ↓
↓ |        |||         | ↓
↓ |  ----------------  | ↓
↓ |  | Exec Poisons |  | ↓ -> If all rules passed, then poison the HTTP flow
↓ |  ----------------  | ↓
↓ +~~~~~~~~~~~~~~~~~~~~+ ↓
↓        /      \        ↓
↓        \      /        ↓
↓ +--------------------+ ↓
↓ |  HTTP dispatcher   | ↓ -> Forward the HTTP traffic to the target server, either poisoned or not
↓ +--------------------+ ↓
↓        /      \        ↓
↓        \      /        ↓
↓ +--------------------+ ↓
↓ |   Outgoing phase   | ↓ -> Receives response from target server
↓ |~~~~~~~~~~~~~~~~~~~~| ↓
↓ |  ----------------  | ↓
↓ |  |  Exec Rules  |  | ↓ -> Apply configured rules for the outgoing request
↓ |  ----------------  | ↓
↓ |        |||         | ↓
↓ |  ----------------  | ↓
↓ |  | Exec Poisons |  | ↓ -> If all rules passed, then poison the HTTP flow before send it to the client
↓ |  ----------------  | ↓
↓ +~~~~~~~~~~~~~~~~~~~~+ ↓
↓          |||           ↓
↓ ( Send to the client ) ↓ -> Finally, send the request to the client, either poisoned or not

Usage

Installation

npm install toxy

Examples

See examples directory for more use cases.

var toxy = require('toxy')
var poisons = toxy.poisons
var rules = toxy.rules

// Create a new toxy proxy
var proxy = toxy()

// Default server to forward incoming traffic
proxy
  .forward('http://httpbin.org')

// Register global poisons and rules
proxy
  .poison(poisons.latency({ jitter: 500 }))
  .rule(rules.probability(25))

// Register multiple routes
proxy
  .get('/download/*')
  .forward('http://files.myserver.net')
  .poison(poisons.bandwidth({ bps: 1024 }))
  .withRule(rules.headers({'Authorization': /^Bearer (.*)$/i }))

// Infect outgoing traffic only (after the server replied properly)
proxy
  .get('/image/*')
  .outgoingPoison(poisons.bandwidth({ bps: 512 }))
  .withRule(rules.method('GET'))
  .withRule(rules.timeThreshold({ duration: 1000, threshold: 1000 * 10 }))
  .withRule(rules.responseStatus({ range: [ 200, 400 ] }))

proxy
  .all('/api/*')
  .poison(poisons.rateLimit({ limit: 10, threshold: 1000 }))
  .withRule(rules.method(['POST', 'PUT', 'DELETE']))
  // And use a different more permissive poison for GET requests
  .poison(poisons.rateLimit({ limit: 50, threshold: 1000 }))
  .withRule(rules.method('GET'))

// Handle the rest of the traffic
proxy
  .all('/*')
  .poison(poisons.slowClose({ delay: 1000 }))
  .poison(poisons.slowRead({ bps: 128 }))
  .withRule(rules.probability(50))

proxy.listen(3000)
console.log('Server listening on port:', 3000)
console.log('Test it:', 'http://localhost:3000/image/jpeg')

Benchmark

See toxy/benchmark for details.

Poisons

Poisons host specific logic which intercepts and mutates, wraps, modify and/or cancel an HTTP transaction in the proxy server. Poisons can be applied to incoming or outgoing, or even both traffic flows (see poison phases).

Poisons can be composed and reused for different HTTP scenarios. They are executed in FIFO order and asynchronously.

Poisoning scopes

toxy has a hierarchical design based on two different scopes: global and route.

Global scope points to all the incoming HTTP traffic received by the proxy server, regardless of the HTTP method or path.

Route scope points to any incoming traffic which matches with a specific HTTP verb and URI path.

Poisons can be plugged to both scopes, meaning you can operate with better accuracy and restrict the scope of the poisoning, for instance, you might wanna apply a bandwidth limit poisoning only to a certain routes, such as /download or /images.

See routes.js for a featured example.

Poisoning phases

Poisons can be plugged to incoming or outgoing traffic flows, or even both.

Incoming poisoning is applied when the traffic has been received by proxy but it has not been forwarded to the target server yet.

Outgoing poisoning refers to the traffic that has been forwarded to the target server and when proxy receives the response from it, but that response has not been sent to the client yet.

This means, essentially, that you can plug in your poisons to infect the HTTP traffic before or after the request is forwarded to the target HTTP server or sent to the client.

This allows you apply a better and more accurated poisoning based on the request or server response. For instance, given the nature of some poisons, like inject error, you may want to enable it according to the target server response (e.g: some header is present or not).

See poison-phases.js for a featured example.

Built-in poisons

Latency

Namelatency
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Infects the HTTP flow injecting a latency jitter in the response

Arguments:

  • options object
    • jitter number - Jitter value in milliseconds
    • max number - Random jitter maximum value
    • min number - Random jitter minimum value
toxy.poison(toxy.poisons.latency({ jitter: 1000 }))
// Or alternatively using a random value
toxy.poison(toxy.poisons.latency({ max: 1000, min: 100 }))

Inject response

Nameinject
Poisoning Phaseincoming / outgoing
Reaches the serverfalse (only as incoming poison)

Injects a custom response, intercepting the request before sending it to the target server. Useful to inject errors originated in the server.

Arguments:

  • options object
    • code number - Response HTTP status code. Default 500
    • headers object - Optional headers to send
    • body mixed - Optional body data to send. It can be a buffer or string
    • encoding string - Body encoding. Default to utf8
toxy.poison(toxy.poisons.inject({
  code: 503,
  body: '{"error": "toxy injected error"}',
  headers: {'Content-Type': 'application/json'}
}))

Bandwidth

Namebandwidth
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Limits the amount of bytes sent over the network in outgoing HTTP traffic for a specific time frame.

This poison is basically an alias to throttle.

Arguments:

  • options object
    • bytes number - Amount of chunk of bytes to send. Default 1024
    • threshold number - Packets time frame in milliseconds. Default 1000
toxy.poison(toxy.poisons.bandwidth({ bytes: 512 }))

Rate limit

NamerateLimit
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Limits the amount of requests received by the proxy in a specific threshold time frame. Designed to test API limits. Exposes typical X-RateLimit-* headers.

Note that this is very simple rate limit implementation, indeed limits are stored in-memory, therefore are completely volatile. There're a bunch of featured and consistent rate limiter implementations in npm that you can plug in as poison. You might be also interested in token bucket algorithm.

Arguments:

  • options object
    • limit number - Total amount of requests. Default to 10
    • threshold number - Limit time frame in milliseconds. Default to 1000
    • message string - Optional error message when limit is reached.
    • code number - HTTP status code when limit is reached. Default to 429.
toxy.poison(toxy.poisons.rateLimit({ limit: 5, threshold: 10 * 1000 }))

Slow read

NameslowRead
Poisoning Phaseincoming
Reaches the servertrue

Reads incoming payload data packets slowly. Only valid for non-GET request.

Arguments:

  • options object
    • chunk number - Packet chunk size in bytes. Default to 1024
    • threshold number - Limit threshold time frame in milliseconds. Default to 1000
toxy.poison(toxy.poisons.slowRead({ chunk: 2048, threshold: 1000 }))

Slow open

Name: slowOpen

NameslowOpen
Poisoning Phaseincoming
Reaches the servertrue

Delays the HTTP connection ready state.

Arguments:

  • options object
    • delay number - Delay connection in milliseconds. Default to 1000
toxy.poison(toxy.poisons.slowOpen({ delay: 2000 }))

Slow close

NameslowClose
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Delays the HTTP connection close signal (EOF).

Arguments:

  • options object
    • delay number - Delay time in milliseconds. Default to 1000
toxy.poison(toxy.poisons.slowClose({ delay: 2000 }))

Throttle

Namethrottle
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Restricts the amount of packets sent over the network in a specific threshold time frame.

Arguments:

  • options object
    • chunk number - Packet chunk size in bytes. Default to 1024
    • delay object - Data chunk delay time frame in milliseconds. Default to 100
toxy.poison(toxy.poisons.throttle({ chunk: 2048, threshold: 1000 }))

Abort connection

Nameabort
Poisoning Phaseincoming / outgoing
Reaches the serverfalse (only as incoming poison)

Aborts the TCP connection. From the low-level perspective, this will destroy the socket on the server, operating only at TCP level without sending any specific HTTP application level data.

Arguments:

  • options object
    • delay number - Aborts TCP connection after waiting the given milliseconds. Default to 0
    • next boolean - If true, the connection will be aborted if the target server takes more than the delay param time to reply. Default to false
    • error Error - Custom internal node.js error to use when destroying the socket. Default to null
// Basic connection abort
toxy.poison(toxy.poisons.abort())
// Abort after a delay
toxy.poison(toxy.poisons.abort(1000))
// In this case, the socket will be closed if
// the target server takes more than
// 2 seconds to respond
toxy.poison(toxy.poisons.abort({ delay: 2000, next: true }))

Timeout

Nametimeout
Poisoning Phaseincoming / outgoing
Reaches the servertrue

Defines a response timeout. Useful when forward to potentially slow servers.

Arguments:

  • milliseconds number - Timeout limit in milliseconds
toxy.poison(toxy.poisons.timeout(5000))

How to write poisons

Poisons are implemented as standard middleware function with the same interface as connect/express middleware.

Some poisons are not trivial to implement so you've to be familiar with node.js http module and its API.

Here's a simple example of a server latency poison:

var toxy = require('toxy')

function customLatencyPoison (delay) {
  // We name the function since toxy uses it as identifier to get/disable/remove it in the future
  return function customLatency (req, res, next) {
    var timeout = setTimeout(process, delay)
    req.once('close', onClose)

    function onClose () {
      clearTimeout(timeout)
      next('client connection closed')
    }

    function process () {
      req.removeListener('close', onClose)
      next()
    }
  }
}

var proxy = toxy()

// Register and enable the poison
proxy
  .get('/foo')
  .poison(customLatencyPoison(2000))

You can optionally extend the build-in poisons with your own poisons:

toxy.addPoison(customLatency)

// Then you can use it as a built-in poison
proxy
  .get('/foo')
  .poison(toxy.poisons.customLatency)

For featured real example, take a look to the built-in poisons implementation.

Rules

Rules are simple validation filters which inspects an incoming or outgoing HTTP traffic in order to determine, given a certain rules (e.g: matches the method, headers, query params, body...), if the current HTTP transaction should be poisoned or not, based on the resolution value of the rule.

Rules are useful to compose, decouple and reuse logic among different scenarios of poisoning. Rules can be applied to global, route or even poison scope, and it also applies to both phases of poisoning.

Rules are executed in FIFO order. Their evaluation logic is equivalent to Array#every() in JavaScript: all the rules must pass in order to proceed with the poisoning.

Built-in rules

Probability

Nameprobability
Poison Phaseincoming / outgoing

Enables the rule by a random probabilistic. Useful for random poisoning.

Arguments:

  • percentage number - Percentage of filtering. Default 50
var rule = toxy.rules.probability(85)
toxy.rule(rule)

Time threshold

NametimeThreshold
Poison Phaseincoming / outgoing

Simple rule to enable poisons based on a specific time threshold and duration. For instance, you can enable a certain poisons during a specific amount of time (e.g: 1 second) within a time threshold (e.g: 1 minute).

Arguments:

  • options object
    • duration number - Enable time interval in milliseconds. Default to 1000
    • threshold number - Time threshold in milliseconds to wait before re-enable the poisoning. Default to 10000
// Enable the poisoning only 100 milliseconds per each 10 seconds
proxy.rule(toxy.rules.timeThreshold(100))
// Enable poisoning during 1 second every minute
proxy.rule(toxy.rules.timeThreshold({ duration: 1000, period: 1000 * 60 }))

Method

Namemethod
Poison Phaseincoming / outgoing

Filters by HTTP method.

Arguments:

  • method string|array - Method or methods to filter.
var method = toxy.rules.method(['GET', 'POST'])
toxy.rule(method)

Content Type

Filters by content type header. It should be present

Arguments:

  • value string|regexp - Header value to match.
var rule = toxy.rules.contentType('application/json')
toxy.rule(rule)

Headers

Nameheaders
Poison Phaseincoming / outgoing

Filter by request headers.

Arguments:

  • headers object - Headers to match by key-value pair. value can be a string, regexp, boolean or function(headerValue, headerName) => boolean
var matchHeaders = {
  'content-type': /^application/\json/i,
  'server': true, // meaning it should be present,
  'accept': function (value, key) {
    return value.indexOf('text') !== -1
  }
}

var rule = toxy.rules.headers(matchHeaders)
toxy.rule(rule)

Response headers

NameresponseHeaders
Poison Phaseoutgoing

Filter by response headers from target server. Same as headers rule, but evaluating the outgoing request.

Arguments:

  • headers object - Headers to match by key-value pair. value can be a string, regexp, boolean or function(headerValue, headerName) => boolean
var matchHeaders = {
  'content-type': /^application/\json/i,
  'server': true, // meaning it should be present,
  'accept': function (value, key) {
    return value.indexOf('text') !== -1
  }
}

var rule = toxy.rules.responseHeaders(matchHeaders)
toxy.rule(rule)

Body

Namebody
Poison Phaseincoming / outgoing

Match incoming body payload by a given string, regexp or custom filter function.

This rule is pretty simple, so for complex body matching (e.g: validating against a JSON schema) you should probably write your own rule.

Arguments:

  • match string|regexp|function - Body content to match
  • limit string - Optional. Body limit in human size. E.g: 5mb
  • encoding string - Body encoding. Default to utf8
  • length number - Body length. Default taken from Content-Length header
var rule = toxy.rules.body('"hello":"world"')
toxy.rule(rule)

// Or using a filter function returning a boolean
var rule = toxy.rules.body(function contains(body) {
  return body.indexOf('hello') !== -1
})
toxy.rule(rule)

Response body

NameresponseBody
Poison Phaseoutgoing

Match outgoing body payload by a given string, regexp or custom filter function.

Arguments:

  • match string|regexp|function - Body content to match
  • encoding string - Body encoding. Default to utf8
  • length number - Body length. Default taken from Content-Length header
var rule = toxy.rules.responseBody('"hello":"world"')
toxy.rule(rule)

// Or using a filter function returning a boolean
var rule = toxy.rules.responseBody(function contains(body) {
  return body.indexOf('hello') !== -1
})
toxy.rule(rule)

Response status

NameresponseStatus
Poison Phaseoutgoing

Evaluates the response status from the target server. Only applicable to outgoing poisons.

Arguments:

  • range array - Pair of status code range to match. Default [200, 300].
  • lower number - Compare status as lower than operation. Default to null.
  • higher number - Compare status as higher than operation. Default to null.
  • value number - Status code to match using a strict equality comparison. Default null.
  • include array - Unordered list of status codes to match. Useful to specify custom status. Default null
// Strict evaluation of the status code
toxy.rule(toxy.rules.responseBody(200))
// Using a range of valid status
toxy.rule(toxy.rules.responseBody([200, 204]))
// Using relational comparison
toxy.rule(toxy.rules.responseBody({ higher: 199, lower: 400 }))
// Custom unordered status code to match
toxy.rule(toxy.rules.responseBody({ include: [200, 204, 400, 404] }))

Third-party rules

List of available third-party rules provided by the community. PR are welcome.

  • IP - Enable/disable poisons based on the client IP address (supports CIDR, subnets, ranges...).

How to write rules

Rules are simple middleware functions that resolve asynchronously with a boolean value to determine if a given HTTP transaction should be ignored when poisoning.

Your rule must resolve with a boolean param calling the next(err, shouldIgnore) function in the middleware, passing a true value if the rule has not matches and should not apply the poisoning, and therefore continuing with the next middleware stack.

Here's an example of a simple rule matching the HTTP method to determine if:

var toxy = require('toxy')

function customMethodRule(matchMethod) {
  /**
   * We name the function since it's used by toxy to identify the rule to get/disable/remove it in the future
   */
  return function customMethodRule(req, res, next) {
    var shouldIgnore = req.method !== matchMethod
    next(null, shouldIgnore)
  }
}

var proxy = toxy()

// Register and enable the rule
proxy
  .get('/foo')
  .rule(customMethodRule('GET'))
  .poison(/* ... */)

You can optionally extend the build-in rules with your own rules:

toxy.addRule(customMethodRule)

// Then you can use it as a built-in poison
proxy
  .get('/foo')
  .rules(toxy.rules.customMethodRule)

For featured real examples, take a look to the built-in rules implementation

Programmatic API

toxy API is completely built on top the rocky API. In other words, you can use any of the methods, features and middleware layer natively provided by rocky.

toxy([ options ])

Create a new toxy proxy.

For supported options, please see rocky documentation

var toxy = require('toxy')

toxy({ forward: 'http://server.net', timeout: 30000 })

toxy
  .get('/foo')
  .poison(toxy.poisons.latency(1000))
  .withRule(toxy.rules.contentType('json'))
  .forward('http://foo.server')

toxy
  .post('/bar')
  .poison(toxy.poisons.bandwidth({ bps: 1024 }))
  .withRule(toxy.rules.probability(50))
  .forward('http://bar.server')

toxy
  .post('/boo')
  .outgoingPoison(toxy.poisons.bandwidth({ bps: 1024 }))
  .withRule(toxy.rules.method('GET'))
  .forward('http://boo.server')

toxy.all('/*')

toxy.listen(3000)

toxy#get(path, [ middleware... ])

Return: ToxyRoute

Register a new route for GET method.

toxy#post(path, [ middleware... ])

Return: ToxyRoute

Register a new route for POST method.

toxy#put(path, [ middleware... ])

Return: ToxyRoute

Register a new route for PUT method.

toxy#patch(path, [ middleware... ])

Return: ToxyRoute

toxy#delete(path, [ middleware... ])

Return: ToxyRoute

Register a new route for DELETE method.

toxy#head(path, [ middleware... ])

Return: ToxyRoute

Register a new route for HEAD method.

toxy#all(path, [ middleware... ])

Return: ToxyRoute

Register a new route for any method.

toxy#poisons => Object

Exposes a map with the built-in poisons. Prototype alias to toxy.poisons

toxy#rules => Object

Exposes a map with the built-in poisons. Prototype alias to toxy.rules

toxy#forward(url)

Define a URL to forward the incoming traffic received by the proxy.

toxy#balance(urls)

Forward to multiple servers balancing among them.

For more information, see the rocky docs

toxy#replay(url)

Define a new replay server. You can call this method multiple times to define multiple replay servers.

For more information, see the rocky docs

toxy#use(middleware)

Plug in a custom middleware.

For more information, see the rocky docs.

toxy#useResponse(middleware)

Plug in a response outgoing traffic middleware.

For more information, see the rocky docs.

toxy#useReplay(middleware)

Plug in a replay traffic middleware.

For more information, see the rocky docs

toxy#requestBody(middleware)

Intercept incoming request body. Useful to modify it on the fly.

For more information, see the rocky docs

toxy#responseBody(middleware)

Intercept outgoing response body. Useful to modify it on the fly.

For more information, see the rocky docs

toxy#middleware()

Return a standard middleware to use with connect/express.

toxy#host(host)

Overwrite the Host header with a custom value. Similar to forwardHost option.

toxy#redirect(url)

Redirect traffic to the given URL.

toxy#findRoute(routeIdOrPath, [ method ])

Find a route by ID or path and method.

toxy#listen(port)

Starts the built-in HTTP server, listening on a specific TCP port.

toxy#close([ callback ])

Closes the HTTP server.

toxy#poison(poison)

Alias: usePoison, useIncomingPoison

Register a new poison to infect incoming traffic.

toxy#outgoingPoison(poison)

Alias: useOutgoingPoison, responsePoison

Register a new poison to infect outgoing traffic.

toxy#rule(rule)

Alias: useRule

Register a new rule.

toxy#withRule(rule)

Aliases: ifRule, whenRule, poisonRule, poisonFilter

Apply a new rule for the latest registered poison.

toxy#enable(poison)

Enable a poison by name identifier

toxy#disable(poison)

Disable a poison by name identifier

toxy#remove(poison)

Return: boolean

Remove an incoming traffic poison by name identifier or object reference.

toxy#removeOutgoing(poison)

Return: boolean

Remove an outgoing traffic poison by name identifier or object reference.

toxy#isEnabled(poison)

Return: boolean

Checks if a poison is enabled by name identifier.

toxy#disableAll()

Alias: disablePoisons

Disable all the registered poisons.

toxy#getPoison(name)

Return: Directive|null

Searches and retrieves a registered poison in the stack by name identifier.

toxy#getIncomingPoison(name)

Return: Directive|null

Searches and retrieves a registered incoming poison in the stack by name identifier.

toxy#getOutgoingPoison(name)

Return: Directive|null

Searches and retrieves a registered outgoing poison in the stack by name identifier.

toxy#getPoisons()

Return: array<Directive>

Return an array of registered poisons.

toxy#getIncomingPoisons()

Return: array<Directive>

Return an array of registered incoming poisons.

toxy#getOutgoingPoisons()

Return: array<Directive>

Return an array of registered outgoing poisons.

toxy#flush()

Alias: flushPoisons

Remove all the registered poisons for both incoming and outgoing traffic flows.

toxy#enableRule(rule)

Enable a rule by name identifier.

toxy#disableRule(rule)

Disable a rule by name identifier.

toxy#removeRule(rule)

Return: boolean

Remove a rule by name identifier.

toxy#disableRules()

Disable all the registered rules.

toxy#isRuleEnabled(rule)

Return: boolean

Checks if the given rule is enabled by name identifier.

toxy#getRule(rule)

Return: Directive|null

Searches and retrieves a registered rule in the stack by name identifier.

toxy#getRules()

Return: array<Directive>

Returns and array with the registered rules wrapped as Directive.

toxy#flushRules()

Remove all the rules.

toxy.addPoison(name, fn)

Extend built-in poisons.

toxy.addRule(name, fn)

Extend built-in rules.

toxy.poisons => Object

Exposes a map with the built-in poisons.

toxy.rules => Object

Exposes a map with the built-in rules.

toxy.VERSION => String

Current toxy semantic version.

ToxyRoute

ToxyRoute exposes the same interface as Toxy global interface, it just adds some route level additional methods.

Further actions you perform against the ToxyRoute API will only be applicable at route-level (nested). In other words: you already know the API.

This example will probably clarify possible doubts:

var toxy = require('toxy')
var proxy = toxy()

// Now using the global API
proxy
  .forward('http://server.net')
  .poison(toxy.poisons.bandwidth({ bps: 1024 }))
  .rule(toxy.rules.method('GET'))

// Now create a route
var route = proxy
  .get('/foo')
  .toPath('/bar') // Route-level API method
  .host('server.net') // Route-level API method
  .forward('http://new.server.net')

// Now using the ToxyRoute interface
route
  .poison(toxy.poisons.bandwidth({ bps: 512 }))
  .rule(toxy.rules.contentType('json'))

Directive(middlewareFn)

A convenient wrapper internally used for poisons and rules.

Normally you don't need to know this interface, but for hacking purposes or more low-level actions might be useful.

Directive#enable()

Return: boolean

Directive#disable()

Return: boolean

Directive#isEnabled()

Return: boolean

Directive#rule(rule)

Alias: filter

Directive#handler()

Return: function(req, res, next)

HTTP API

The toxy HTTP API follows the JSON API conventions, including resource based hypermedia linking.

Usage

For a featured use case, see the admin server example.

const toxy = require('toxy')

// Create the toxy admin server
var admin = toxy.admin({ cors: true })
admin.listen(9000)

// Create the toxy proxy
var proxy = toxy()
proxy.listen(3000)

// Add the toxy instance to be managed by the admin server
admin.manage(proxy)

// Then configure the proxy
proxy
  .forward('http://my.target.net')

proxy
  .get('/slow')
  .poison(toxy.poisons.bandwidth({ bps: 1024 }))

// Handle the rest of the traffic
proxy
  .all('/*')
  .poison(toxy.poisons.bandwidth({ bps: 1024 * 5 }))

console.log('toxy proxy listening on port:', 3000)
console.log('toxy admin server listening on port:', 9000)

For more details about the admin programmatic API, see below.

Authorization

The HTTP API can be protected to unauthorized clients. Authorized clients must define the API key token via API-Key or Authorization HTTP headers.

To enable it, you should simple pass the following options to toxy admin server:

const toxy = require('toxy')

const opts = { apiKey: 's3cr3t' }
var admin = toxy.admin(opts)

admin.listen(9000)
console.log('protected toxy admin server listening on port:', 9000)

API

Hierarchy:

  • Servers - Managed toxy instances
    • Rules - Globally applied rules
    • Poisons - Globally applied poisons
      • Rules - Poison-specific rules
    • Routes - List of configured routes
      • Route - Object for each specific route
        • Rules - Route-level registered rules
        • Poisons - Route-level registered poisons
          • Rules - Route-level poison-specific rules

GET /

Servers

GET /servers

GET /servers/:id

Rules

GET /servers/:id/rules

POST /servers/:id/rules

Accepts: application/json

Example payload:

{
  "name": "method",
  "options": "GET"
}

DELETE /servers/:id/rules

GET /servers/:id/rules/:id

DELETE /servers/:id/rules/:id

Poisons

GET /servers/:id/poison

POST /servers/:id/poisons

Accepts: application/json

Example payload:

{
  "name": "latency",
  "phase": "outgoing",
  "options": { "jitter": 1000 }
}

DELETE /servers/:id/poisons

GET /servers/:id/poisons/:id

DELETE /servers/:id/poisons/:id

GET /servers/:id/poisons/:id/rules

POST /servers/:id/poisons/:id/rules

Accepts: application/json

Example payload:

{
  "name": "method",
  "options": "GET"
}

DELETE /servers/:id/poisons/:id/rules

GET /servers/:id/poisons/:id/rules/:id

DELETE /servers/:id/poisons/:id/rules/:id

Routes

GET /servers/:id/routes

POST /servers/:id/routes

Accepts: application/json

Example payload:

{
  "path": "/foo", // Required
  "method": "GET", // use ALL for all the methods
  "forward": "http://my.server", // Optional custom forward server URL
}

DELETE /servers/:id/routes

GET /servers/:id/routes/:id

DELETE /servers/:id/routes/:id

Route rules

GET /servers/:id/routes/:id/rules

POST /servers/:id/routes/:id/rules

Accepts: application/json

Example payload:

{
  "name": "method",
  "options": "GET"
}

DELETE /servers/:id/routes/:id/rules

GET /servers/:id/routes/:id/rules/:id

DELETE /servers/:id/routes/:id/rules/:id

Route poisons

GET /servers/:id/routes/:id/poisons

POST /servers/:id/routes/:id/poisons

Accepts: application/json

Example payload:

{
  "name": "latency",
  "phase": "outgoing",
  "options": { "jitter": 1000 }
}

DELETE /servers/:id/routes/:id/poisons

GET /servers/:id/routes/:id/poisons/:id

DELETE /servers/:id/routes/:id/poisons/:id

GET /servers/:id/routes/:id/poisons/:id/rules

POST /servers/:id/routes/:id/poisons/:id/rules

Accepts: application/json

Example payload:

{
  "name": "method",
  "options": "GET"
}

DELETE /servers/:id/routes/:id/poisons/:id/rules

GET /servers/:id/routes/:id/poisons/:id/rules/:id

DELETE /servers/:id/routes/:id/poisons/:id/rules/:id

Programmatic API

The built-in HTTP admin server also provides a simple interface open to extensibility and hacking purposes. For instance, you can plug in additional middleware to the admin server, or register new routes.

toxy.admin([ opts ])

Returns: Admin

Supported options:

  • apiKey string - Optional API key to protect the server
  • port number - Optional. TCP port to listen
  • cors boolean - Enable CORS for web browser access
  • middleware array<function> - Plug in additional middleware
  • ssl object - Node.js HTTPS server TLS options.
Admin#listen([ port, host ])

Start listening on the network.

Admin#manage(toxy)

Manage a toxy server instance.

Admin#find(toxy)

Find a toxy instance. Accepts toxy server ID or toxy instance.

Admin#remove(toxy)

Stop managing a toxy instance.

Admin#use(...middleware)

Register a middleware.

Admin#param(...middleware)

Register a param middleware.

Admin#get(path, [ ...middleware ])

Register a GET route.

Admin#post(path, [ ...middleware ])

Register a POST route.

Admin#put(path, [ ...middleware ])

Register a PUT route.

Admin#delete(path, [ ...middleware ])

Register a DELETE route.

Admin#patch(path, [ ...middleware ])

Register a PATCH route.

Admin#all(path, [ ...middleware ])

Register a route accepting any HTTP method.

Admin#middleware(req, res, next)

Middleware to plug in with connect/express.

Admin#close(cb)

Stop the server.

License

MIT - Tomas Aparicio

views

More Repositories

1

imaginary

Fast, simple, scalable, Docker-ready HTTP microservice for high-level image processing
Go
5,543
star
2

bimg

Go package for fast high-level image processing powered by libvips C library
Go
2,683
star
3

filetype

Fast, dependency-free Go package to infer binary file types based on the magic numbers header signature
Go
2,076
star
4

gock

HTTP traffic mocking and testing made easy in Go ༼ʘ̚ل͜ʘ̚༽
Go
2,067
star
5

gentleman

Plugin-driven, extensible HTTP client toolkit for Go
Go
1,072
star
6

videoshow

Simple node.js utility to create video slideshows from images with optional audio and visual effects using ffmpeg
JavaScript
873
star
7

baloo

Expressive end-to-end HTTP API testing made easy in Go
Go
776
star
8

jshashes

Fast and dependency-free cryptographic hashing library for node.js and browsers (supports MD5, SHA1, SHA256, SHA512, RIPEMD, HMAC)
JavaScript
698
star
9

filetype.py

Small, dependency-free, fast Python package to infer binary file types checking the magic numbers signature
Python
642
star
10

nar

node.js application archive - create self-contained binary like executable applications that are ready to ship and run
LiveScript
428
star
11

rocky

Full-featured, middleware-oriented, programmatic HTTP and WebSocket proxy for node.js (deprecated)
JavaScript
371
star
12

pook

HTTP traffic mocking and testing made easy in Python
Python
329
star
13

paco

Small utility library for coroutine-driven asynchronous generic programming in Python
Python
202
star
14

semver.c

Semantic version in ANSI C
C
185
star
15

riprova

Versatile async-friendly retry package with multiple backoff strategies
Python
116
star
16

node-imaginary

Minimalist node.js command-line & programmatic API client for imaginary
JavaScript
106
star
17

youtube-video-api

Simplified programmatic and command-line interface for YouTube Video API. Built for node.js
JavaScript
67
star
18

siringa

Minimalist dependency injection library for Python that embraces type annotations syntax
Hy
54
star
19

audioconcat

Tiny node.js module to concat multiple audio files using ffmpeg
JavaScript
45
star
20

requireg

Resolve and require local & global modules in node.js like a boss
JavaScript
45
star
21

thread.js

Frictionless library to deal with multithread programming in the browser
JavaScript
41
star
22

grunt-stubby

Grunt task to setup a stub/mock server based on JSON/YAML/JS configuration files
JavaScript
26
star
23

hu

Small, generic functional helper library for node.js and browsers
wisp
20
star
24

gentleman-consul

Gentleman's plugin for Consul server discovery and optional configurable retry/backoff policies
Go
19
star
25

nightmare-google-oauth2

Nightmare plugin to retrieve a Google APIs OAuth2 token. Useful for server-to-server automation
JavaScript
19
star
26

balboa

Simple HTTP forward proxy
JavaScript
16
star
27

domlight

Spotlight DOM elements easily
JavaScript
16
star
28

resizr

Dead simple HTTP service written in Go for fast and easy image resizing from remote URLs
Go
16
star
29

google-oauth2-token

No headaches. Automation wins. Get a fresh OAuth2 token for Google APIs in just one command
JavaScript
16
star
30

angular-thread

AngularJS primitive bindings for thread.js
JavaScript
15
star
31

resilient-consul

Resilient.js middleware to use Consul for service discovery and balancing
JavaScript
14
star
32

gentleman-mock

HTTP mocking for gentleman's clients made easy. Uses gock under the hood
Go
14
star
33

rocky-consul

Rocky middleware for service discovery and dynamic traffic balancing using Consul
JavaScript
14
star
34

angular-resilient

Use $http as a resilient, failover and client-side balanced HTTP client
JavaScript
13
star
35

go-is-svg

Check if a given buffer is a valid SVG image in Go (golang)
Go
12
star
36

node-os-shim

Native OS module API shim for older node.js versions
JavaScript
12
star
37

stream-interceptor

Intercept, modify and/or ignore chunks data and events in any readable stream
JavaScript
11
star
38

gentleman-retry

gentleman's plugin providing retry policy capabilities in your HTTP clients
Go
11
star
39

bbscraper

Simple phpBB forum thread web scraper written in Python
Python
11
star
40

Sencha-WebSocket

WebSocket client abstraction library for Sencha JavaScript frameworks (DEPRECATED)
JavaScript
10
star
41

grunt-beautiful-docs

Generate beautiful markdown-based documentation using Grunt
CoffeeScript
9
star
42

findup

Find the first file matching in a current working directory or the nearest ancestor directory up to root using Go
Go
9
star
43

resolve-tree

Recursively resolve node.js modules and its dependencies looking into node_modules trees.
JavaScript
8
star
44

http-forward

Simple one-line proxy forward for incoming HTTP requests. Built for node.js/io.js
JavaScript
7
star
45

injecty

Micro library for dependency injection and inversion of control containers in node and browsers
wisp
6
star
46

sharedworkers-angular-poc

A simple proof of concept using Shared WebWorkers + Two-way data binding in AngularJS
CSS
6
star
47

toxy-ip

toxy rule to easily filter by IP addresses (supports CIDR, subnet, IP ranges...)
JavaScript
6
star
48

fw

Tiny library for asynchronous control-flow in node and browsers
wisp
6
star
49

pipefy

Transform a function into a pipeable writable stream in node/io.js
JavaScript
5
star
50

node-bintray

CLI and programmatic interface for Bintray built for node.js
CoffeeScript
5
star
51

generator-api-service

A Yeoman generator to build an opinionated but community-driven convention-focused, general purpose, resource-oriented HTTP service in node.js
JavaScript
4
star
52

htgen

Tiny hypertext markup code generator for node and browsers
LiveScript
4
star
53

node-authrc

authrc implementation for node
CoffeeScript
4
star
54

gulp-nar

Create and extract nar archives from Gulp
JavaScript
4
star
55

ng-exam

Are you a great AngularJS developer? (wip)
JavaScript
4
star
56

oml

Minimalist template engine built-on-top of the Oli language for node and browsers
JavaScript
4
star
57

buildspec

Declarative, featured, unopiniotated, CI-agnostic build configuration file
4
star
58

OPEW

[NOT MAINTAINED] OPEW is a powerful, complete, independent and extensible open source distribution stack for GNU/Linux (64 bits) based OS. Its goal is to provides a rich portable ready-to-run development environment focused on modern and robust programming languages in oder to satisfy the common needs for the web development.
Shell
4
star
59

promitto

Tiny promise library mostly compatible with Promise/A+ spec and ES6
wisp
3
star
60

heroku-buildpack-binary-download

Download and execute POSIX compatible binaries in Heroku apps
Shell
3
star
61

grunt-nar

Create and extract nar archives from Grunt
CoffeeScript
2
star
62

ASIR

ASIR course exercises for fun and profit
Shell
2
star
63

consul-cluster-test

Consul cluster test suite
Python
2
star
64

butler

A small, elegant and friendly library to deal elegantly with Service Workers (experimental)
JavaScript
2
star
65

node-cloudimage

Minimalist node/io.js CLI & programmatic stream-based interface for Cloudimage.io
JavaScript
2
star
66

mimeware

Simple node.js/io.js HTTP middleware to infer the proper MIME content type response header
JavaScript
2
star
67

bock

Browser next-generation HTTP traffic mock and proxy interceptor using Service Worker (experimental)
JavaScript
2
star
68

OPEW-bash-installer

Bash-based installer builder utility for the OPEW project
Shell
2
star
69

findup.rs

Find the first file matching in a current working directory or the nearest ancestor directory up to root
Rust
2
star
70

http-version

HTTP API version matching strategies as middleware for connect/express/rocky
JavaScript
2
star
71

nar-installer

Simple Bash script to easily install nar executable packages. Analog to npm install --global
Shell
2
star
72

http-api-versioning

Analysis of multiple HTTP API versioning design strategies
1
star
73

midware-pool

Tiny module to create a pool of connect-style domain-agnostic middleware layers in browsers and node.js
JavaScript
1
star
74

apachelog

Simple Go net/http compatible middleware for Apache style logging
Go
1
star
75

rocky-cli

Command-line interface for rocky. Supports TOML configuration file to easily set up your proxy
JavaScript
1
star
76

carcasse

Build structured, modular and object-oriented JavaScript projects
JavaScript
1
star
77

go-memstats

Human-friendly debugger to print in stdout the memory and GC stats
Go
1
star