I have a few js middlewares that I’m using in both pre- and post-processing scenarios. I know they’re being called, because log messages show up successfully in the logs, but for some reason, I only seem to be able to set a single cookie, one time, in the pre-processing middleware. If I try to do request.ReturnOverrides.ResponseHeaders in the post-processing middleware, nothing ever sets, not arbitrary headers, not “Set-Cookie”, nothing. Any ideas as to what I’m doing wrong??
Hi @daisieh,
Looks like you need to set a response code since you intend to terminate the request there.
if (tokenCookie != undefined) {
var refreshToken = tokenCookie.split("=")[1];
result = exchangeRefreshTokenForIdToken(refreshToken, request, spec);
if (result != undefined) {
request.ReturnOverrides.ResponseCode = <some-code>
request.ReturnOverrides.ResponseHeaders = {
"Set-Cookie": result
}
return frontendAuthMiddleware.ReturnData(request, session.meta_data);
}
}
Is setting ReturnOverrides.ResponseHeaders the best way to set a cookie value in the first place? I can’t tell if that’s my only option here.
Yes, since you intend to finish the request lifecycle and return a response with custom payload & headers to the requestor. [1]
Did setting the response code at that point work for you?
In my tests, I find that the request is not terminated if responseCode is not set, but is proxied upstream and request.ReturnOverrides.ResponseHeaders is ignored.
I think that the problem is that I do want to pass the request upstream; I just also want to update this cookie value. Is there a way to do that?
Yes certainly. Add a request header using this instead:
request.SetHeaders["Set-Cookie"] = result
ReturnOverrides are useful if you intend to finish the request lifecycle at a point
I feel like I’m going in circles! When I do that, the cookie value doesn’t update.
What’s your GW version?
Are you able to share your API definition?
We’re running 3.2.3, and the api definition is as follows:
{
"api_id": "41",
"name": "candig-data-portal",
"use_openid": true,
"active": true,
"slug": "candig-data-portal",
"enable_signature_checking": false,
"jwt_issued_at_validation_skew": 0,
"jwt_expires_at_validation_skew": 0,
"upstream_certificates": {},
"use_keyless": false,
"enable_coprocess_auth": false,
"base_identity_provided_by": "",
"proxy": {
"target_url": "http://candig-data-portal:3000",
"strip_listen_path": true,
"disable_strip_slash": false,
"listen_path": "/",
"transport": {
"ssl_insecure_skip_verify": false,
"ssl_ciphers": [],
"ssl_min_version": 0,
"proxy_url": ""
},
"target_list": [],
"preserve_host_header": false
},
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"use_extended_paths": true
}
},
"extended_paths": {
"ignored": [
{
"path": "/auth/login",
"method_actions": {
"GET": {
"action": "no_action",
"code": 200,
"headers": {}
}
}
}
]
}
},
"custom_middleware": {
"pre": [
{
"name": "frontendAuthMiddleware",
"path": "/opt/tyk-gateway/middleware/frontendAuthMiddleware.js",
"require_session": false
}
],
"post": [
{
"name": "permissionsStoreMiddleware",
"path": "/opt/tyk-gateway/middleware/permissionsStoreMiddleware.js",
"require_session": true
}
],
"id_extractor": {
"extract_with": "",
"extract_from": "",
"extractor_config": {}
},
"driver": "",
"auth_check": {
"path": "",
"require_session": false,
"name": ""
},
"post_key_auth": [],
"response": []
},
"config_data": {
"SESSION_ENDPOINTS": [
"/data-portal"
],
"TYK_SERVER": "http://docker.localhost:5080",
"KEYCLOAK_SECRET": "4214ef5b-4786-4608-826a-2c33d9c67f38",
"KEYCLOAK_REALM": "candig",
"KEYCLOAK_CLIENT_ID": "local_candig",
"KEYCLOAK_PRIVATE_URL": "http://docker.localhost:8080",
"VAULT_SERVICE_URL":"http://vault:8200",
"VAULT_SERVICE_RESOURCE":"/v1/auth/jwt/login",
"VAULT_ROLE":"researcher"
},
"openid_options": {
"segregate_by_client": false,
"providers": [
{
"issuer": "http://docker.localhost:8080/auth/realms/candig",
"client_ids": {
"bG9jYWxfY2FuZGln": "candig_policy"
}
}
]
},
"definition": {
"location": "header",
"key": "x-api-version"
},
"internal": false,
"jwt_skip_kid": false,
"enable_batch_request_support": false,
"response_processors": [],
"use_mutual_tls_auth": false,
"basic_auth": {
"disable_caching": false,
"cache_ttl": 0,
"extract_from_body": false,
"body_user_regexp": "",
"body_password_regexp": ""
},
"use_standard_auth": false,
"session_lifetime": 0,
"use_oauth2": false,
"jwt_source": "",
"jwt_signing_method": "",
"jwt_not_before_validation_skew": 0,
"jwt_identity_base_field": "",
"session_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"auth": {
"use_param": false,
"param_name": "",
"use_cookie": false,
"cookie_name": "",
"auth_header_name": "",
"use_certificate": false,
"validate_signature": false,
"signature": {
"algorithm": "",
"header": "",
"secret": "",
"allowed_clock_skew": 0,
"error_code": 0,
"error_message": ""
}
}
}
Apologies, the gateway logs as well, when you call the API. With log_level set to debug.
Apologies for the excess logging: I wasn’t sure how much you needed.
time="Nov 16 20:43:51" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631431897749395
time="Nov 16 20:43:51" level=debug msg="Running: frontendAuthMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=info msg="Running Frontend Authorization JSVM middleware " prefix=jsvm type=log-msg
time="Nov 16 20:43:51" level=debug msg="JSVM middleware execution took: (ns) 5318001" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=666 mw=DynamicMiddleware ns=5671925 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=VersionCheck org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431910867561
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=VersionCheck ns=62799 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=RateCheckMW org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431910987759
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=RateCheckMW ns=161962 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431911166166
time="Nov 16 20:43:51" level=debug msg="Error trying to get value:redis: nil"
time="Nov 16 20:43:51" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key=-- prefix=auth-mgr
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=OrganizationMonitor ns=517613 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Started api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login" ts=1668631431911801356
time="Nov 16 20:43:51" level=debug msg="Running: loginHandler" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=info msg="Virtual Login Handler" prefix=jsvm type=log-msg
time="Nov 16 20:43:51" level=debug msg="JSVM Virtual Endpoint execution took: (ns) 5854978" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:51" level=debug msg=Finished api_id=11 api_name=authentication code=666 mw=VirtualEndpoint ns=6108837 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=VersionCheck org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436514717198
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=VersionCheck ns=132059 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=RateCheckMW org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436514982121
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=RateCheckMW ns=161834 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436515298785
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=200 mw=OrganizationMonitor ns=136924 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login" ts=1668631436515491125
time="Nov 16 20:43:56" level=debug msg="Running: loginHandler" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=info msg="Virtual Login Handler" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM Virtual Endpoint execution took: (ns) 51711324" api_id=11 api_name=authentication mw=VirtualEndpoint org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=11 api_name=authentication code=666 mw=VirtualEndpoint ns=52305596 org_id= origin=10.10.1.1 path="/auth/login"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436573696788
time="Nov 16 20:43:56" level=debug msg="Running: frontendAuthMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=info msg="Running Frontend Authorization JSVM middleware " prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM middleware execution took: (ns) 31725020" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=DynamicMiddleware ns=32104527 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=VersionCheck org_id= origin=10.10.1.1 path="/" ts=1668631436605916870
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=VersionCheck ns=395590 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=RateCheckMW org_id= origin=10.10.1.1 path="/" ts=1668631436606433215
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=RateCheckMW ns=136121 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=OrganizationMonitor org_id= origin=10.10.1.1 path="/" ts=1668631436606685317
time="Nov 16 20:43:56" level=debug msg="Error trying to get value:redis: nil"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key=-- prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=OrganizationMonitor ns=697562 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/" ts=1668631436607521680
time="Nov 16 20:43:56" level=debug msg="Setting up providers: [{http://docker.localhost:8080/auth/realms/candig map[bG9jYWxfY2FuZGln:candig_policy]}]" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Setting up Issuer: http://docker.localhost:8080/auth/realms/candig" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="--> Setting up client: local_candig with policy: candig_policy" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Generated Session ID: fdc208053164507cae38a5577d293525" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Querying local cache" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Querying keystore" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key="****3525" prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg="Querying authstore" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Could not get session detail, key not found" err="key not found" inbound-key="****3525" prefix=auth-mgr
time="Nov 16 20:43:56" level=debug msg="Key does not exist, creating" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Policy applied to key" api_id=41 api_name=candig-data-portal mw=OpenIDMW org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=OpenIDMW ns=30046257 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=KeyExpired org_id= origin=10.10.1.1 path="/" ts=1668631436637679524
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=KeyExpired ns=163094 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=AccessRightsCheck org_id= origin=10.10.1.1 path="/" ts=1668631436637888197
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=AccessRightsCheck ns=96125 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=GranularAccessMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436638009656
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=GranularAccessMiddleware ns=13882 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=RateLimitAndQuotaCheck org_id= origin=10.10.1.1 path="/" ts=1668631436638040656
time="Nov 16 20:43:56" level=debug msg="[QUOTA] Quota limiter key is: quota-00000000"
time="Nov 16 20:43:56" level=debug msg="Renewing with TTL: 3600"
time="Nov 16 20:43:56" level=debug msg="Incremented key: quota-00000000, val is: 1"
time="Nov 16 20:43:56" level=debug msg="--> Setting Expire"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=RateLimitAndQuotaCheck ns=619009 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/" ts=1668631436638726004
time="Nov 16 20:43:56" level=debug msg="Running: permissionsStoreMiddleware" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=info msg="Running Permissions Store JSVM middleware" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=info msg="username=user1" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=debug msg="JSVM middleware execution took: (ns) 17811658" api_id=41 api_name=candig-data-portal mw=DynamicMiddleware org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal code=200 mw=DynamicMiddleware ns=18011698 org_id= origin=10.10.1.1 path="/"
time="Nov 16 20:43:56" level=debug msg="Started proxy"
time="Nov 16 20:43:56" level=debug msg="Stripping: /"
time="Nov 16 20:43:56" level=debug msg="Upstream Path is: "
time="Nov 16 20:43:56" level=debug msg=Started api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id= ts=1668631436656839856
time="Nov 16 20:43:56" level=debug msg="Upstream request URL: " api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Outbound request URL: http://candig-data-portal:3000" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Creating new transport" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg="Out request url: http://candig-data-portal:3000" api_id=41 api_name=candig-data-portal mw=ReverseProxy org_id=
time="Nov 16 20:43:56" level=debug msg=Finished api_id=41 api_name=candig-data-portal mw=ReverseProxy ns=4806201 org_id=
time="Nov 16 20:43:56" level=debug msg="Upstream request took (ms): 4.923923"
time="Nov 16 20:43:56" level=debug msg="Done proxy"
Hi @daisieh,
Really sorry, this fell through the cracks.
How are you coming along?
Can you provide here (not in Github), the current state of the middlewares and API definition if you still need help with this.
Hi, yes, I’m still having the same problems as before: I haven’t worked on this since I posted the gateway log above. When I use request.SetHeaders["Set-Cookie"] = result, the cookie does not get set.
if (result != undefined) {
request.SetHeaders["Set-Cookie"] = setCookie(result, spec)
return frontendAuthMiddleware.ReturnData(request, session.meta_data);
}
and setCookie looks like:
function setCookie(token, spec) {
var cookie = "session_id=" + token
cookie += ";Path=/"
cookie += ";Max-Age=" + spec.config_data.MAX_TOKEN_AGE
cookie += ";HttpOnly"
if (spec.config_data.USE_SSL) {
cookie += ";Secure"
}
return cookie
}
Hi @daisieh,
In my tests, the “Set-Cookie” header is added to the request when I use request.SetHeaders[“Set-Cookie”]. I’ve used httpbin.org as my upstream and inspected the headers received.
I’ve tried to recreate as close as possible to your setup, using pre and post-middleware in the API definition, using the setCookie function to assign the value, and adding headers in those parts of the request lifecycle, and it works fine.
I’m not sure why it isn’t working for you. 
This might not be it, but in the logs you shared the other time, I see
time="Nov 16 20:43:56" level=info msg="Running Permissions Store JSVM middleware" prefix=jsvm type=log-msg
time="Nov 16 20:43:56" level=info msg="username=user1" prefix=jsvm type=log-msg
But I can’t find where in permissionsStoreMiddleware(from the Github repo you linked) you log “username”.
Is it possible the gateway is loading and using another Javascript file? Or changes you make are not being persisted?