You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/12 14:53:42 UTC

[GitHub] [apisix] tzssangglass commented on a change in pull request #5038: feat(hmac-auth): Add validate request body for hmac auth plugin

tzssangglass commented on a change in pull request #5038:
URL: https://github.com/apache/apisix/pull/5038#discussion_r706849116



##########
File path: apisix/plugins/hmac-auth.lua
##########
@@ -193,6 +206,19 @@ local function do_nothing(v)
     return v
 end
 
+local function validate_body(ctx, secret_key, params, req_body)
+    if not req_body then
+        req_body = ""
+    end

Review comment:
       ```suggestion
       req_body = req_body or ""
   ```

##########
File path: docs/zh/latest/plugins/hmac-auth.md
##########
@@ -186,6 +188,16 @@ print(base64.b64encode(hash.digest()))
 | --------- | -------------------------------------------- |
 | SIGNATURE | 8XV1GB7Tq23OJcoz6wjqTs4ZLxr9DiLoY4PxzScWGYg= |
 
+### Body 校验
+
+把 `validate_request_body` 设置为 true 来进行请求 body 的校验。 插件将计算 hmac-sha 值，对比头部中的 Digest 头部值。

Review comment:
       ```suggestion
   把 `validate_request_body` 设置为 true 来进行请求 body 的校验。插件将计算 hmac-sha 值，对比头部中的 Digest 头部值。
   ```

##########
File path: apisix/plugins/hmac-auth.lua
##########
@@ -193,6 +206,19 @@ local function do_nothing(v)
     return v
 end
 
+local function validate_body(ctx, secret_key, params, req_body)
+    if not req_body then
+        req_body = ""
+    end
+    local digest_header = core.request.header(ctx, DIGEST)
+    if not digest_header then
+        -- it's ok if there is no digest header and no body
+        return req_body == ""
+    end

Review comment:
       Can we judge this first?

##########
File path: docs/zh/latest/plugins/hmac-auth.md
##########
@@ -186,6 +188,16 @@ print(base64.b64encode(hash.digest()))
 | --------- | -------------------------------------------- |
 | SIGNATURE | 8XV1GB7Tq23OJcoz6wjqTs4ZLxr9DiLoY4PxzScWGYg= |
 
+### Body 校验
+
+把 `validate_request_body` 设置为 true 来进行请求 body 的校验。 插件将计算 hmac-sha 值，对比头部中的 Digest 头部值。

Review comment:
       `Digest` in code is `digest`, better to keep same.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org