http-headers-decode-plugin
These plugins allow decoding HTTP headers, in request or in response, to reveal their inner data.
This was the original plugin need/idea: decoding applicative rights that are compressed inside a JWT token.
Signature
function myOwnPlugin({
inputs: {part, header, value},
parameters: {},
callbacks: {setDecodedHeaders, onShowInfo, onShowError, onShowWarning },
libs: {React, moment}
}){}
The plugin is called for each header, when displaying the HTTP headers tab.
Inputs
| Name | Description |
|---|---|
| part | req for request headers or res for response headers |
| header | Name of the header, in lower case |
| value | The header value |
Callbacks
onShowInfo(message)
Displays an Information toast with the message.
onShowWarning(message)
Displays a Warning toast with the message.
onShowError(message)
Displays an Error toast with the message.
setDecodedHeaders([{key, value, format, decoded}])
Callback to return the result: an array of objects with this structure:
| Parameter | Description |
|---|---|
| key | String, label to display in the UI |
| value | Any, value to display |
| format | String, format of the value |
| decoded | Boolean, whether or not the header is decoded (gray background in the UI) |
formatmay be one of:application/json,application/xml--> displayed in ACE editortext/plain,react--> displayed as such
Libs
Spider provides libs to help for display:
| Lib | Description |
|---|---|
| React | React library. |
| moment | moment-timezone lib with customized 'format' method to take active timezone into account |
Output
Output must be sent both:
- Using
setDecodedHeaderscallback - With a
return value(of the promise)
Examples
Decoding certificates
First 'official' plugin: a plugin decoding X509 certificate communicated in HTTP headers.
Parameters
The plugin takes the name of the header in parameter:
Output
It adds decoded field in the HTTP headers tab
Code
The plugin code is freely available here: https://gitlab.com/spider-analyzer/plugins/certificate-decoder
Decoding Streetsmart rights
The plugin extract Streetsmart rights from JWT token.
Parameters
It takes 3 parameters:
- Environment: Streetsmart environment to calls to dereference the filters
- Login & password: Account used to connect to Streetsmart
- The account must exists on the selected environment.
- For now, it has been created in SIT0, SIT1 and SVT2
Output
It displays in a JSON editor for better readability and folding
- The multitenant filters (parks or others) are extracted and dereferenced
Code
The code is private and available in Flowbird bitbucket repo sss-token-decoder-spiderplugin