How to properly forward request/response payloads to a non blocking payload analysis endpoint?

[nulltoken]

What should we add or change to make your life better?

The Middleware doco states "Middleware should avoid interacting with the request or response bodies. Bodies are not buffered by default, so interacting with them can prevent them from reaching their destinations. While enabling buffering is possible, it's discouraged as it can add significant memory and latency overhead. Using a wrapped, streaming approach is recommended if the body must be examined or modified. See the ResponseCompression middleware for an example."

We understand this, however putting this together, while impacting the overall performance as little as possible, may be a little tricky.

Would there be any interest in providing such a sample, I'd be happy to work on this, while benefiting from your review, in order to provide the community with a best possible approach.

Why is this important to you?

As stated in the title, we're requested to transmit incoming/outgoing payloads to an external analysis endpoint (for audit/compliance reasons) and would like to do it as cleanly as possible.

[Tratcher]

I'd certainly collaborate with you on this.

Are you mirroring the whole request/response, or just the bodies? See #105.

The bodies are the difficult part.

Step 1: A middleware that wraps the request and response body streams, copies request fields and headers, and starts the mirroring.

Step 2: As request body data is read by the real application, the wrapper duplicates that data into a write-behind buffer to avoid slowing the main request. E.g. a Pipe. That buffer needs to be big enough to keep up. Decide what to do when it fills up. E.g. abandoning the mirror if it's too slow, or allow for a larger buffer.

Step 3: As response body data is written by the real application, the wrapper the wrapper duplicates that data into a write-behind buffer just like the request. Copy the response headers & fields just after the first write to the inner response stream, that's when they're final.

Step 4: When the request processing application ends, gracefully or otherwise, make sure to clean up the mirroring logic. Decide if you want to let it continue in the background (so long as it's no longer referencing any request/response structures), etc. but let the middleware exit quickly so you don't block processing new requests.