You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/01/24 07:11:10 UTC
[apisix] branch master updated: feat: add public api plugin (#6145)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new f81788b feat: add public api plugin (#6145)
f81788b is described below
commit f81788bdb06518ce1411e3ac624311c23cd56a4f
Author: Zeping Bai <bz...@apache.org>
AuthorDate: Mon Jan 24 15:11:05 2022 +0800
feat: add public api plugin (#6145)
---
apisix/init.lua | 24 +++--
apisix/plugins/public-api.lua | 58 +++++++++++
conf/config-default.yaml | 1 +
t/admin/plugins.t | 1 +
t/plugin/plugin.t | 15 +++
t/plugin/public-api.t | 237 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 325 insertions(+), 11 deletions(-)
diff --git a/apisix/init.lua b/apisix/init.lua
index f5ef0c4..e603a40 100644
--- a/apisix/init.lua
+++ b/apisix/init.lua
@@ -373,21 +373,23 @@ function _M.http_access_phase()
api_ctx.var.real_request_uri = api_ctx.var.request_uri
api_ctx.var.request_uri = api_ctx.var.uri .. api_ctx.var.is_args .. (api_ctx.var.args or "")
- if router.api.has_route_not_under_apisix() or
- core.string.has_prefix(uri, "/apisix/")
- then
- local skip = local_conf and local_conf.apisix.global_rule_skip_internal_api
- local matched = router.api.match(api_ctx, skip)
- if matched then
- return
- end
- end
-
router.router_http.match(api_ctx)
local route = api_ctx.matched_route
if not route then
- -- run global rule
+ -- whether the public API run global rules is
+ -- controlled by the configuration file
+ if router.api.has_route_not_under_apisix() or
+ core.string.has_prefix(uri, "/apisix/")
+ then
+ local skip = local_conf and local_conf.apisix.global_rule_skip_internal_api
+ local matched = router.api.match(api_ctx, skip)
+ if matched then
+ return
+ end
+ end
+
+ -- run global rule when there is no matching route
plugin.run_global_rules(api_ctx, router.global_rules, nil)
core.log.info("not find any matched route")
diff --git a/apisix/plugins/public-api.lua b/apisix/plugins/public-api.lua
new file mode 100644
index 0000000..5adf16f
--- /dev/null
+++ b/apisix/plugins/public-api.lua
@@ -0,0 +1,58 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+local core = require("apisix.core")
+local router = require("apisix.router")
+
+local schema = {
+ type = "object",
+ properties = {
+ uri = {type = "string"},
+ },
+}
+
+
+local _M = {
+ version = 0.1,
+ priority = 501,
+ name = "public-api",
+ schema = schema,
+}
+
+
+function _M.check_schema(conf)
+ return core.schema.check(schema, conf)
+end
+
+
+function _M.access(conf, ctx)
+ local local_conf = core.config.local_conf()
+
+ -- overwrite the uri in the ctx when the user has set the target uri
+ ctx.var.uri = conf.uri or ctx.var.uri
+ local skip = local_conf and local_conf.apisix.global_rule_skip_internal_api
+
+ -- perform route matching
+ if router.api.match(ctx, skip) then
+ return
+ end
+
+ return 404
+end
+
+
+return _M
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index f39e488..3383d44 100644
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -366,6 +366,7 @@ plugins: # plugin list (sorted by priority)
#- dubbo-proxy # priority: 507
- grpc-transcode # priority: 506
- grpc-web # priority: 505
+ - public-api # priority: 501
- prometheus # priority: 500
- datadog # priority: 495
- echo # priority: 412
diff --git a/t/admin/plugins.t b/t/admin/plugins.t
index f3e7892..344f0b7 100644
--- a/t/admin/plugins.t
+++ b/t/admin/plugins.t
@@ -102,6 +102,7 @@ redirect
response-rewrite
grpc-transcode
grpc-web
+public-api
prometheus
datadog
echo
diff --git a/t/plugin/plugin.t b/t/plugin/plugin.t
index d31a338..c5a6c13 100644
--- a/t/plugin/plugin.t
+++ b/t/plugin/plugin.t
@@ -113,6 +113,21 @@ passed
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
+
+ local code, err = t('/apisix/admin/routes/jwt',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/apisix/plugin/jwt/sign",
+ "plugins": { "public-api": {} }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ ngx.say(err)
+ return
+ end
+
local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key',
ngx.HTTP_GET
)
diff --git a/t/plugin/public-api.t b/t/plugin/public-api.t
new file mode 100644
index 0000000..fd9597c
--- /dev/null
+++ b/t/plugin/public-api.t
@@ -0,0 +1,237 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
+ $block->set_value("no_error_log", "[error]");
+ }
+
+ if (!defined $block->request) {
+ $block->set_value("request", "GET /t");
+ }
+});
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: sanity
+--- config
+ location /t {
+ content_by_lua_block {
+ local test_cases = {
+ {uri = "/apisix/plugin/jwt/sign"},
+ {uri = 3233}
+ }
+ local plugin = require("apisix.plugins.public-api")
+
+ for _, case in ipairs(test_cases) do
+ local ok, err = plugin.check_schema(case)
+ ngx.say(ok and "done" or err)
+ end
+ }
+ }
+--- response_body
+done
+property "uri" validation failed: wrong type: expected string, got number
+
+
+
+=== TEST 2: set route
+--- config
+ location /t {
+ content_by_lua_block {
+ local datas = {
+ {
+ uri = "/apisix/admin/consumers",
+ data = [[{
+ "username": "alice",
+ "plugins": {
+ "jwt-auth": {
+ "key": "user-key",
+ "algorithm": "HS256"
+ }
+ }
+ }]]
+ },
+ {
+ uri = "/apisix/admin/routes/custom-jwt-sign",
+ data = [[{
+ "plugins": {
+ "public-api": {
+ "uri": "/apisix/plugin/jwt/sign"
+ },
+ "serverless-pre-function": {
+ "phase": "rewrite",
+ "functions": ["return function(conf, ctx) require(\"apisix.core\").log.warn(\"custom-jwt-sign was triggered\"); end"]
+ }
+ },
+ "uri": "/gen_token"
+ }]],
+ },
+ {
+ uri = "/apisix/admin/routes/direct-wolf-rbac-userinfo",
+ data = [[{
+ "plugins": {
+ "public-api": {},
+ "serverless-pre-function": {
+ "phase": "rewrite",
+ "functions": ["return function(conf, ctx) require(\"apisix.core\").log.warn(\"direct-wolf-rbac-userinfo was triggered\"); end"]
+ }
+ },
+ "uri": "/apisix/plugin/wolf-rbac/user_info"
+ }]],
+ },
+ {
+ uri = "/apisix/admin/routes/wrong-public-api",
+ data = [[{
+ "plugins": {
+ "public-api": {
+ "uri": "/apisix/plugin/balalbala"
+ }
+ },
+ "uri": "/wrong-public-api"
+ }]]
+ }
+ }
+
+ local t = require("lib.test_admin").test
+
+ for _, data in ipairs(datas) do
+ local code, body = t(data.uri, ngx.HTTP_PUT, data.data)
+ ngx.say(code..body)
+ end
+ }
+ }
+--- response_body eval
+"201passed\n" x 4
+
+
+
+=== TEST 3: hit route (custom-jwt-sign)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+
+ local code, body, jwt = t("/gen_token?key=user-key", ngx.HTTP_GET, "", nil, {apikey = "testkey"})
+ if code >= 300 then
+ ngx.status = code
+ end
+
+ local header = string.sub(jwt, 1, 36)
+
+ if header == "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" or
+ header == "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" then
+ ngx.say("passed")
+ return
+ end
+
+ ngx.say("failed")
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 4: hit route (direct-wolf-rbac-userinfo)
+--- request
+GET /apisix/plugin/wolf-rbac/user_info
+--- error_code: 401
+--- error_log
+direct-wolf-rbac-userinfo was triggered
+
+
+
+=== TEST 5: missing route (non-exist public API)
+--- request
+GET /apisix/plugin/balalbala
+--- error_code: 404
+
+
+
+=== TEST 6: hit route (wrong public-api uri)
+--- request
+GET /wrong-public-api
+--- error_code: 404
+
+
+
+=== TEST 7: setup route (protect public API)
+--- config
+ location /t {
+ content_by_lua_block {
+ local datas = {
+ {
+ uri = "/apisix/admin/consumers",
+ data = [[{
+ "username": "bob",
+ "plugins": {
+ "key-auth": {
+ "key": "testkey"
+ }
+ }
+ }]]
+ },
+ {
+ uri = "/apisix/admin/routes/custom-jwt-sign",
+ data = [[{
+ "plugins": {
+ "public-api": {
+ "uri": "/apisix/plugin/jwt/sign"
+ },
+ "key-auth": {}
+ },
+ "uri": "/gen_token"
+ }]],
+ }
+ }
+
+ local t = require("lib.test_admin").test
+
+ for _, data in ipairs(datas) do
+ local code, body = t(data.uri, ngx.HTTP_PUT, data.data)
+ ngx.say(code..body)
+ end
+ }
+ }
+--- response_body
+201passed
+200passed
+
+
+
+=== TEST 8: hit route (with key-auth header)
+--- request
+GET /gen_token?key=user-key
+--- more_headers
+apikey: testkey
+
+
+
+=== TEST 9: hit route (without key-auth header)
+--- request
+GET /gen_token?key=user-key
+--- error_code: 401