diff --git a/agent/agent-mutual-tls-termination.mdx b/agent/agent-mutual-tls-termination.mdx index 06e227831d..c905542510 100644 --- a/agent/agent-mutual-tls-termination.mdx +++ b/agent/agent-mutual-tls-termination.mdx @@ -64,13 +64,13 @@ Using the CA certificate generated in the previous step, you can specify the `mu ```yaml policy.yml on_tcp_connect: - - actions: - - type: terminate-tls + - actions: + - type: terminate-tls config: mutual_tls_certificate_authorities: - -----BEGIN CERTIFICATE----- -... certificate ... ------END CERTIFICATE----- + ... certificate ... + -----END CERTIFICATE----- ``` ```json policy.json diff --git a/getting-started/_secure-your-app.mdx b/getting-started/_secure-your-app.mdx index dc1d9a1866..3f9550cbbd 100644 --- a/getting-started/_secure-your-app.mdx +++ b/getting-started/_secure-your-app.mdx @@ -86,17 +86,17 @@ First, create a new file called `traffic-policy.yml` in the root of your project ```yaml policy.yml on_http_request: - - name: OAuth + - name: OAuth actions: - - type: oauth + - type: oauth config: auth_id: oauth provider: google - - name: bad email + - name: bad email expressions: - actions.ngrok.oauth.identity.email != 'alan@example.com' actions: - - type: custom-response + - type: custom-response config: body: Hey, no auth for you ${actions.ngrok.oauth.identity.name}! status_code: 400 diff --git a/package.json b/package.json index 9b83782520..da46a5b08f 100644 --- a/package.json +++ b/package.json @@ -6,8 +6,6 @@ "scripts": { "build": "mint build", "dev": "mint dev --port 3333", - "fmt:check": "biome check . --diagnostic-level=error && prettier --check .", - "fmt": "biome check . --write --diagnostic-level=error --organize-imports-enabled=true && prettier --write .", "verify-redirects": "node snippets/custom-scripts/check-redirect-conflicts.js", "test-links": "mint broken-links" }, diff --git a/traffic-policy/examples/a-b-tests.mdx b/traffic-policy/examples/a-b-tests.mdx index 956656eaca..fdabda48dd 100644 --- a/traffic-policy/examples/a-b-tests.mdx +++ b/traffic-policy/examples/a-b-tests.mdx @@ -19,16 +19,16 @@ This rule: ```yaml policy.yml on_http_request: - - expressions: + - expressions: - rand.double() <= 0.5 actions: - - type: forward-internal + - type: forward-internal config: url: https://a.internal - - actions: - - type: forward-internal - config: - url: https://b.internal + - actions: + - type: forward-internal + config: + url: https://b.internal ``` ```json policy.json @@ -77,15 +77,15 @@ You can also send the traffic to a different route using url rewrites. ```yaml policy.yml on_http_request: - - expressions: + - expressions: - rand.double() <= 0.5 actions: - - type: url-rewrite + - type: url-rewrite config: from: /path/to/test to: /path/to/test-b - - actions: - - type: forward-internal + - actions: + - type: forward-internal config: url: https://b.internal ``` diff --git a/traffic-policy/examples/add-and-remove-headers.mdx b/traffic-policy/examples/add-and-remove-headers.mdx index de67150dde..a313a609a3 100644 --- a/traffic-policy/examples/add-and-remove-headers.mdx +++ b/traffic-policy/examples/add-and-remove-headers.mdx @@ -16,8 +16,8 @@ This rule adds multiple headers to the request, including the client's IP addres ```yaml policy.yml on_http_request: - - actions: - - type: add-headers + - actions: + - type: add-headers config: headers: x-is-ngrok: 1 @@ -66,8 +66,8 @@ This rule removes the `X-Powered-By` header. ```yaml policy.yml on_http_request: - - actions: - - type: remove-headers + - actions: + - type: remove-headers config: headers: - X-Powered-By diff --git a/traffic-policy/examples/add-authentication.mdx b/traffic-policy/examples/add-authentication.mdx index c701a15f93..1d40f08adf 100644 --- a/traffic-policy/examples/add-authentication.mdx +++ b/traffic-policy/examples/add-authentication.mdx @@ -14,27 +14,27 @@ This rule adds key-based rate limiting to your endpoints based on your consumers on_http_request: - name: Add JWT authentication and rate limiting actions: - - type: rate-limit + - type: rate-limit config: - name: Only allow 30 requests per minute + name: Only allow 30 requests per minute algorithm: sliding_window capacity: 30 rate: 60s bucket_key: - req.headers['x-api-key'] - - type: jwt-validation + - type: jwt-validation config: - issuer: + issuer: allow_list: - value: https:// audience: allow_list: - value: http: - tokens: + tokens: - type: jwt method: header - name: Authorization + name: Authorization prefix: Bearer jws: allowed_algorithms: @@ -130,25 +130,25 @@ This rule grants conditional access to a page using the following ngrok [OAuth a on_http_request: - name: OAuth actions: - - type: oauth + - type: oauth config: - auth_id: oauth + auth_id: oauth provider: google - - name: good email + - name: good email expressions: - - actions.ngrok.oauth.identity.email.endsWith('@ngrok.com') + - actions.ngrok.oauth.identity.email.endsWith('@ngrok.com') actions: - type: custom-response config: - body: Welcome ${actions.ngrok.oauth.identity.name}! + body: Welcome ${actions.ngrok.oauth.identity.name}! status_code: 200 - - name: bad email + - name: bad email expressions: - - !actions.ngrok.oauth.identity.email.endsWith('@ngrok.com') + - !actions.ngrok.oauth.identity.email.endsWith('@ngrok.com') actions: - type: custom-response config: - body: Hey, no auth for you ${actions.ngrok.oauth.identity.name}! + body: Hey, no auth for you ${actions.ngrok.oauth.identity.name}! status_code: 400 ``` @@ -215,9 +215,9 @@ This rule uses the `actions.ngrok.oidc.identity_token` [OIDC action result varia on_http_request: - name: OIDC actions: - - type: openid-connect - config: - issuer_url: https://accounts.google.com + - type: openid-connect + config: + issuer_url: https://accounts.google.com client_id: client_secret: scopes: @@ -226,9 +226,9 @@ on_http_request: - email - name: Headers actions: - - type: add-headers + - type: add-headers config: - headers: + headers: id-token: ${actions.ngrok.oidc.identity_token} ``` diff --git a/traffic-policy/examples/compress-json-responses.mdx b/traffic-policy/examples/compress-json-responses.mdx index f621a53361..bad716908a 100644 --- a/traffic-policy/examples/compress-json-responses.mdx +++ b/traffic-policy/examples/compress-json-responses.mdx @@ -17,9 +17,9 @@ If your upstream service already handles compression, ngrok skips this step. ```yaml policy.yml on_http_response: - - name: Add compression + - name: Add compression actions: - - type: compress-response + - type: compress-response config: algorithms: - gzip diff --git a/traffic-policy/examples/enforce-tls.mdx b/traffic-policy/examples/enforce-tls.mdx index 2bfca5e4e5..d1d1de0922 100644 --- a/traffic-policy/examples/enforce-tls.mdx +++ b/traffic-policy/examples/enforce-tls.mdx @@ -16,11 +16,11 @@ This rule: ```yaml policy.yml on_http_request: - - name: Reject requests using old TLS versions + - name: Reject requests using old TLS versions expressions: - conn.tls.version < '1.3' actions: - - type: custom-response + - type: custom-response config: status_code: 401 body: Unauthorized: TLS version too old diff --git a/traffic-policy/examples/event-logging.mdx b/traffic-policy/examples/event-logging.mdx index 5eaa04a3fb..a64486db83 100644 --- a/traffic-policy/examples/event-logging.mdx +++ b/traffic-policy/examples/event-logging.mdx @@ -16,19 +16,19 @@ This rule: ```yaml policy.yml on_http_request: - - actions: - - type: custom-response + - actions: + - type: custom-response config: status_code: 503 body:

Service Unavailable

Our servers are currently down for maintenance. Please check back later.

headers: content-type: text/html on_http_response: - - name: Log unsuccessful requests + - name: Log unsuccessful requests expressions: - res.status_code < '200' && res.status_code >= '300' actions: - - type: log + - type: log config: metadata: message: Unsuccessful request diff --git a/traffic-policy/examples/oauth-protection.mdx b/traffic-policy/examples/oauth-protection.mdx index bb68ccb3e5..fb38586760 100644 --- a/traffic-policy/examples/oauth-protection.mdx +++ b/traffic-policy/examples/oauth-protection.mdx @@ -37,8 +37,8 @@ Create this traffic policy file in the same directory where you run your ngrok a ```yaml policy.yml on_http_request: - - actions: - - type: oauth + - actions: + - type: oauth config: provider: google ``` @@ -131,14 +131,14 @@ This section includes two examples of how to apply these additional auth lifecyc ```yaml policy.yml on_http_request: - - expressions: + - expressions: - req.url.path == '/ngrok/logout' actions: - - type: redirect + - type: redirect config: location: /ngrok/login?auth_id=my-login - - actions: - - type: oauth + - actions: + - type: oauth config: provider: google auth_id: my-login diff --git a/traffic-policy/examples/rate-limit-requests.mdx b/traffic-policy/examples/rate-limit-requests.mdx index 0c43e80586..b15c22ed9c 100644 --- a/traffic-policy/examples/rate-limit-requests.mdx +++ b/traffic-policy/examples/rate-limit-requests.mdx @@ -66,11 +66,11 @@ This rule creates a lower rate limit for unauthenticated (likely free) users, wh ```yaml policy.yml on_http_request: - - expressions: + - expressions: - !('Authorization' in req.headers) name: Unauthorized rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 10 requests per minute algorithm: sliding_window @@ -78,11 +78,11 @@ on_http_request: rate: 60s bucket_key: - conn.client_ip - - expressions: + - expressions: - ('Authorization' in req.headers) name: Authorized rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 100 requests per minute algorithm: sliding_window @@ -151,11 +151,11 @@ This rule checks for a `Tier` header in the request and applies rate limiting ba ```yaml policy.yml on_http_request: - - expressions: + - expressions: - !('Tier' in req.headers) name: Free rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 10 requests per minute algorithm: sliding_window @@ -163,11 +163,11 @@ on_http_request: rate: 60s bucket_key: - conn.client_ip - - expressions: + - expressions: - getReqHeader('tier').exists(v, v.matches('(?i)bronze')) name: Bronze rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 100 requests per minute algorithm: sliding_window @@ -175,11 +175,11 @@ on_http_request: rate: 60s bucket_key: - conn.client_ip - - expressions: + - expressions: - getReqHeader('tier').exists(v, v.matches('(?i)silver')) name: Bronze rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 1000 requests per minute algorithm: sliding_window @@ -187,11 +187,11 @@ on_http_request: rate: 60s bucket_key: - conn.client_ip - - expressions: + - expressions: - getReqHeader('tier').exists(v, v.matches('(?i)gold')) name: Gold rate limiting tier actions: - - type: rate-limit + - type: rate-limit config: name: Allow 10000 requests per minute algorithm: sliding_window diff --git a/traffic-policy/examples/route-requests.mdx b/traffic-policy/examples/route-requests.mdx index da814bb07e..fba9093e14 100644 --- a/traffic-policy/examples/route-requests.mdx +++ b/traffic-policy/examples/route-requests.mdx @@ -26,9 +26,9 @@ This rule forwards requests from `https://*.example.com` to `https:// ```yaml policy.yml on_http_request: - - name: Route requests based on URL + - name: Route requests based on URL actions: - - type: forward-internal + - type: forward-internal config: url: https://${req.host.split(".example.com")[0]}.internal ``` @@ -62,7 +62,7 @@ This rule forwards requests containing a `X-Customer-Value: {CUSTOMER}` header t ```yaml policy.yml on_http_request: actions: - - type: forward-internal + - type: forward-internal config: url: https://${getReqHeader('X-Customer-Value')[0]}.internal ``` diff --git a/traffic-policy/examples/url-rewrites.mdx b/traffic-policy/examples/url-rewrites.mdx index 2bca788e3f..01876d98d1 100644 --- a/traffic-policy/examples/url-rewrites.mdx +++ b/traffic-policy/examples/url-rewrites.mdx @@ -14,10 +14,10 @@ This rule rewrites a user-friendly URL like ```yaml policy.yml on_http_request: - - expressions: + - expressions: - req.url.path.startsWith('/blog') actions: - - type: url-rewrite + - type: url-rewrite config: from: /blog/([0-9]+)/([a-zA-Z]+)/ to: /blog/index.php?p=$1&title=$2 diff --git a/traffic-policy/examples/user-agent-filtering.mdx b/traffic-policy/examples/user-agent-filtering.mdx index 134be325f8..e749778423 100644 --- a/traffic-policy/examples/user-agent-filtering.mdx +++ b/traffic-policy/examples/user-agent-filtering.mdx @@ -13,10 +13,10 @@ This rule delivers tailored content to Microsoft Edge users by matching on the ` ```yaml policy.yml on_http_request: - - expressions: + - expressions: - req.user_agent.name == 'Edge' actions: - - type: custom-response + - type: custom-response config: status_code: 200 body: Hello Edge User! @@ -51,10 +51,10 @@ You can also quickly block bots from your site by denying them by user-agent usi ```yaml policy.yml on_http_request: - - expressions: + - expressions: - req.user_agent.is_bot actions: - - type: deny + - type: deny config: status_code: 403 ``` diff --git a/universal-gateway/cloud-endpoints/forwarding-and-load-balancing.mdx b/universal-gateway/cloud-endpoints/forwarding-and-load-balancing.mdx index ddc5c54759..f15cea2e9e 100644 --- a/universal-gateway/cloud-endpoints/forwarding-and-load-balancing.mdx +++ b/universal-gateway/cloud-endpoints/forwarding-and-load-balancing.mdx @@ -114,8 +114,8 @@ and most common use cases: forwarding traffic to other endpoints ```yaml policy.yml on_http_request: - - actions: - - type: forward-internal + - actions: + - type: forward-internal config: url: https://your-domain-name.internal ``` diff --git a/universal-gateway/cloud-endpoints/routing-and-policy-decentralization.mdx b/universal-gateway/cloud-endpoints/routing-and-policy-decentralization.mdx index 97dc696ee5..29ea88b370 100644 --- a/universal-gateway/cloud-endpoints/routing-and-policy-decentralization.mdx +++ b/universal-gateway/cloud-endpoints/routing-and-policy-decentralization.mdx @@ -48,14 +48,14 @@ We will use a traffic policy to simulate accessing an API endpoint. ```yaml policy.yml on_http_request: - - expressions: + - expressions: - !(hasReqHeader('Api-Key')) actions: - - type: deny + - type: deny config: status_code: 404 - - actions: - - type: custom-response + - actions: + - type: custom-response config: status_code: 200 body:

Hello world

The quick brown fox jumps over the lazy dog.

@@ -186,15 +186,15 @@ full control over how traffic is handled. ```yaml policy.yml on_http_request: - - expressions: + - expressions: - req.url.path.startsWith('/api/') actions: - - type: forward-internal + - type: forward-internal config: url: https://api.internal binding: internal - - actions: - - type: forward-internal + - actions: + - type: forward-internal config: url: https://homepage.internal binding: internal