Documentation
Traffic management
Transformations
Decode base64 headers

Decode base64 headers

Combine multiple Inja functions to accomplish the following tasks:

  • Extract a base64-encoded value from a specific request header.
  • Decode the base64-encoded value.
  • Trim the decoded value and only capture everything starting from the 11th character.
  • Add the captured string as a response header.

Before you begin

  1. Follow the Get started guide to install kgateway.

  2. Follow the Sample app guide to create a gateway proxy with an HTTP listener and deploy the httpbin sample app.

  3. Get the external address of the gateway and save it in an environment variable. 

    export INGRESS_GW_ADDRESS=$(kubectl get svc -n kgateway-system http -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
echo $INGRESS_GW_ADDRESS  
    kubectl port-forward deployment/http -n kgateway-system 8080:8080

Decode base64 headers

  1. Encode a string to base64.

    echo -n "transformation test" | base64

    Example output:

    dHJhbnNmb3JtYXRpb24gdGVzdA==

  2. Create a TrafficPolicy resource with your transformation rules. Make sure to create the TrafficPolicyin the same namespace as the HTTPRoute resource. In the following example, you decode the base64-encoded value from the x-base64-encoded request header and populate the decoded value into an x-base64-decoded header starting from the 11th character.

    kubectl apply -f- <<EOF
apiVersion: gateway.kgateway.dev/v1alpha1
kind: TrafficPolicy
metadata:
  name: transformation
  namespace: httpbin
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: httpbin
  transformation:
    response:
      add:
      - name: x-base64-decoded
        value: '{{ substring(base64_decode(request_header("x-base64-encoded")), 11) }}'
EOF

  3. Send a request to the httpbin app and include your base64-encoded string in the x-base64-encoded request header. Verify that you get back a 200 HTTP response code and that you see the trimmed decoded value of your base64-encoded string in the x-base64-decoded response header.

    curl -vi http://$INGRESS_GW_ADDRESS:8080/response-headers \
 -H "host: www.example.com:8080" \
 -H "x-base64-encoded: dHJhbnNmb3JtYXRpb24gdGVzdA==" 
    curl -vi localhost:8080/response-headers \
-H "host: www.example.com" \
-H "x-base64-encoded: dHJhbnNmb3JtYXRpb24gdGVzdA=="

    Example output:

    * Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< access-control-allow-credentials: true
access-control-allow-credentials: true
< access-control-allow-origin: *
access-control-allow-origin: *
< content-type: application/json; encoding=utf-8
content-type: application/json; encoding=utf-8
< date: Wed, 26 Jun 2024 02:54:48 GMT
date: Wed, 26 Jun 2024 02:54:48 GMT
< content-length: 3
content-length: 3
< x-envoy-upstream-service-time: 2
x-envoy-upstream-service-time: 2
< server: envoy
server: envoy
< x-envoy-decorator-operation: httpbin.httpbin.svc.cluster.local:8000/*
x-envoy-decorator-operation: httpbin.httpbin.svc.cluster.local:8000/*
< x-base64-decoded: ion test
x-base64-decoded: ion test

Cleanup

You can remove the resources that you created in this guide. 
kubectl delete TrafficPolicy transformation -n httpbin
Inject response headersUpdate request paths and methods