You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/29 10:23:37 UTC

[GitHub] [apisix] tzssangglass opened a new pull request, #7816: docs(hmac-auth): additional details for generating signing_string

tzssangglass opened a new pull request, #7816:
URL: https://github.com/apache/apisix/pull/7816

   ### Description
   
   <!-- Please include a summary of the change and which issue is fixed. -->
   <!-- Please also include relevant motivation and context. -->
   
   Fixes #7798
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [ ] I have added tests corresponding to this change
   - [x] I have updated the documentation to reflect this change
   - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
   
   <!--
   
   Note
   
   1. Mark the PR as draft until it's ready to be reviewed.
   2. Always add/update tests for any changes unless you have a good reason.
   3. Always update the documentation to reflect the changes made in the PR.
   4. Make a new commit to resolve conversations instead of `push -f`.
   5. To resolve merge conflicts, merge master instead of rebasing.
   6. Use "request review" to notify the reviewer after making changes.
   7. Only a reviewer can mark a conversation as resolved.
   
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] soulbird commented on a diff in pull request #7816: docs(hmac-auth): additional details for generating signing_string

Posted by GitBox <gi...@apache.org>.
soulbird commented on code in PR #7816:
URL: https://github.com/apache/apisix/pull/7816#discussion_r959064285


##########
docs/en/latest/plugins/hmac-auth.md:
##########
@@ -140,7 +140,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-The `signing_string` generated according to the algorithm above is:
+### Explanation of signature generation formula process
+
+1. The default HTTP Method for the above request is GET, which gives `signing_string` as
+
+```plain
+"GET"
+```
+
+2. The requested URI is `/index.html`, and the `signing_string` is obtained from the HTTP Method + \n + HTTP URI as
+
+```plain
+"GET
+/index.html"
+```
+
+3. The query item in the URL is `name=james&age=36`, assuming that `encode_uri_params` is false.
+According to the algorithm of `canonical_query_string`, the focus is on dictionary sorting of `key` to get `age=36&name=james`.
+
+```plain
+"GET
+/index.html
+age=36&name=james"
+```
+
+4. The `access_key` is `user-key`, and the `signing_string` is obtained from HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key as
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key"
+```
+
+5. Date is in GMT format, as in `Tue, 19 Jan 2021 11:33:20 GMT`, and the `signing_string` is obtained from the  HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date as
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key
+Tue, 19 Jan 2021 11:33:20 GMT"
+```
+
+6. `signed_headers_string` is used to specify the headers involved in the signature, which in the above example includes `User-Agent: curl/7.29.0` and `x-custom-a: test`.
+
+And the `signing_string` is obtained from the HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date + \n as

Review Comment:
   I think it is best to give the specific algorithm first, and then describe the meaning of each field in the algorithm separately



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] SylviaBABY merged pull request #7816: docs(hmac-auth): additional details for generating signing_string

Posted by GitBox <gi...@apache.org>.
SylviaBABY merged PR #7816:
URL: https://github.com/apache/apisix/pull/7816


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a diff in pull request #7816: docs(hmac-auth): additional details for generating signing_string

Posted by GitBox <gi...@apache.org>.
tzssangglass commented on code in PR #7816:
URL: https://github.com/apache/apisix/pull/7816#discussion_r957949196


##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:

Review Comment:
   updated



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] SylviaBABY commented on a diff in pull request #7816: docs(hmac-auth): additional details for generating signing_string

Posted by GitBox <gi...@apache.org>.
SylviaBABY commented on code in PR #7816:
URL: https://github.com/apache/apisix/pull/7816#discussion_r957293129


##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:

Review Comment:
   ```suggestion
   ### 签名生成公式过程详解
   
   根据上述算法生成的 `signing_string` 过程如下所示:
   ```



##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:
+
+1. 上面请求默认的 HTTP Method 是 GET,得到 `signing_string` 为

Review Comment:
   ```suggestion
   1. 上文请求默认的 HTTP Method 是 GET,得到 `signing_string` 为
   ```



##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:
+
+1. 上面请求默认的 HTTP Method 是 GET,得到 `signing_string` 为
+
+```plain
+"GET"
+```
+
+2. 请求的 URI 是 `/index.html`,根据 HTTP Method + \n + HTTP URI 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html"
+```
+
+3. URL 中的 query 项是 `name=james&age=36`,假设 `encode_uri_params` 为 false,
+根据 `canonical_query_string` 的算法,重点是对 `key` 进行字典排序,得到 `age=36&name=james`,
+根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james"
+```
+
+4. access_key 是 `user-key`,根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key"
+```
+
+5. Date 是指 GMT 格式的日期,形如 `Tue, 19 Jan 2021 11:33:20 GMT`, 根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key
+Tue, 19 Jan 2021 11:33:20 GMT"
+```
+
+6. `signed_headers_string` 用来制定参与到签名的 headers,在上面示例中包括 `User-Agent: curl/7.29.0` 和 `x-custom-a: test`,

Review Comment:
   ```suggestion
   6. `signed_headers_string` 用来制定参与到签名的 headers,在上面示例中包括 `User-Agent: curl/7.29.0` 和 `x-custom-a: test`。
   ```



##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:
+
+1. 上面请求默认的 HTTP Method 是 GET,得到 `signing_string` 为
+
+```plain
+"GET"
+```
+
+2. 请求的 URI 是 `/index.html`,根据 HTTP Method + \n + HTTP URI 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html"
+```
+
+3. URL 中的 query 项是 `name=james&age=36`,假设 `encode_uri_params` 为 false,
+根据 `canonical_query_string` 的算法,重点是对 `key` 进行字典排序,得到 `age=36&name=james`,
+根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james"
+```
+
+4. access_key 是 `user-key`,根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key"
+```
+
+5. Date 是指 GMT 格式的日期,形如 `Tue, 19 Jan 2021 11:33:20 GMT`, 根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key
+Tue, 19 Jan 2021 11:33:20 GMT"
+```
+
+6. `signed_headers_string` 用来制定参与到签名的 headers,在上面示例中包括 `User-Agent: curl/7.29.0` 和 `x-custom-a: test`,
+根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date + \n + signed_headers_string + `\n`,得到完整的 `signing_string` 为

Review Comment:
   ```suggestion
   
   根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date + \n + signed_headers_string + `\n`,得到完整的 `signing_string` 为
   ```



##########
docs/en/latest/plugins/hmac-auth.md:
##########
@@ -140,7 +140,51 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-The `signing_string` generated according to the algorithm above is:
+The procedure for `signing_string` generated according to the above algorithm:

Review Comment:
   ```suggestion
   ### Explanation of signature generation formula process
   
   The procedure for `signing_string` is generated according to the above algorithm:
   ```



##########
docs/en/latest/plugins/hmac-auth.md:
##########
@@ -140,7 +140,51 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-The `signing_string` generated according to the algorithm above is:
+The procedure for `signing_string` generated according to the above algorithm:
+
+1. The default HTTP Method for the above request is GET, which gives `signing_string` as
+
+```plain
+"GET"
+```
+
+2. The requested URI is `/index.html`, and the `signing_string` is obtained from the HTTP Method + \n + HTTP URI as
+
+```plain
+"GET
+/index.html"
+```
+
+3. The query item in the URL is `name=james&age=36`, assuming that `encode_uri_params` is false.
+According to the algorithm of `canonical_query_string`, the focus is on dictionary sorting of `key` to get `age=36&name=james`.

Review Comment:
   ```suggestion
   
   According to the algorithm of `canonical_query_string`, the focus is on dictionary sorting of `key` to get `age=36&name=james`.
   ```



##########
docs/zh/latest/plugins/hmac-auth.md:
##########
@@ -145,7 +145,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-根据上述算法生成的 `signing_string` 为:
+根据上述算法生成的 `signing_string` 的过程:
+
+1. 上面请求默认的 HTTP Method 是 GET,得到 `signing_string` 为
+
+```plain
+"GET"
+```
+
+2. 请求的 URI 是 `/index.html`,根据 HTTP Method + \n + HTTP URI 得到 `signing_string` 为
+
+```plain
+"GET
+/index.html"
+```
+
+3. URL 中的 query 项是 `name=james&age=36`,假设 `encode_uri_params` 为 false,
+根据 `canonical_query_string` 的算法,重点是对 `key` 进行字典排序,得到 `age=36&name=james`,
+根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string 得到 `signing_string` 为

Review Comment:
   ```suggestion
   3. URL 中的 query 项是 `name=james&age=36`,假设 `encode_uri_params` 为 false,根据 `canonical_query_string` 的算法,重点是对 `key` 进行字典排序,得到 `age=36&name=james`;根据 HTTP Method + \n + HTTP URI + \n + canonical_query_string 得到 `signing_string` 为
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a diff in pull request #7816: docs(hmac-auth): additional details for generating signing_string

Posted by GitBox <gi...@apache.org>.
tzssangglass commented on code in PR #7816:
URL: https://github.com/apache/apisix/pull/7816#discussion_r959073067


##########
docs/en/latest/plugins/hmac-auth.md:
##########
@@ -140,7 +140,52 @@ curl -i http://127.0.0.1:9080/index.html?name=james&age=36 \
 -H "User-Agent: curl/7.29.0"
 ```
 
-The `signing_string` generated according to the algorithm above is:
+### Explanation of signature generation formula process
+
+1. The default HTTP Method for the above request is GET, which gives `signing_string` as
+
+```plain
+"GET"
+```
+
+2. The requested URI is `/index.html`, and the `signing_string` is obtained from the HTTP Method + \n + HTTP URI as
+
+```plain
+"GET
+/index.html"
+```
+
+3. The query item in the URL is `name=james&age=36`, assuming that `encode_uri_params` is false.
+According to the algorithm of `canonical_query_string`, the focus is on dictionary sorting of `key` to get `age=36&name=james`.
+
+```plain
+"GET
+/index.html
+age=36&name=james"
+```
+
+4. The `access_key` is `user-key`, and the `signing_string` is obtained from HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key as
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key"
+```
+
+5. Date is in GMT format, as in `Tue, 19 Jan 2021 11:33:20 GMT`, and the `signing_string` is obtained from the  HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date as
+
+```plain
+"GET
+/index.html
+age=36&name=james
+user-key
+Tue, 19 Jan 2021 11:33:20 GMT"
+```
+
+6. `signed_headers_string` is used to specify the headers involved in the signature, which in the above example includes `User-Agent: curl/7.29.0` and `x-custom-a: test`.
+
+And the `signing_string` is obtained from the HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date + \n as

Review Comment:
   The algorithm is already in the original document



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org