[GitHub] [apisix] bzp2010 opened a new pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 opened a new pull request #6218:
URL: https://github.com/apache/apisix/pull/6218


   ### What this PR does / why we need it:
   <!--- Why is this change required? What problem does it solve? -->
   <!--- If it fixes an open issue, please link to the issue here. -->
   
   Add public-api related documents, and remove obsolete content regarding plugin interceptors and plugin development.
   
   ### Pre-submission checklist:
   
   <!--
   Please follow the PR manners:
   1. Use Draft if the PR is not ready to be reviewed
   2. Test is required for the feat/fix PR, unless you have a good reason
   3. Doc is required for the feat PR
   4. Use a new commit to resolve review instead of `push -f`
   5. If you need to resolve merge conflicts after the PR is reviewed, please merge master but do not rebase
   6. Use "request review" to notify the reviewer once you have resolved the review
   7. Only reviewer can click "Resolve conversation" to mark the reviewer's review resolved
   -->
   
   * [x] Did you explain what problem does this PR solve? Or what new features have been added?
   * [x] Have you added corresponding test cases?
   * [x] Have you modified the corresponding document?
   * [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

juzhiyuan commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794263012



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |

Review comment:
       ok




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794298535



##########
File path: docs/zh/latest/plugin-develop.md
##########
@@ -326,8 +326,7 @@ function _M.api()
 end
 ```
 
-注意注册的接口会暴露到外网。
-你可能需要使用 [interceptors](plugin-interceptors.md) 来保护它。
+注意，注册的接口将不会默认暴露，您需要使用[public-api 插件](plugins/public-api.md)来暴露它。

Review comment:
       ping @shuaijinchao 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

spacewander commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r800313045



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.

Review comment:
       ```suggestion
   With the `public-api` plugin, we put all public API into the general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
   ```

##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       Let's update the link to point to English version like https://github.com/apache/apisix/blob/48e8a1ee483caa7150f7ad812953730eb50324bb/docs/zh/latest/plugins/kafka-logger.md?plain=1#L183




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794274332



##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       I think it is ok, I will add the description of the default port. The `panel` is a spelling mistake.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r801237864



##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       @spacewander updated




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794188111



##########
File path: docs/zh/latest/plugin-develop.md
##########
@@ -326,8 +326,7 @@ function _M.api()
 end
 ```
 
-注意注册的接口会暴露到外网。
-你可能需要使用 [interceptors](plugin-interceptors.md) 来保护它。
+注意，注册的接口将不会默认暴露，您需要使用[public-api 插件](plugins/public-api.md)来暴露它。

Review comment:
       fixed, Other personal pronouns in the md file of this PR design have also been removed.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

tzssangglass commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794161639



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+
+## Example
+
+We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+
+### Prerequisites
+
+The use of key-auth and jwt-auth requires the configuration of a consumer that contains the configuration of these plugins, and you need to create one in advance, the process will be omitted here.
+
+### Basic Use Case
+
+First we will setup a route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r1' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/apisix/plugin/jwt/sign",
+    "plugins": {
+        "public-api": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
+```
+
+It will respond to a text JWT.
+
+### Customize URI
+
+Let's setup another route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        }
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/gen_token?key=user-key'
+```
+
+It will still respond to a text JWT. We can see that users are free to configure URI for the public API to match.
+
+### Protect Route
+
+Let's modify the last route and add `key-auth` authentication to it.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        },
+        "key-auth": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+    -H "apikey: test-apikey"
+HTTP/1.1 200 OK
+
+# Failed request
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+HTTP/1.1 401 UNAUTHORIZED
+```
+

Review comment:
       how about use 
   
   ```
   $ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
   ```
   
   to get token atfer protecting this route?

##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |

Review comment:
       ```suggestion
   | Name | Type   | Requirement | Default | Valid | Description                                                                                                                                                                            |
   |------|--------|-------------|---------|-------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
   | uri  | string | optional    | ""      |       | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
   ```
   
   wrong table format

##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |

Review comment:
       here `Requirement` is follow other docs.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794159838



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |

Review comment:
       https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/cors.md?plain=1#L36-L38
   
   Other documents also use Requirement.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794183501



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |

Review comment:
       @tzssangglass Is this the new specification we are implementing? I've written documents before that use this style.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shuaijinchao commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

shuaijinchao commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794135901



##########
File path: docs/zh/latest/plugin-develop.md
##########
@@ -326,8 +326,7 @@ function _M.api()
 end
 ```
 
-注意注册的接口会暴露到外网。
-你可能需要使用 [interceptors](plugin-interceptors.md) 来保护它。
+注意，注册的接口将不会默认暴露，您需要使用[public-api 插件](plugins/public-api.md)来暴露它。

Review comment:
       ```suggestion
   注意，注册的接口将不会默认暴露，需要使用[public-api 插件](plugins/public-api.md)来暴露它。
   ```
   the use of honorifics for personal pronouns is not required in documentation.

##########
File path: docs/zh/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 假设环境变量 `INTRANET_IP` 是 `172.1.1.1`，现在 APISIX 会在 `172.1.1.1:9092` 上暴露指标。
 
-**在 2.6 版本之前，指标会直接暴露到数据面的端口上，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。**
-
-如果你依然想要这样的行为，你可以这么配置：
+如果你依然想要让指标暴露在数据面的端口上，你可以这么配置：
 
 ```
 plugin_attr:
   prometheus:
     enable_export_server: false
 ```
 
+同时，您还需要使用 [public-api](public-api.md) 插件来暴露它。

Review comment:
       ```suggestion
   同时，需要使用 [public-api](public-api.md) 插件来暴露它。
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

tzssangglass commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794192690



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |

Review comment:
       my bad, it's just that I noticed in the IDE that it's not formatted correctly to show up as a table.
   I just checked its presentation on github and it is correct.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r800646507



##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       Hi, @spacewander.
   
   As currently used, it renders properly on our official website (when no language-specific localization documents are returned to English), and if we modify it directly, it will cause confusion on the official website, i.e. some multilingual documents will be all linked back to the English version.
   It seems like we can't have it both ways, but I think it's more important to make sure the content on the official website is always available in the right way than to use the md file to read it directly.
   
   Currently there is no Chinese documentation for the `public-api` plugin, if you think it is really necessary to change it, I will do so.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

tzssangglass commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794193481



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+
+## Example
+
+We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+
+### Prerequisites
+
+The use of key-auth and jwt-auth requires the configuration of a consumer that contains the configuration of these plugins, and you need to create one in advance, the process will be omitted here.
+
+### Basic Use Case
+
+First we will setup a route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r1' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/apisix/plugin/jwt/sign",
+    "plugins": {
+        "public-api": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
+```
+
+It will respond to a text JWT.
+
+### Customize URI
+
+Let's setup another route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        }
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/gen_token?key=user-key'
+```
+
+It will still respond to a text JWT. We can see that users are free to configure URI for the public API to match.
+
+### Protect Route
+
+Let's modify the last route and add `key-auth` authentication to it.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        },
+        "key-auth": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+    -H "apikey: test-apikey"
+HTTP/1.1 200 OK
+
+# Failed request
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+HTTP/1.1 401 UNAUTHORIZED
+```
+

Review comment:
       Does this mean that the `/apisix/plugin/jwt/sign` is still exposed?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794188724



##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       fixed

##########
File path: docs/zh/latest/plugins/jwt-auth.md
##########
@@ -51,8 +51,7 @@ title: jwt-auth
 
 ## 接口
 
-插件会增加 `/apisix/plugin/jwt/sign` 这个接口，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。
+插件会增加 `/apisix/plugin/jwt/sign` 这个接口，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       fixed

##########
File path: docs/zh/latest/plugins/batch-requests.md
##########
@@ -52,8 +52,7 @@ title: batch-requests
 
 ## 接口
 
-插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。
+插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       fixed




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794188149



##########
File path: docs/zh/latest/plugins/wolf-rbac.md
##########
@@ -51,7 +51,7 @@ rbac 功能由 [wolf](https://github.com/iGeeky/wolf) 提供, 有关 `wolf` 的
 * /apisix/plugin/wolf-rbac/change_pwd
 * /apisix/plugin/wolf-rbac/user_info
 
-你可能需要通过 [interceptors](../plugin-interceptors.md) 来保护它们。
+你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       fixed




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

juzhiyuan commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r800718802



##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       How about using English only in this PR? After it gets merged, @guoqqqi and @Baoyuantop could help to translate 🤔 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794159168



##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       @juzhiyuan Do you mean to set the `enable_export_server` default configuration to occur false, expose it to the DP port by default, and allow the user to set the route for this API?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794183501



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |

Review comment:
       @tzssangglass Is this the new specification we are implementing? I've written documents before that use this style. Do those need to be adjusted afterwards as well?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794290368



##########
File path: docs/zh/latest/plugins/batch-requests.md
##########
@@ -52,8 +52,7 @@ title: batch-requests
 
 ## 接口
 
-插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。
+插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       updated, please re-check and resolve it. XD




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander merged pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

spacewander merged pull request #6218:
URL: https://github.com/apache/apisix/pull/6218


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

juzhiyuan commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r800313629



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.

Review comment:
       I prefer to using Route instead of route, so developers could know what's indeed normal router 😉
   
   ```suggestion
   With the `public-api` plugin, we put all public APIs into general HTTP API router, which is consistent with the normal Route registered by the user and can apply any plugin. The public API added in the user plugin is no longer accessible by default by APISIX, and the user has to manually configure the route for it, the user can configure any uri and plugin.
   ```
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

spacewander commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r801220740



##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       @bzp2010 @juzhiyuan 
   We already do this in other loggers. Although someone else can translate it later, but we should not invent another way to handle it, and merge a PR which will create known broken links.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794187936



##########
File path: docs/zh/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 假设环境变量 `INTRANET_IP` 是 `172.1.1.1`，现在 APISIX 会在 `172.1.1.1:9092` 上暴露指标。
 
-**在 2.6 版本之前，指标会直接暴露到数据面的端口上，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。**
-
-如果你依然想要这样的行为，你可以这么配置：
+如果你依然想要让指标暴露在数据面的端口上，你可以这么配置：
 
 ```
 plugin_attr:
   prometheus:
     enable_export_server: false
 ```
 
+同时，您还需要使用 [public-api](public-api.md) 插件来暴露它。

Review comment:
       fixed




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794289914



##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       @juzhiyuan updated




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

juzhiyuan commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r793655833



##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       ```suggestion
   If you still want to expose the metrics via the data panel port, you can configure it like this:
   ```

##########
File path: docs/zh/latest/plugins/batch-requests.md
##########
@@ -52,8 +52,7 @@ title: batch-requests
 
 ## 接口
 
-插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。
+插件会增加 `/apisix/batch-requests` 这个接口，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       ```suggestion
   插件会增加 `/apisix/batch-requests` 这个接口，你需要通过 [public-api](public-api.md) 插件来暴露它。
   ```

##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       We could add the default DP Port?

##########
File path: docs/zh/latest/plugins/jwt-auth.md
##########
@@ -51,8 +51,7 @@ title: jwt-auth
 
 ## 接口
 
-插件会增加 `/apisix/plugin/jwt/sign` 这个接口，你可能需要通过 [interceptors](../plugin-interceptors.md)
-来保护它。
+插件会增加 `/apisix/plugin/jwt/sign` 这个接口，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       ```suggestion
   插件会增加 `/apisix/plugin/jwt/sign` 这个接口，你需要通过 [public-api](public-api.md) 插件来暴露它。
   ```

##########
File path: docs/zh/latest/plugins/node-status.md
##########
@@ -40,7 +40,7 @@ title: node-status
 
 ## 插件接口
 
-插件增加接口 `/apisix/status`，可通过 [interceptors](../plugin-interceptors.md) 保护该接口。
+插件增加接口 `/apisix/status`，你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       ```suggestion
   插件增加接口 `/apisix/status`，你需要通过 [public-api](public-api.md) 插件来暴露它。
   ```

##########
File path: docs/zh/latest/plugins/wolf-rbac.md
##########
@@ -51,7 +51,7 @@ rbac 功能由 [wolf](https://github.com/iGeeky/wolf) 提供, 有关 `wolf` 的
 * /apisix/plugin/wolf-rbac/change_pwd
 * /apisix/plugin/wolf-rbac/user_info
 
-你可能需要通过 [interceptors](../plugin-interceptors.md) 来保护它们。
+你可能需要通过 [public-api](public-api.md) 插件来暴露它。

Review comment:
       ```suggestion
   你需要通过 [public-api](public-api.md) 插件来暴露它。
   ```

##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |

Review comment:
       ```suggestion
   | Name | Type | Required | Default | Valid | Description |
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

tzssangglass commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794445379



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+
+## Example
+
+We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+
+### Prerequisites
+
+The use of key-auth and jwt-auth requires the configuration of a consumer that contains the configuration of these plugins, and you need to create one in advance, the process will be omitted here.
+
+### Basic Use Case
+
+First we will setup a route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r1' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/apisix/plugin/jwt/sign",
+    "plugins": {
+        "public-api": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
+```
+
+It will respond to a text JWT.
+
+### Customize URI
+
+Let's setup another route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        }
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/gen_token?key=user-key'
+```
+
+It will still respond to a text JWT. We can see that users are free to configure URI for the public API to match.
+
+### Protect Route
+
+Let's modify the last route and add `key-auth` authentication to it.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        },
+        "key-auth": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+    -H "apikey: test-apikey"
+HTTP/1.1 200 OK
+
+# Failed request
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+HTTP/1.1 401 UNAUTHORIZED
+```
+

Review comment:
       got




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794160032



##########
File path: docs/zh/latest/plugin-develop.md
##########
@@ -326,8 +326,7 @@ function _M.api()
 end
 ```
 
-注意注册的接口会暴露到外网。
-你可能需要使用 [interceptors](plugin-interceptors.md) 来保护它。
+注意，注册的接口将不会默认暴露，您需要使用[public-api 插件](plugins/public-api.md)来暴露它。

Review comment:
       Get it




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794184239



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+
+## Example
+
+We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+
+### Prerequisites
+
+The use of key-auth and jwt-auth requires the configuration of a consumer that contains the configuration of these plugins, and you need to create one in advance, the process will be omitted here.
+
+### Basic Use Case
+
+First we will setup a route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r1' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/apisix/plugin/jwt/sign",
+    "plugins": {
+        "public-api": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
+```
+
+It will respond to a text JWT.
+
+### Customize URI
+
+Let's setup another route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        }
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/gen_token?key=user-key'
+```
+
+It will still respond to a text JWT. We can see that users are free to configure URI for the public API to match.
+
+### Protect Route
+
+Let's modify the last route and add `key-auth` authentication to it.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        },
+        "key-auth": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+    -H "apikey: test-apikey"
+HTTP/1.1 200 OK
+
+# Failed request
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+HTTP/1.1 401 UNAUTHORIZED
+```
+

Review comment:
       This is inherited from the second case. If you don't use the `/get_token` route, you can just configure the public API route in the first way (Basic Use Case).




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

juzhiyuan commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794262894



##########
File path: docs/en/latest/plugins/prometheus.md
##########
@@ -46,17 +46,16 @@ plugin_attr:
 
 Assume environment variable `INTRANET_IP` is `172.1.1.1`, now APISIX will export the metrics via `172.1.1.1:9092`.
 
-**Before version `2.6`, the metrics are exposed via the data panel port,
-you may need to use [interceptors](../plugin-interceptors.md) to protect it.**
-
-If you still want this behavior, you can configure it like this:
+If you still want expose the metrics via the data panel port, you can configure it like this:

Review comment:
       Because we don't use `data plane` in docs frequently, how about using `via the data plane port (default: xxx)` here?
   
   Also, it should be `plane` instead of `panel`




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r794295329



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.
+
+## Attributes
+
+| Name | Type | Requirement | Default | Valid | Description |
+| -- | -- | -- | -- | -- | -- |
+| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+
+## Example
+
+We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+
+### Prerequisites
+
+The use of key-auth and jwt-auth requires the configuration of a consumer that contains the configuration of these plugins, and you need to create one in advance, the process will be omitted here.
+
+### Basic Use Case
+
+First we will setup a route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r1' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/apisix/plugin/jwt/sign",
+    "plugins": {
+        "public-api": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=user-key'
+```
+
+It will respond to a text JWT.
+
+### Customize URI
+
+Let's setup another route.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        }
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl 'http://127.0.0.1:9080/gen_token?key=user-key'
+```
+
+It will still respond to a text JWT. We can see that users are free to configure URI for the public API to match.
+
+### Protect Route
+
+Let's modify the last route and add `key-auth` authentication to it.
+
+```shell
+$ curl -X PUT 'http://127.0.0.1:9080/apisix/admin/routes/r2' \
+    -H 'X-API-KEY: <api-key>' \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "uri": "/gen_token",
+    "plugins": {
+        "public-api": {
+            "uri": "/apisix/plugin/jwt/sign"
+        },
+        "key-auth": {}
+    }
+}'
+```
+
+Let's test it.
+
+```shell
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+    -H "apikey: test-apikey"
+HTTP/1.1 200 OK
+
+# Failed request
+$ curl -i 'http://127.0.0.1:9080/gen_token?key=user-key'
+HTTP/1.1 401 UNAUTHORIZED
+```
+

Review comment:
       @tzssangglass 
   
   It will still be inserted into the radixtree built in `api_router` at startup, but in the default `http_access_phase`, no match will be made. If the user configures a route for it and turns on the `public-api` plugin, we do an `api_router` match in the `public-api` plugin's access hook to process the public API request.
   
   Therefore, the conclusion is that it is not exposed and the user needs to configure the route to access it.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] bzp2010 commented on a change in pull request #6218: docs: add public-api related content

[GitBox <gi...@apache.org>]

bzp2010 commented on a change in pull request #6218:
URL: https://github.com/apache/apisix/pull/6218#discussion_r800650181



##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.

Review comment:
       fixed

##########
File path: docs/en/latest/plugins/public-api.md
##########
@@ -0,0 +1,132 @@
+---
+title: public-api
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Summary
+
+- [**Description**](#description)
+- [**Attributes**](#attributes)
+- [**Example**](#example)
+
+## Description
+
+The `public-api` plugin is used to enhance the plugin public API access control.
+When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+
+With the `public-api` plugin, we put the all public API into general HTTP API router, which is consistent with the normal route registered by the user and can apply any plugin. The public API added in the user plugin is no longer open by default by APISIX, but the user manually configures the route for it, and the user can configure any uri and plugin.

Review comment:
       fixed




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org