[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add the function to hide header for key-auth plugin #6670

Merged
merged 17 commits into from
Apr 6, 2022
Merged

feat: Add the function to hide header for key-auth plugin #6670

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
4dfabc9
feat: Add the function of hiding header for key-auth plugin
bin-ya Mar 21, 2022
9be27cc
Merge branch 'master' of https://github.com/apache/apisix into key-au…
bin-ya Mar 21, 2022
7f47a59
merge maste
bin-ya Mar 21, 2022
31fdc62
fix ci
bin-ya Mar 22, 2022
c766814
fix key-auth.md
bin-ya Mar 25, 2022
8f6db40
modify information
bin-ya Mar 27, 2022
17fb9ab
fix previous error
bin-ya Mar 27, 2022
02cbe96
Merge branch 'master' of https://github.com/apache/apisix into key-au…
bin-ya Mar 27, 2022
4022efd
Merge branch 'master' of https://github.com/apache/apisix into key-au…
bin-ya Mar 29, 2022
448ce8f
fix ci
bin-ya Mar 29, 2022
faea26e
modify format
bin-ya Mar 29, 2022
2658e4d
Merge branch 'key-auth-plugin-uograde' of https://github.com/bin-ya/a…
bin-ya Mar 30, 2022
5cb6ae5
Add the function of hiding query information
bin-ya Apr 1, 2022
5d1f8d3
fix ci
bin-ya Apr 1, 2022
a02d7ad
modify hidden information and add test
bin-ya Apr 2, 2022
97d754a
fix key-auth.t
bin-ya Apr 2, 2022
a3a4ff9
modify key-auth.t
bin-ya Apr 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions apisix/plugins/key-auth.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ local schema = {
type = "string",
default = "apikey",
},
hide_credentials = {
type = "boolean",
default = false,
}
},
}

Expand Down Expand Up @@ -110,6 +114,10 @@ function _M.rewrite(conf, ctx)
end
core.log.info("consumer: ", core.json.delay_encode(consumer))

if conf.hide_credentials then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should remove the key according to where the key comes from.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I will.

core.request.set_header(ctx, conf.header, nil)
end

consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
core.log.info("hit key-auth rewrite")
end
Expand Down
1 change: 1 addition & 0 deletions docs/en/latest/plugins/key-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ For route side:
| ---- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------- |
| header | string | optional | apikey | | the header we get the key from |
| query | string | optional | apikey | | the query string we get the key from, which priority is lower than `header` |
| hide_credentials | bool | optional | false | | Whether to pass the request headers to the upstream. |

## How To Enable

Expand Down
1 change: 1 addition & 0 deletions docs/zh/latest/plugins/key-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ router 端配置:
| ---- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------- |
| header | string | 可选| apikey | | 设置我们从哪个 header 获取 key。 |
| query | string | 可选 | apikey | | 设置我们从哪个 query string 获取 key,优先级低于 `header` |
| hide_credentials | bool | 可选 | false | | 是否将请求头传递给 upstream。 |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| hide_credentials | bool | 可选 | false | | 是否将请求头传递给 upstream。 |
| hide_credentials | bool | 可选 | false | | 是否将含有认证信息的请求头传递给 upstream。 |

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok


## 如何启用

Expand Down
100 changes: 100 additions & 0 deletions t/plugin/key-auth.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,103 @@ GET /hello?auth=auth-one
hello world
--- no_error_log
[error]



=== TEST 14: enable key auth plugin using admin api, set hide_credentials = false
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"key-auth": {
"hide_credentials": false
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/echo"
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- no_error_log
[error]



=== TEST 15: verify apikey request header should not hidden
--- request
GET /echo
--- more_headers
apikey: auth-one
--- response_headers
apikey: auth-one
--- no_error_log
[error]



=== TEST 16: add key auth plugin using admin api, set hide_credentials = true
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"key-auth": {
"hide_credentials": true
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/echo"
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- no_error_log
[error]



=== TEST 17: verify apikey request header is hidden
--- request
GET /echo
--- more_headers
apikey: auth-one
--- response_headers
!apikey
--- no_error_log
[error]