You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/02/23 08:07:41 UTC

[GitHub] [apisix] Yangzcy423911 opened a new issue #3643: request help: How to modify HMAC_ The format of verification time

Yangzcy423911 opened a new issue #3643:
URL: https://github.com/apache/apisix/issues/3643


   ### Issue description
   
   ### Environment
   
   * apisix version (cmd: `apisix version`):2.2
   * OS (cmd: `uname -a`):
   * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
   * etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
   * apisix-dashboard version, if have:
   
   
   in auth authentication plug-in, such as the time format of CST


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Firstsawyou commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Firstsawyou commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-787964845


   > clock_skew set to 300 ，How to understand the meaning of this field。
   > After the field is set, the gateway returns 401 all the time, and after closing time verification, the request succeeds. In this case, how to troubleshoot the problem
   
   `clock_skew` is the time offset, which means that according to your current request `Date` (GMT), your request is normal within the time of `Date` + 300 seconds, when it exceeds the time of `Date` + 300, your request will fail.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-787942969


   Turn on the time check, the request has been failed, the status code is 401


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] nic-chen commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-789556065


   > When the on time offset, the request will always fail, the gateway test time, because the signature string contains time, the request time and the gateway time is not consistent, the resulting signature will be different, the request failure occurs
   
   Two solutions:
   1. turn it off
   2. Keep time consistent
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-789557158


   OK, I Know


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 closed issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 closed issue #3643:
URL: https://github.com/apache/apisix/issues/3643


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] nic-chen commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-784100622


   @Yangzcy423911  
   it doesn't support the format you mentioned. you could customize your time format in:
   https://github.com/apache/apisix/blob/master/apisix/plugins/hmac-auth.lua#L295
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-784090364


   example: Tue Feb 23 18:22:17 CST 2021


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-788440902


   When the on time offset, the request will always fail, the gateway test time, because the signature string contains time, the request time and the gateway time is not consistent, the resulting signature will be different, the request failure occurs


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Firstsawyou commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Firstsawyou commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-784022737


   Judging from the hmac-auth code structure, it should be supported. You can try it with CST time format.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Yangzcy423911 commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Yangzcy423911 commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-787945125


   clock_skew set to 300 ，How to understand the meaning of this field。
   After the field is set, the gateway returns 401 all the time, and after closing time verification, the request succeeds. In this case, how to troubleshoot the problem


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Firstsawyou commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Firstsawyou commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-784044874


   @nic-chen Please take a look, do you have any ideas?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Firstsawyou commented on issue #3643: request help: How to modify HMAC_ The format of verification time

Posted by GitBox <gi...@apache.org>.

Firstsawyou commented on issue #3643:
URL: https://github.com/apache/apisix/issues/3643#issuecomment-784032367


   @nic-chen From the hmac-auth code structure, it should be possible to use the CST time format, right?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org