dergachev · konot-db · Dec 26, 2025 · Feb 2, 2026
diff --git a/solr-security-proxy.js b/solr-security-proxy.js
@@ -6,19 +6,47 @@ var httpProxy = require('http-proxy'),
     optimist = require('optimist'),
     SolrSecurityProxy = exports;
 
+/*
+ * Preprocess query parameters to handle Solr local parameters containing special symbols
+ */
+function preprocessQueryParams(query) {
+  var processedQuery = {};
+  Object.keys(query).forEach(function(key) {
+    if (key === 'facet.field') {
+      // Handle facet.field as string or array
+      var fields = Array.isArray(query[key]) ? query[key] : [query[key]];
+      processedQuery[key] = fields.map(function(field) {
+        if (typeof field === 'string' && field.match(/^{!.*}/)) {
+          var match = field.match(/^{!.*?}(.*)$/);
+          return match ? match[1] : field;
+        }
+        return field;
+      });
+    } else {
+      processedQuery[key] = query[key];
+    }
+  });
+  return processedQuery;
+}
+
 /*
  * Returns true if the request satisfies the following conditions:
  *  - HTTP method (eg. GET,POST,..) is not in options.invalidHttpMethods
  *  - Path (eg. /solr/update) is in options.validPaths
  *  - All request query params (eg ?q=, ?stream.url=) not in options.invalidParams
  */
 var validateRequest = function(request, options) {
-  var parsedUrl = url.parse(request.url, true),
-      path = parsedUrl.pathname,
+  var parsedUrl = url.parse(request.url, true);
+  parsedUrl.query = preprocessQueryParams(parsedUrl.query);
+  request.url = url.format({
+    pathname: parsedUrl.pathname,
+    query: parsedUrl.query
+  });
+  var path = parsedUrl.pathname,
       queryParams = Object.keys(parsedUrl.query);
 
   return options.invalidHttpMethods.indexOf(request.method) === -1 &&
-         options.validPaths.indexOf(parsedUrl.pathname) !== -1 &&
+         options.validPaths.indexOf(path) !== -1 &&
          queryParams.every(function(p) {
            var paramPrefix = p.split('.')[0]; // invalidate not just "stream", but "stream.*"
            return options.invalidParams.indexOf(paramPrefix) === -1;