You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/12/11 09:21:33 UTC
[GitHub] [apisix] spacewander opened a new pull request #3021: feat: rewrite handwriting validation with jsonschema
spacewander opened a new pull request #3021:
URL: https://github.com/apache/apisix/pull/3021
Fix #2967. Some plugins can't be rewritten, so I have to keep them.
Signed-off-by: spacewander <sp...@gmail.com>
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
### Pre-submission checklist:
* [ ] Did you explain what problem does this PR solve? Or what new features have been added?
* [x] Have you added corresponding test cases?
* [ ] Have you modified the corresponding document?
* [ ] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #3021: feat: rewrite handwriting validation with jsonschema
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #3021:
URL: https://github.com/apache/apisix/pull/3021#discussion_r541539244
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -42,12 +42,11 @@ local schema = {
local consumer_schema = {
type = "object",
- additionalProperties = false,
+ -- can't use additionalProperties with dependencies
Review comment:
Is it a bug of JSONSchema?
##########
File path: apisix/schema_def.lua
##########
@@ -43,14 +45,19 @@ local host_def = {
_M.host_def = host_def
-local ipv4_def = "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}"
+local ipv4_seg = "([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
+local ipv4_def_buf = {}
+for i = 1, 4 do
+ table_insert(ipv4_def_buf, ipv4_seg)
+end
+local ipv4_def = table_concat(ipv4_def_buf, [[\.]])
-- There is false negative for ipv6/cidr. For instance, `:/8` will be valid.
-- It is fine as the correct regex will be too complex.
local ipv6_def = "([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}"
.. "([a-fA-F0-9]{0,4})?"
local ip_def = {
{title = "IPv4", type = "string", format = "ipv4"},
- {title = "IPv4/CIDR", type = "string", pattern = "^" .. ipv4_def .. "/[0-9]{1,2}$"},
+ {title = "IPv4/CIDR", type = "string", pattern = "^" .. ipv4_def .. "/([12]?[0-9]|3[0-2])$"},
Review comment:
I am not sure if the current regex is good enough, I have listed the example of IPs, we can confirm:
* 127.0.0.1/1
* 127.0.0.1/10
* 127.0.0.1/11
* 127.0.0.1/20
* 127.0.0.1/21
* 127.0.0.1/30
* 127.0.0.1/32
* 127.0.0.1/33
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] jbampton commented on a change in pull request #3021: feat: rewrite handwriting validation with jsonschema
Posted by GitBox <gi...@apache.org>.
jbampton commented on a change in pull request #3021:
URL: https://github.com/apache/apisix/pull/3021#discussion_r543275699
##########
File path: apisix/plugins/openid-connect.lua
##########
@@ -148,6 +150,13 @@ end
function _M.rewrite(plugin_conf, ctx)
local conf = core.table.clone(plugin_conf)
+
+ -- Previously, we multiple conf.timeout before storing it in etcd.
+ -- If the timeout is too large, we should not multiple it again.
Review comment:
```suggestion
-- If the timeout is too large, we should not multiply it again.
```
##########
File path: apisix/plugins/openid-connect.lua
##########
@@ -29,16 +29,43 @@ local schema = {
client_id = {type = "string"},
client_secret = {type = "string"},
discovery = {type = "string"},
- scope = {type = "string"},
- ssl_verify = {type = "boolean"}, -- default is false
- timeout = {type = "integer", minimum = 1}, --default is 3 seconds
- introspection_endpoint = {type = "string"}, --default is nil
- --default is client_secret_basic
- introspection_endpoint_auth_method = {type = "string"},
- bearer_only = {type = "boolean"}, -- default is false
- realm = {type = "string"}, -- default is apisix
- logout_path = {type = "string"}, -- default is /logout
- redirect_uri = {type = "string"}, -- default is ngx.var.request_uri
+ scope = {
+ type = "string",
+ default = "openid",
+ },
+ ssl_verify = {
+ type = "boolean",
+ default = false,
+ },
+ timeout = {
+ type = "integer",
+ minimum = 1,
+ default = 3,
+ description = "timeout in second",
Review comment:
```suggestion
description = "timeout in seconds",
```
##########
File path: doc/plugins/openid-connect.md
##########
@@ -41,7 +41,7 @@ The OAuth 2 / Open ID Connect(OIDC) plugin provides authentication and introspec
| bearer_only | boolean | optional | false | | Setting this `true` will check for the authorization header in the request with a bearer token |
| logout_path | string | optional | "/logout" | | |
| redirect_uri | string | optional | "ngx.var.request_uri" | | |
-| timeout | integer | optional | 3 | [1,...] | |
+| timeout | integer | optional | 3 | [1,...] | Timeout in second |
Review comment:
```suggestion
| timeout | integer | optional | 3 | [1,...] | Timeout in seconds |
```
##########
File path: apisix/plugins/openid-connect.lua
##########
@@ -148,6 +150,13 @@ end
function _M.rewrite(plugin_conf, ctx)
local conf = core.table.clone(plugin_conf)
+
+ -- Previously, we multiple conf.timeout before storing it in etcd.
Review comment:
```suggestion
-- Previously, we multiply conf.timeout before storing it in etcd.
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #3021: feat: rewrite handwriting validation with jsonschema
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #3021:
URL: https://github.com/apache/apisix/pull/3021#discussion_r541933014
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -42,12 +42,11 @@ local schema = {
local consumer_schema = {
type = "object",
- additionalProperties = false,
+ -- can't use additionalProperties with dependencies
Review comment:
ok, got it. many thx for your explain
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #3021: feat: rewrite handwriting validation with jsonschema
Posted by GitBox <gi...@apache.org>.
spacewander merged pull request #3021:
URL: https://github.com/apache/apisix/pull/3021
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a change in pull request #3021: feat: rewrite handwriting validation with jsonschema
Posted by GitBox <gi...@apache.org>.
spacewander commented on a change in pull request #3021:
URL: https://github.com/apache/apisix/pull/3021#discussion_r541542843
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -42,12 +42,11 @@ local schema = {
local consumer_schema = {
type = "object",
- additionalProperties = false,
+ -- can't use additionalProperties with dependencies
Review comment:
When `additionalProperties = false`, you can't use `dependencies` to add new field. This is not explicitly shown in the spec, but both Lua and Go implementation have this limitation.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org