-
Notifications
You must be signed in to change notification settings - Fork 2
/
APIMScanCachePolicy.cshtml
76 lines (76 loc) · 4.85 KB
/
APIMScanCachePolicy.cshtml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<!-- The policy defined assumes implementation of the provided SAP Principal Propagation policy: https://github.com/MartinPankraz/AzureSAPODataReader/blob/master/Templates/SAPPrincipalPropagationAndCachingPolicy.cshtml -->
<!-- Furthermore it shows how to inspect the APIM cache for tokens for a specified user using his Bearer token. -->
<!-- This is useful to check if your caching approach works as expected and to verify expiry times (uncomment relevant sections in policies to activate) -->
<policies>
<inbound>
<!-- check APIM cache for existing user SAP token for OData service -->
<cache-lookup-value key="@("SAPPrincipal" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" variable-name="SAPBearerToken" />
<cache-lookup-value key="@("SAPBearerDuration" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" variable-name="SAPBearerDuration" />
<cache-lookup-value key="@("SAPPrincipalRefresh" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" variable-name="SAPRefreshToken" />
<cache-lookup-value key="@("SAPRefreshDuration" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" variable-name="SAPRefreshDuration" />
<choose>
<!-- set value for response in case no bearer cached -->
<when condition="@(!context.Variables.ContainsKey("SAPBearerToken"))">
<set-variable name="SAPBearerToken" value="bearer cache empty" />
<set-variable name="SAPBearerDuration" value="0" />
</when>
<!-- handle chache removal in case bearer still present and header indicator active -->
<otherwise>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("reset-cache","") == "true")">
<cache-remove-value key="@("SAPPrincipal" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" caching-type="prefer-external" />
</when>
</choose>
</otherwise>
</choose>
<choose>
<!-- set value for response in case no bearer duration cached -->
<when condition="@(!context.Variables.ContainsKey("SAPBearerDuration"))">
<set-variable name="SAPBearerDuration" value="0" />
</when>
</choose>
<choose>
<when condition="@(!context.Variables.ContainsKey("SAPRefreshToken"))">
<set-variable name="SAPRefreshToken" value="refresh token cache empty" />
<set-variable name="SAPRefreshDuration" value="0" />
</when>
<!-- handle chache removal in case refresh token still present and header indicator active -->
<otherwise>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("reset-cache","") == "true")">
<cache-remove-value key="@("SAPPrincipalRefresh" + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" caching-type="prefer-external" />
</when>
</choose>
</otherwise>
</choose>
<choose>
<!-- set value for response in case no refresh token duration cached -->
<when condition="@(!context.Variables.ContainsKey("SAPRefreshDuration"))">
<set-variable name="SAPRefreshDuration" value="0" />
</when>
</choose>
</inbound>
<backend />
<outbound>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("reset-cache","") != "true")">
<set-header name="Content-Type" exists-action="override">
<value>text/plain</value>
</set-header>
<set-body template="none">@{
return context.Variables["SAPBearerToken"] + " | " + context.Variables["SAPBearerDuration"] + "s | " +context.Variables["SAPRefreshToken"] + " | " + context.Variables["SAPRefreshDuration"] + "s";
//return "bearer:" + context.Variables["SAPBearerToken"] + " | refresh:" + context.Variables["SAPRefreshToken"];
}</set-body>
</when>
<otherwise>
<set-header name="Content-Type" exists-action="override">
<value>text/plain</value>
</set-header>
<set-body template="none">@{
return "cache delete attempt for " + context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Claims.GetValueOrDefault("upn", "unknown") + " | "+ context.Variables["SAPBearerToken"] + " | "+ context.Variables["SAPRefreshToken"];
}</set-body>
</otherwise>
</choose>
</outbound>
<on-error />
</policies>