From 8f731b414953a8006182d8bcf6ff5f696c55814a Mon Sep 17 00:00:00 2001
From: Artem Konotopchyk <a.konotopchyk@dev-branch.com>
Date: Fri, 26 Dec 2025 15:38:06 +0200
Subject: [PATCH 1/2] Add preprocess function to avoid 400 error why loading
 requests

---
 solr-security-proxy.js | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/solr-security-proxy.js b/solr-security-proxy.js
index df63756..7f1e596 100644
--- a/solr-security-proxy.js
+++ b/solr-security-proxy.js
@@ -6,6 +6,29 @@ var httpProxy = require('http-proxy'),
     optimist = require('optimist'),
     SolrSecurityProxy = exports;
 
+/*
+ * Preprocess query parameters to handle Solr local parameters containing special symbols
+ */
+function preprocessQueryParams(query) {
+  var processedQuery = {};
+  Object.keys(query).forEach(function(key) {
+    if (key === 'facet.field') {
+      // Handle facet.field as string or array
+      var fields = Array.isArray(query[key]) ? query[key] : [query[key]];
+      processedQuery[key] = fields.map(function(field) {
+        if (typeof field === 'string' && field.match(/^{!.*}/)) {
+          var match = field.match(/^{!.*?}(.*)$/);
+          return match ? match[1] : field; // Extract field name
+        }
+        return field;
+      });
+    } else {
+      processedQuery[key] = query[key];
+    }
+  });
+  return processedQuery;
+}
+
 /*
  * Returns true if the request satisfies the following conditions:
  *  - HTTP method (eg. GET,POST,..) is not in options.invalidHttpMethods
@@ -13,12 +36,17 @@ var httpProxy = require('http-proxy'),
  *  - All request query params (eg ?q=, ?stream.url=) not in options.invalidParams
  */
 var validateRequest = function(request, options) {
-  var parsedUrl = url.parse(request.url, true),
-      path = parsedUrl.pathname,
+  var parsedUrl = url.parse(request.url, true);
+  parsedUrl.query = preprocessQueryParams(parsedUrl.query); // Preprocess query params
+  request.url = url.format({
+    pathname: parsedUrl.pathname,
+    query: parsedUrl.query
+  });
+  var path = parsedUrl.pathname,
       queryParams = Object.keys(parsedUrl.query);
 
   return options.invalidHttpMethods.indexOf(request.method) === -1 &&
-         options.validPaths.indexOf(parsedUrl.pathname) !== -1 &&
+         options.validPaths.indexOf(path) !== -1 &&
          queryParams.every(function(p) {
            var paramPrefix = p.split('.')[0]; // invalidate not just "stream", but "stream.*"
            return options.invalidParams.indexOf(paramPrefix) === -1;

From ea9097853ecb959649d4d302ef24adbadcab7ff8 Mon Sep 17 00:00:00 2001
From: Artem Konotopchyk <a.konotopchyk@dev-branch.com>
Date: Mon, 2 Feb 2026 15:16:45 +0000
Subject: [PATCH 2/2] Update solr-security-proxy.js

---
 solr-security-proxy.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/solr-security-proxy.js b/solr-security-proxy.js
index 7f1e596..12ded7f 100644
--- a/solr-security-proxy.js
+++ b/solr-security-proxy.js
@@ -18,7 +18,7 @@ function preprocessQueryParams(query) {
       processedQuery[key] = fields.map(function(field) {
         if (typeof field === 'string' && field.match(/^{!.*}/)) {
           var match = field.match(/^{!.*?}(.*)$/);
-          return match ? match[1] : field; // Extract field name
+          return match ? match[1] : field;
         }
         return field;
       });
@@ -37,7 +37,7 @@ function preprocessQueryParams(query) {
  */
 var validateRequest = function(request, options) {
   var parsedUrl = url.parse(request.url, true);
-  parsedUrl.query = preprocessQueryParams(parsedUrl.query); // Preprocess query params
+  parsedUrl.query = preprocessQueryParams(parsedUrl.query);
   request.url = url.format({
     pathname: parsedUrl.pathname,
     query: parsedUrl.query