You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/04/06 06:19:44 UTC
[apisix] branch master updated: feat: Add the function to hide header for key-auth plugin (#6670)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 07d535def feat: Add the function to hide header for key-auth plugin (#6670)
07d535def is described below
commit 07d535def899324ba4683b0d9dd8a396fe07d159
Author: bin-ya <81...@users.noreply.github.com>
AuthorDate: Wed Apr 6 14:19:35 2022 +0800
feat: Add the function to hide header for key-auth plugin (#6670)
---
apisix/plugins/key-auth.lua | 11 ++
docs/en/latest/plugins/key-auth.md | 1 +
docs/zh/latest/plugins/key-auth.md | 3 +-
t/plugin/key-auth.t | 223 +++++++++++++++++++++++++++++++++++++
4 files changed, 237 insertions(+), 1 deletion(-)
diff --git a/apisix/plugins/key-auth.lua b/apisix/plugins/key-auth.lua
index a6ea9dcae..bf451d292 100644
--- a/apisix/plugins/key-auth.lua
+++ b/apisix/plugins/key-auth.lua
@@ -35,6 +35,10 @@ local schema = {
type = "string",
default = "apikey",
},
+ hide_credentials = {
+ type = "boolean",
+ default = false,
+ }
},
}
@@ -110,6 +114,13 @@ function _M.rewrite(conf, ctx)
end
core.log.info("consumer: ", core.json.delay_encode(consumer))
+ if conf.hide_credentials then
+ core.request.set_header(ctx, conf.header, nil)
+ local args = core.request.get_uri_args(ctx)
+ args[conf.query] = nil
+ core.request.set_uri_args(ctx, args)
+ end
+
consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
core.log.info("hit key-auth rewrite")
end
diff --git a/docs/en/latest/plugins/key-auth.md b/docs/en/latest/plugins/key-auth.md
index 239e25846..400b6c56a 100644
--- a/docs/en/latest/plugins/key-auth.md
+++ b/docs/en/latest/plugins/key-auth.md
@@ -41,6 +41,7 @@ For route side:
| ---- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------- |
| header | string | optional | apikey | | the header we get the key from |
| query | string | optional | apikey | | the query string we get the key from, which priority is lower than `header` |
+| hide_credentials | bool | optional | false | | Whether to pass the request header containing authentication information to upstream. |
## How To Enable
diff --git a/docs/zh/latest/plugins/key-auth.md b/docs/zh/latest/plugins/key-auth.md
index c816107cb..acbe315fc 100644
--- a/docs/zh/latest/plugins/key-auth.md
+++ b/docs/zh/latest/plugins/key-auth.md
@@ -40,7 +40,8 @@ router 端配置:
| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ---- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------- |
| header | string | 可选 | apikey | | 设置我们从哪个 header 获取 key。 |
-| query | string | 可选 | apikey | | 设置我们从哪个 querystring 获取 key,优先级低于 header |
+| query | string | 可选 | apikey | | 设置我们从哪个 query string 获取 key,优先级低于 `header` |
+| hide_credentials | bool | 可选 | false | | 是否将含有认证信息的请求头传递给 upstream。 |
## 如何启用
diff --git a/t/plugin/key-auth.t b/t/plugin/key-auth.t
index 22c0a3676..66b1b307e 100644
--- a/t/plugin/key-auth.t
+++ b/t/plugin/key-auth.t
@@ -334,3 +334,226 @@ GET /hello?auth=auth-one
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 14: enable key auth plugin using admin api, set hide_credentials = false
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "key-auth": {
+ "hide_credentials": false
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/echo"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 15: verify apikey request header should not hidden
+--- request
+GET /echo
+--- more_headers
+apikey: auth-one
+--- response_headers
+apikey: auth-one
+--- no_error_log
+[error]
+
+
+
+=== TEST 16: add key auth plugin using admin api, set hide_credentials = true
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "key-auth": {
+ "hide_credentials": true
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/echo"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 17: verify apikey request header is hidden
+--- request
+GET /echo
+--- more_headers
+apikey: auth-one
+--- response_headers
+!apikey
+--- no_error_log
+[error]
+
+
+
+=== TEST 18: verify that only the keys in the title are deleted
+--- request
+GET /echo
+--- more_headers
+apikey: auth-one
+test: auth-two
+--- response_headers
+!apikey
+test: auth-two
+--- no_error_log
+[error]
+
+
+
+=== TEST 19: customize query string, set hide_credentials = true
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "key-auth": {
+ "query": "auth",
+ "hide_credentials": true
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 20: verify auth request args is hidden
+--- request
+GET /hello?auth=auth-one
+--- response_args
+!auth
+--- no_error_log
+[error]
+
+
+
+=== TEST 21: verify that only the keys in the query parameters are deleted
+--- request
+GET /hello?auth=auth-one&test=auth-two
+--- response_args
+!auth
+test: auth-two
+--- no_error_log
+[error]
+
+
+
+=== TEST 22: customize query string, set hide_credentials = false
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "key-auth": {
+ "query": "auth",
+ "hide_credentials": false
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 23: verify auth request args should not hidden
+--- request
+GET /hello?auth=auth-one
+--- response_args
+auth: auth-one
+--- no_error_log
+[error]