@@ -29,6 +29,10 @@ import {
2929 RawRequest ,
3030 FakeRawRequest ,
3131} from '@kbn/core-http-server' ;
32+ import {
33+ ELASTIC_INTERNAL_ORIGIN_QUERY_PARAM ,
34+ X_ELASTIC_INTERNAL_ORIGIN_REQUEST ,
35+ } from '@kbn/core-http-common' ;
3236import { RouteValidator } from './validator' ;
3337import { isSafeMethod } from './route' ;
3438import { KibanaSocket } from './socket' ;
@@ -59,7 +63,13 @@ export class CoreKibanaRequest<
5963 withoutSecretHeaders : boolean = true
6064 ) {
6165 const routeValidator = RouteValidator . from < P , Q , B > ( routeSchemas ) ;
62- const requestParts = CoreKibanaRequest . validate ( req , routeValidator ) ;
66+ let requestParts : { params : P ; query : Q ; body : B } ;
67+ if ( isFakeRawRequest ( req ) ) {
68+ requestParts = { query : { } as Q , params : { } as P , body : { } as B } ;
69+ } else {
70+ const rawParts = CoreKibanaRequest . sanitizeRequest ( req ) ;
71+ requestParts = CoreKibanaRequest . validate ( rawParts , routeValidator ) ;
72+ }
6373 return new CoreKibanaRequest (
6474 req ,
6575 requestParts . params ,
@@ -69,50 +79,65 @@ export class CoreKibanaRequest<
6979 ) ;
7080 }
7181
82+ /**
83+ * We have certain values that may be passed via query params that we want to
84+ * exclude from further processing like validation. This method removes those
85+ * internal values.
86+ */
87+ private static sanitizeRequest < P , Q , B > (
88+ req : Request
89+ ) : { query : unknown ; params : unknown ; body : unknown } {
90+ const { [ ELASTIC_INTERNAL_ORIGIN_QUERY_PARAM ] : __ , ...query } = req . query ?? { } ;
91+ return {
92+ query,
93+ params : req . params ,
94+ body : req . payload ,
95+ } ;
96+ }
97+
7298 /**
7399 * Validates the different parts of a request based on the schemas defined for
74100 * the route. Builds up the actual params, query and body object that will be
75101 * received in the route handler.
76102 * @internal
77103 */
78104 private static validate < P , Q , B > (
79- req : RawRequest ,
105+ raw : { params : unknown ; query : unknown ; body : unknown } ,
80106 routeValidator : RouteValidator < P , Q , B >
81107 ) : {
82108 params : P ;
83109 query : Q ;
84110 body : B ;
85111 } {
86- if ( isFakeRawRequest ( req ) ) {
87- return { query : { } as Q , params : { } as P , body : { } as B } ;
88- }
89- const params = routeValidator . getParams ( req . params , 'request params' ) ;
90- const query = routeValidator . getQuery ( req . query , 'request query' ) ;
91- const body = routeValidator . getBody ( req . payload , 'request body' ) ;
112+ const params = routeValidator . getParams ( raw . params , 'request params' ) ;
113+ const query = routeValidator . getQuery ( raw . query , 'request query' ) ;
114+ const body = routeValidator . getBody ( raw . body , 'request body' ) ;
92115 return { query, params, body } ;
93116 }
94117
95- /** {@inheritDoc IKibanaRequest .id } */
118+ /** {@inheritDoc KibanaRequest .id } */
96119 public readonly id : string ;
97- /** {@inheritDoc IKibanaRequest .uuid } */
120+ /** {@inheritDoc KibanaRequest .uuid } */
98121 public readonly uuid : string ;
99- /** {@inheritDoc IKibanaRequest .url } */
122+ /** {@inheritDoc KibanaRequest .url } */
100123 public readonly url : URL ;
101- /** {@inheritDoc IKibanaRequest .route } */
124+ /** {@inheritDoc KibanaRequest .route } */
102125 public readonly route : RecursiveReadonly < KibanaRequestRoute < Method > > ;
103- /** {@inheritDoc IKibanaRequest .headers } */
126+ /** {@inheritDoc KibanaRequest .headers } */
104127 public readonly headers : Headers ;
105- /** {@inheritDoc IKibanaRequest .isSystemRequest } */
128+ /** {@inheritDoc KibanaRequest .isSystemRequest } */
106129 public readonly isSystemRequest : boolean ;
107- /** {@inheritDoc IKibanaRequest .socket } */
130+ /** {@inheritDoc KibanaRequest .socket } */
108131 public readonly socket : IKibanaSocket ;
109- /** {@inheritDoc IKibanaRequest .events } */
132+ /** {@inheritDoc KibanaRequest .events } */
110133 public readonly events : KibanaRequestEvents ;
111- /** {@inheritDoc IKibanaRequest .auth } */
134+ /** {@inheritDoc KibanaRequest .auth } */
112135 public readonly auth : KibanaRequestAuth ;
113- /** {@inheritDoc IKibanaRequest .isFakeRequest } */
136+ /** {@inheritDoc KibanaRequest .isFakeRequest } */
114137 public readonly isFakeRequest : boolean ;
115- /** {@inheritDoc IKibanaRequest.rewrittenUrl } */
138+ /** {@inheritDoc KibanaRequest.isInternalApiRequest } */
139+ public readonly isInternalApiRequest : boolean ;
140+ /** {@inheritDoc KibanaRequest.rewrittenUrl } */
116141 public readonly rewrittenUrl ?: URL ;
117142
118143 /** @internal */
@@ -139,7 +164,9 @@ export class CoreKibanaRequest<
139164 this . headers = isRealRawRequest ( request ) ? deepFreeze ( { ...request . headers } ) : request . headers ;
140165 this . isSystemRequest = this . headers [ 'kbn-system-request' ] === 'true' ;
141166 this . isFakeRequest = isFakeRawRequest ( request ) ;
142-
167+ this . isInternalApiRequest =
168+ X_ELASTIC_INTERNAL_ORIGIN_REQUEST in this . headers ||
169+ Boolean ( this . url ?. searchParams ?. has ( ELASTIC_INTERNAL_ORIGIN_QUERY_PARAM ) ) ;
143170 // prevent Symbol exposure via Object.getOwnPropertySymbols()
144171 Object . defineProperty ( this , requestSymbol , {
145172 value : request ,
0 commit comments