You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apisix.apache.org by Kowloon Zh <ko...@gmail.com> on 2020/01/05 14:42:37 UTC
[DISCUSS]]Add Basic authentication plugin
Hi folks,
The most commonly used HTTP authentication scheme is HTTP Basic
authentication.
I want to add a basic auth plugin to apisix apache, It should have the
following functions:
1. API for users to dynamically add and query basic authorization
information.
function _M.api()
return {
{
methods = { "GET" },
uri = "/apisix/plugin/basic-auth/get",
handler = get_auth,
},
{
methods = { "POST", "PUT" },
uri = "/apisix/plugin/basic-auth/set",
handler = set_auth,
}
}
end
2. Verify basic authrization during the access phase.
function _M.access(conf, ctx)
core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
-- 0. check conf enable
if not conf.enable then
return
end
-- 1. extract username and password from basic_auth header
local headers = ngx.req.get_headers()
if not headers.Authorization then
return 401, { message = "authorization is required" }
end
local username, password, err = extract_auth_header(headers.Authorization)
if err then
return 401, { message = err }
end
-- 2. get user info from etcd
local res = authorizations_etcd:get(username)
if res == nil then
return 401, { message = "failed to find authorization from etcd" }
end
-- 3. check if user exists
if not res.value or not res.value.id then
return 401, { message = "user is not found" }
end
local value = res.value
-- 4. check if password correct
if value.password ~= password then
return 401, { message = "password is error" }
end
end
Can anyone give some advice? Is this is needed for your scenarios?
Re: [DISCUSS]]Add Basic authentication plugin
Posted by "Li Ling(Lien)" <li...@apache.org>.
that is what I exactly want!!
for now I am using openid-connect to solve Auth problem(Eg: hide
APISIX dashboard), but basic auth is enough in some scenarios.
Kowloon Zh <ko...@gmail.com> 于2020年1月5日周日 下午10:42写道:
>
> Hi folks,
>
> The most commonly used HTTP authentication scheme is HTTP Basic
> authentication.
>
> I want to add a basic auth plugin to apisix apache, It should have the
> following functions:
>
> 1. API for users to dynamically add and query basic authorization
> information.
>
> function _M.api()
> return {
> {
> methods = { "GET" },
> uri = "/apisix/plugin/basic-auth/get",
> handler = get_auth,
> },
> {
> methods = { "POST", "PUT" },
> uri = "/apisix/plugin/basic-auth/set",
> handler = set_auth,
> }
> }
> end
>
> 2. Verify basic authrization during the access phase.
>
> function _M.access(conf, ctx)
> core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
>
> -- 0. check conf enable
> if not conf.enable then
> return
> end
>
> -- 1. extract username and password from basic_auth header
> local headers = ngx.req.get_headers()
> if not headers.Authorization then
> return 401, { message = "authorization is required" }
> end
>
> local username, password, err = extract_auth_header(headers.Authorization)
> if err then
> return 401, { message = err }
> end
>
> -- 2. get user info from etcd
> local res = authorizations_etcd:get(username)
> if res == nil then
> return 401, { message = "failed to find authorization from etcd" }
> end
>
> -- 3. check if user exists
> if not res.value or not res.value.id then
> return 401, { message = "user is not found" }
> end
>
> local value = res.value
>
> -- 4. check if password correct
> if value.password ~= password then
> return 401, { message = "password is error" }
> end
> end
>
>
> Can anyone give some advice? Is this is needed for your scenarios?
Re: [DISCUSS]]Add Basic authentication plugin
Posted by JinChao Shuai <sh...@apache.org>.
Great plugin, looking forward to PR.
YuanSheng Wang <me...@gmail.com> 于2020年1月6日周一 上午10:58写道:
> Hi Kowloon:
>
> Looking forward to this PR. ^_^
>
> On Sun, Jan 5, 2020 at 10:42 PM Kowloon Zh <ko...@gmail.com> wrote:
>
> > Hi folks,
> >
> > The most commonly used HTTP authentication scheme is HTTP Basic
> > authentication.
> >
> > I want to add a basic auth plugin to apisix apache, It should have the
> > following functions:
> >
> > 1. API for users to dynamically add and query basic authorization
> > information.
> >
> > function _M.api()
> > return {
> > {
> > methods = { "GET" },
> > uri = "/apisix/plugin/basic-auth/get",
> > handler = get_auth,
> > },
> > {
> > methods = { "POST", "PUT" },
> > uri = "/apisix/plugin/basic-auth/set",
> > handler = set_auth,
> > }
> > }
> > end
> >
> > 2. Verify basic authrization during the access phase.
> >
> > function _M.access(conf, ctx)
> > core.log.info("plugin access phase, conf: ",
> > core.json.delay_encode(conf))
> >
> > -- 0. check conf enable
> > if not conf.enable then
> > return
> > end
> >
> > -- 1. extract username and password from basic_auth header
> > local headers = ngx.req.get_headers()
> > if not headers.Authorization then
> > return 401, { message = "authorization is required" }
> > end
> >
> > local username, password, err =
> > extract_auth_header(headers.Authorization)
> > if err then
> > return 401, { message = err }
> > end
> >
> > -- 2. get user info from etcd
> > local res = authorizations_etcd:get(username)
> > if res == nil then
> > return 401, { message = "failed to find authorization from etcd"
> }
> > end
> >
> > -- 3. check if user exists
> > if not res.value or not res.value.id then
> > return 401, { message = "user is not found" }
> > end
> >
> > local value = res.value
> >
> > -- 4. check if password correct
> > if value.password ~= password then
> > return 401, { message = "password is error" }
> > end
> > end
> >
> >
> > Can anyone give some advice? Is this is needed for your scenarios?
> >
>
>
> --
>
> *MembPhis*
> My github: https://github.com/membphis
> Apache APISIX: https://github.com/apache/incubator-apisix
>
--
Thanks,
Janko
Re: [DISCUSS]]Add Basic authentication plugin
Posted by YuanSheng Wang <me...@gmail.com>.
Hi Kowloon:
Looking forward to this PR. ^_^
On Sun, Jan 5, 2020 at 10:42 PM Kowloon Zh <ko...@gmail.com> wrote:
> Hi folks,
>
> The most commonly used HTTP authentication scheme is HTTP Basic
> authentication.
>
> I want to add a basic auth plugin to apisix apache, It should have the
> following functions:
>
> 1. API for users to dynamically add and query basic authorization
> information.
>
> function _M.api()
> return {
> {
> methods = { "GET" },
> uri = "/apisix/plugin/basic-auth/get",
> handler = get_auth,
> },
> {
> methods = { "POST", "PUT" },
> uri = "/apisix/plugin/basic-auth/set",
> handler = set_auth,
> }
> }
> end
>
> 2. Verify basic authrization during the access phase.
>
> function _M.access(conf, ctx)
> core.log.info("plugin access phase, conf: ",
> core.json.delay_encode(conf))
>
> -- 0. check conf enable
> if not conf.enable then
> return
> end
>
> -- 1. extract username and password from basic_auth header
> local headers = ngx.req.get_headers()
> if not headers.Authorization then
> return 401, { message = "authorization is required" }
> end
>
> local username, password, err =
> extract_auth_header(headers.Authorization)
> if err then
> return 401, { message = err }
> end
>
> -- 2. get user info from etcd
> local res = authorizations_etcd:get(username)
> if res == nil then
> return 401, { message = "failed to find authorization from etcd" }
> end
>
> -- 3. check if user exists
> if not res.value or not res.value.id then
> return 401, { message = "user is not found" }
> end
>
> local value = res.value
>
> -- 4. check if password correct
> if value.password ~= password then
> return 401, { message = "password is error" }
> end
> end
>
>
> Can anyone give some advice? Is this is needed for your scenarios?
>
--
*MembPhis*
My github: https://github.com/membphis
Apache APISIX: https://github.com/apache/incubator-apisix
Re: [DISCUSS]]Add Basic authentication plugin
Posted by Ming Wen <we...@apache.org>.
looks good to me.
There are some performance issues that can be optimized, which can be
discussed in detail in PR.
Looking forward to this PR :)
Thanks,
Ming Wen, Apache APISIX
Twitter: _WenMing
Kowloon Zh <ko...@gmail.com> 于2020年1月5日周日 下午10:42写道:
> Hi folks,
>
> The most commonly used HTTP authentication scheme is HTTP Basic
> authentication.
>
> I want to add a basic auth plugin to apisix apache, It should have the
> following functions:
>
> 1. API for users to dynamically add and query basic authorization
> information.
>
> function _M.api()
> return {
> {
> methods = { "GET" },
> uri = "/apisix/plugin/basic-auth/get",
> handler = get_auth,
> },
> {
> methods = { "POST", "PUT" },
> uri = "/apisix/plugin/basic-auth/set",
> handler = set_auth,
> }
> }
> end
>
> 2. Verify basic authrization during the access phase.
>
> function _M.access(conf, ctx)
> core.log.info("plugin access phase, conf: ",
> core.json.delay_encode(conf))
>
> -- 0. check conf enable
> if not conf.enable then
> return
> end
>
> -- 1. extract username and password from basic_auth header
> local headers = ngx.req.get_headers()
> if not headers.Authorization then
> return 401, { message = "authorization is required" }
> end
>
> local username, password, err =
> extract_auth_header(headers.Authorization)
> if err then
> return 401, { message = err }
> end
>
> -- 2. get user info from etcd
> local res = authorizations_etcd:get(username)
> if res == nil then
> return 401, { message = "failed to find authorization from etcd" }
> end
>
> -- 3. check if user exists
> if not res.value or not res.value.id then
> return 401, { message = "user is not found" }
> end
>
> local value = res.value
>
> -- 4. check if password correct
> if value.password ~= password then
> return 401, { message = "password is error" }
> end
> end
>
>
> Can anyone give some advice? Is this is needed for your scenarios?
>