feat: add RUM SDK Injection (#93)

Author: dmehala

.circleci/continue_config.yml

@@ -19,12 +19,19 @@ jobs:
             ARCH: x86_64
             MAKE_JOB_COUNT: 8
             NGINX_VERSION: << parameters.nginx-version >>
+            RUM: << parameters.rum >>
             WAF: << parameters.waf >>
         machine:
             image: ubuntu-2204:current
         parameters:
             nginx-version:
                 type: string
+            rum:
+                default: "OFF"
+                enum:
+                    - "ON"
+                    - "OFF"
+                type: enum
             waf:
                 enum:
                     - "ON"
@@ -63,12 +70,19 @@ jobs:
             ARCH: aarch64
             MAKE_JOB_COUNT: 8
             NGINX_VERSION: << parameters.nginx-version >>
+            RUM: << parameters.rum >>
             WAF: << parameters.waf >>
         machine:
             image: ubuntu-2204:current
         parameters:
             nginx-version:
                 type: string
+            rum:
+                default: "OFF"
+                enum:
+                    - "ON"
+                    - "OFF"
+                type: enum
             waf:
                 enum:
                     - "ON"
@@ -139,6 +153,9 @@ jobs:
         steps:
             - checkout
             - run: git submodule sync && git submodule update --init --recursive
+            - run:
+                command: pip install -r requirements.txt
+                name: Install Python dependencies
             - run: echo -e "ARCH=amd64\nBASE_IMAGE=nginx:1.26.0\n" > nginx-version-info
             - run:
                 command: make coverage
@@ -160,7 +177,7 @@ jobs:
             - checkout
             - run:
                 command: |
-                    pip install yapf
+                    pip install -r requirements.txt
                     update-alternatives --install /usr/local/bin/yapf3 yapf3 /usr/local/bin/yapf 100
                 name: Install Python dependencies
             - run: make lint
@@ -232,6 +249,7 @@ jobs:
     test:
         environment:
             DOCKER_BUILDKIT: 1
+            RUM: << parameters.rum >>
             WAF: << parameters.waf >>
         executor:
             image: cimg/python:3.10.13
@@ -244,10 +262,22 @@ jobs:
                 type: string
             nginx-version:
                 type: string
+            rum:
+                default: "OFF"
+                enum:
+                    - "ON"
+                    - "OFF"
+                type: enum
             waf:
-                type: string
+                enum:
+                    - "ON"
+                    - "OFF"
+                type: enum
         steps:
             - checkout
+            - run:
+                command: pip install -r requirements.txt
+                name: Install Python dependencies
             - attach_workspace:
                 at: /tmp/workspace
             - run: mv -v /tmp/workspace/.musl-build/ngx_http_datadog_module.so* test/services/nginx/

.circleci/src/@jobs.yml

@@ -8,6 +8,12 @@ jobs:
         enum:
         - 'ON'
         - 'OFF'
+      rum:
+        type: enum
+        enum:
+        - 'ON'
+        - 'OFF'
+        default: 'OFF'
     steps:
     - checkout
     - run: git submodule sync && git submodule update --init --recursive
@@ -42,6 +48,7 @@ jobs:
       ARCH: x86_64
       MAKE_JOB_COUNT: 8
       WAF: "<< parameters.waf >>"
+      RUM: "<< parameters.rum >>"
       NGINX_VERSION: "<< parameters.nginx-version >>"
   build_arm64:
     parameters:
@@ -52,6 +59,12 @@ jobs:
         enum:
         - 'ON'
         - 'OFF'
+      rum:
+        type: enum
+        enum:
+        - 'ON'
+        - 'OFF'
+        default: 'OFF'
     steps:
     - checkout
     - run: git submodule sync && git submodule update --init --recursive
@@ -81,13 +94,17 @@ jobs:
       ARCH: aarch64
       MAKE_JOB_COUNT: 8
       WAF: "<< parameters.waf >>"
+      RUM: "<< parameters.rum >>"
       NGINX_VERSION: "<< parameters.nginx-version >>"
   coverage:
     environment:
       DOCKER_BUILDKIT: 1
     steps:
     - checkout
     - run: git submodule sync && git submodule update --init --recursive
+    - run:
+        name: Install Python dependencies
+        command: pip install -r requirements.txt
     - run: echo -e "ARCH=amd64\nBASE_IMAGE=nginx:1.26.0\n" > nginx-version-info
     - run:
         command: 'make coverage'
@@ -114,16 +131,29 @@ jobs:
       arch:
         type: string
       waf:
-        type: string
+        type: enum
+        enum:
+        - 'ON'
+        - 'OFF'
+      rum:
+        type: enum
+        enum:
+        - 'ON'
+        - 'OFF'
+        default: 'OFF'
     executor:
       name: docker-<< parameters.arch >>
       image: cimg/python:3.10.13
     environment:
       # https://github.com/containers/podman/issues/13889
       DOCKER_BUILDKIT: 1
       WAF: "<< parameters.waf >>"
+      RUM: "<< parameters.rum >>"
     steps:
     - checkout
+    - run:
+        name: Install Python dependencies
+        command: pip install -r requirements.txt
     - attach_workspace:
         at: "/tmp/workspace"
     - run: mv -v /tmp/workspace/.musl-build/ngx_http_datadog_module.so* test/services/nginx/
@@ -171,7 +201,7 @@ jobs:
     - run:
         name: Install Python dependencies
         command: |
-          pip install yapf
+          pip install -r requirements.txt
           update-alternatives --install /usr/local/bin/yapf3 yapf3 /usr/local/bin/yapf 100
     - run: make lint
   shellcheck:

CMakeLists.txt

@@ -11,6 +11,7 @@ set(NGINX_DATADOG_VERSION 1.3.0)
 project(ngx_http_datadog_module VERSION ${NGINX_DATADOG_VERSION})
 
 option(NGINX_DATADOG_ASM_ENABLED "Build with libddwaf" ON)
+option(NGINX_DATADOG_RUM_ENABLED "Build with RUM injection" OFF)
 set(NGINX_SRC_DIR "" CACHE PATH "The path to a directory with nginx sources")
 set(NGINX_VERSION "" CACHE STRING "The nginx version")
 if (NGINX_SRC_DIR STREQUAL "" AND NGINX_VERSION STREQUAL "")
@@ -19,18 +20,31 @@ endif()
 option(NGINX_PATCH_AWAY_LIBC "Patch away libc dependency" OFF)
 option(NGINX_COVERAGE "Add coverage instrumentation" OFF)
 
-message(STATUS "nginx-datadog version=[${NGINX_DATADOG_VERSION}]")
-if (NGINX_DATADOG_ASM_ENABLED)
-  message(STATUS "nginx-datadog products: tracing appsec")
-else ()
-  message(STATUS "nginx-datadog products: tracing")
+if (NGINX_DATADOG_RUM_ENABLED AND NGINX_DATADOG_ASM_ENABLED)
+  message(FATAL_ERROR "ASM and RUM features are mutually exclusive")
 endif ()
 
 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
   set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -ggdb -O0")
   set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -O0")
 endif()
 
+message(STATUS "nginx-datadog version=[${NGINX_DATADOG_VERSION}]")
+
+set(NGINX_DATADOG_PRODUCTS_LIST "tracing")
+if (NGINX_DATADOG_ASM_ENABLED)
+  list(APPEND NGINX_DATADOG_PRODUCTS_LIST "appsec")
+endif ()
+
+if (NGINX_DATADOG_RUM_ENABLED)
+  list(APPEND NGINX_DATADOG_PRODUCTS_LIST "rum-injection")
+endif ()
+
+list(JOIN NGINX_DATADOG_PRODUCTS_LIST " " NGINX_DATADOG_PRODUCTS)
+unset(NGINX_DATADOG_PRODUCTS_LIST)
+
+message(STATUS "nginx-datadog products: ${NGINX_DATADOG_PRODUCTS}")
+
 # Make curl link against a static zlib (requires cmake 3.24)
 set(ZLIB_USE_STATIC_LIBS ON)
 
@@ -78,6 +92,19 @@ if(NGINX_DATADOG_ASM_ENABLED)
   unset(ASM_RULES)
 endif()
 
+if(NGINX_DATADOG_RUM_ENABLED)
+  execute_process (
+    COMMAND cargo pkgid --package inject-browser-sdk --manifest-path "${CMAKE_CURRENT_SOURCE_DIR}/deps/inject-browser-sdk/Cargo.toml"
+    OUTPUT_VARIABLE RUM_SDK_INJECTOR_PKGID
+  )
+  string(REGEX REPLACE ".*@(.*)" "\\1" RUM_SDK_INJECTOR_VERSION ${RUM_SDK_INJECTOR_PKGID})
+  string(STRIP "${RUM_SDK_INJECTOR_VERSION}" RUM_SDK_INJECTOR_VERSION)
+
+  unset(RUM_SDK_INJECTOR_PKGID)
+
+  add_subdirectory(deps)
+endif()
+
 include(./cmake/generate_build_id.cmake)
 
 # Generate the build identifier.
@@ -125,6 +152,17 @@ if(NGINX_DATADOG_ASM_ENABLED)
     src/security/waf_remote_cfg.cpp)
   target_compile_definitions(ngx_http_datadog_module PRIVATE WITH_WAF)
 endif()
+if(NGINX_DATADOG_RUM_ENABLED)
+  target_sources(ngx_http_datadog_module
+    PRIVATE
+    src/rum/config.cpp
+    src/rum/injection.cpp
+  )
+  target_compile_definitions(ngx_http_datadog_module PRIVATE WITH_RUM)
+
+  target_link_libraries(ngx_http_datadog_module inject_browser_sdk)
+
+endif()
 
 if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
   target_compile_options(ngx_http_datadog_module PRIVATE -Wall -Werror)

Makefile

@@ -3,6 +3,7 @@
 BUILD_DIR ?= .build
 BUILD_TYPE ?= RelWithDebInfo
 WAF ?= OFF
+RUM ?= OFF
 MAKE_JOB_COUNT ?= $(shell nproc)
 PWD ?= $(shell pwd)
 NGINX_SRC_DIR ?= $(PWD)/nginx
@@ -17,7 +18,7 @@ SHELL := /bin/bash
 build: build-deps sources
 	# -DCMAKE_C_FLAGS=-I/opt/homebrew/Cellar/pcre2/10.42/include/ -DCMAKE_CXX_FLAGS=-I/opt/homebrew/Cellar/pcre2/10.42/include/ -DCMAKE_LDFLAGS=-L/opt/homebrew/Cellar/pcre2/10.42/lib -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang
 	cmake -B$(BUILD_DIR) -DNGINX_SRC_DIR=$(NGINX_SRC_DIR) \
-		-DNGINX_COVERAGE=$(COVERAGE) -DCMAKE_BUILD_TYPE=$(BUILD_TYPE) -DNGINX_DATADOG_ASM_ENABLED=$(WAF) . \
+		-DNGINX_COVERAGE=$(COVERAGE) -DCMAKE_BUILD_TYPE=$(BUILD_TYPE) -DNGINX_DATADOG_ASM_ENABLED=$(WAF) -DNGINX_DATADOG_RUM_ENABLED=$(RUM) . \
 		&& cmake --build $(BUILD_DIR) -j $(MAKE_JOB_COUNT) -v
 	chmod 755 $(BUILD_DIR)/ngx_http_datadog_module.so
 	@echo 'build successful 👍'
@@ -98,6 +99,7 @@ build-musl:
 		--env BUILD_TYPE=$(BUILD_TYPE) \
 		--env NGINX_VERSION=$(NGINX_VERSION) \
 		--env WAF=$(WAF) \
+		--env RUM=$(RUM) \
 		--env COVERAGE=$(COVERAGE) \
 		--mount "type=bind,source=$(PWD),destination=/mnt/repo" \
 		$(DOCKER_REPOS):latest \
@@ -112,6 +114,7 @@ build-musl-aux:
 		-DCMAKE_BUILD_TYPE=$(BUILD_TYPE) \
 		-DNGINX_VERSION="$(NGINX_VERSION)" \
 		-DNGINX_DATADOG_ASM_ENABLED="$(WAF)" . \
+		-DNGINX_DATADOG_RUM_ENABLED="$(RUM)" . \
 		-DNGINX_COVERAGE=$(COVERAGE) \
 		&& cmake --build .musl-build -j $(MAKE_JOB_COUNT) -v
 

build_env/Dockerfile

@@ -69,3 +69,8 @@ RUN clang --sysroot /sysroot/${ARCH}-none-linux-musl/ -fpie -O2 -fno-omit-frame-
 
 # Install dependencies for nginx
 RUN apk add --no-cache pcre-dev pcre2-dev zlib-dev openssl-dev perl
+
+# Install Rust toolchain
+RUN apk add curl 
+RUN curl –proto ‘=https’ –tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -yq \
+  && ln -s ~/.cargo/bin/cargo /usr/bin/cargo

deps/CMakeLists.txt

@@ -0,0 +1,10 @@
+include(corrosion.cmake)
+
+corrosion_import_crate(MANIFEST_PATH inject-browser-sdk/lib/Cargo.toml)
+
+corrosion_experimental_cbindgen(
+  TARGET inject_browser_sdk
+  HEADER_NAME injectbrowsersdk.h
+  FLAGS --config ${CMAKE_SOURCE_DIR}/deps/cbindgen.toml
+)
+

deps/cbindgen.toml

@@ -0,0 +1,4 @@
+language = "C++"
+
+pragma_once = true
+include_version = false

deps/corrosion.cmake

@@ -0,0 +1,9 @@
+include(FetchContent)
+
+FetchContent_Declare(
+    Corrosion
+    GIT_REPOSITORY https://github.com/corrosion-rs/corrosion.git
+    GIT_TAG v0.5 # Optionally specify a commit hash, version tag or branch here
+)
+# Set any global configuration variables such as `Rust_TOOLCHAIN` before this line!
+FetchContent_MakeAvailable(Corrosion)

requirements.txt

@@ -0,0 +1,2 @@
+werkzeug==3.0.3
+yapf==0.40.2

src/datadog_conf.h

@@ -12,6 +12,9 @@ extern "C" {
 
 #include <datadog/propagation_style.h>
 #include <datadog/trace_sampler_config.h>
+#ifdef WITH_RUM
+#include <injectbrowsersdk.h>
+#endif
 
 #include <string>
 #include <vector>
@@ -222,6 +225,11 @@ struct datadog_loc_conf_t {
 #ifdef WITH_WAF
   ngx_thread_pool_t *waf_pool{nullptr};
 #endif
+
+#ifdef WITH_RUM
+  ngx_flag_t rum_enable;
+  Snippet *rum_snippet;
+#endif
 };
 
 }  // namespace nginx