feat: Add the function to hide header for key-auth plugin #6670
Conversation
|
Let's merge master to make CI pass. |
…th-plugin-uograde Conflicts: docs/en/latest/plugins/key-auth.md docs/zh/latest/plugins/key-auth.md
apisix/plugins/key-auth.lua
Outdated
| @@ -110,6 +114,10 @@ function _M.rewrite(conf, ctx) | |||
| end | |||
| core.log.info("consumer: ", core.json.delay_encode(consumer)) | |||
|
|
|||
| if conf.hide_credentials then | |||
| core.request.set_header(ctx, "apikey", nil) | |||
There was a problem hiding this comment.
| core.request.set_header(ctx, "apikey", nil) | |
| core.request.set_header(ctx, conf.header, nil) |
docs/en/latest/plugins/key-auth.md
Outdated
| @@ -41,6 +41,7 @@ For route side: | |||
| | ---- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------- | | |||
| | header | string | optional | apikey | | the header we get the key from | | |||
| | query | string | optional | apikey | | the query string we get the key from, which priority is lower than `header` | | |||
| | hide_credentials | bool | optional | false | | Whether to pass the apikey request headers to the upstream. | | |||
There was a problem hiding this comment.
It's confusing, the header is not necessary to be "apikey", it's specified by the header. Also, the query should also be removed.
There was a problem hiding this comment.
Query is the content modified by others. Can I delete it?
There was a problem hiding this comment.
You should only handle the query that used to carry the credential.
|
oo, another file conflict @bin-ya |
docs/zh/latest/plugins/key-auth.md
Outdated
| @@ -41,6 +41,7 @@ router 端配置: | |||
| | ---- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------- | | |||
| | header | string | 可选| apikey | | 设置我们从哪个 header 获取 key。 | | |||
| | query | string | 可选 | apikey | | 设置我们从哪个 query string 获取 key,优先级低于 `header` | | |||
| | hide_credentials | bool | 可选 | false | | 是否将请求头传递给 upstream。 | | |||
There was a problem hiding this comment.
| | hide_credentials | bool | 可选 | false | | 是否将请求头传递给 upstream。 | | |
| | hide_credentials | bool | 可选 | false | | 是否将含有认证信息的请求头传递给 upstream。 | |
|
File conflicts have not been resolved @bin-ya |
…th-plugin-uograde Conflicts: docs/zh/latest/plugins/key-auth.md
…th-plugin-uograde Conflicts: docs/zh/latest/plugins/key-auth.md
…pisix into key-auth-plugin-uograde
| @@ -110,6 +114,10 @@ function _M.rewrite(conf, ctx) | |||
| end | |||
| core.log.info("consumer: ", core.json.delay_encode(consumer)) | |||
|
|
|||
| if conf.hide_credentials then | |||
There was a problem hiding this comment.
We should remove the key according to where the key comes from.
apisix/plugins/key-auth.lua
Outdated
| core.request.get_uri_args(ctx) | ||
| core.request.set_uri_args(ctx, {}) |
There was a problem hiding this comment.
What is the purpose of doing this?
There was a problem hiding this comment.
Hide information from query
There was a problem hiding this comment.
I think we don't necessary to remove the all query params
If the key is in the header, we only need to delete the key in the headers.
If the key is in the query, we only need to delete the key in the query params.
cc @spacewander right?
There was a problem hiding this comment.
Yes, we should only remove the key.
There was a problem hiding this comment.
OK, I'll revise it right away.
Description
Add the function of hiding header for key-auth plugin
Checklist