You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/04/22 07:53:35 UTC

[GitHub] [apisix] navendu-pottekkat opened a new pull request, #6911: docs: update "Security" docs

navendu-pottekkat opened a new pull request, #6911:
URL: https://github.com/apache/apisix/pull/6911

   Signed-off-by: Navendu Pottekkat <na...@gmail.com>
   
   ### Description
   
   Updates the documentation of the "referer-restriction", "consumer-restriction", "csrf" and "public-api" Plugins.
   
   Child PR of #6734


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on a diff in pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

navendu-pottekkat commented on code in PR #6911:
URL: https://github.com/apache/apisix/pull/6911#discussion_r856153546


##########
docs/en/latest/plugins/public-api.md:
##########
@@ -23,31 +29,28 @@ title: public-api
 
 ## Description
 
-The `public-api` plugin is used to enhance the plugin public API access control.
-When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+The `public-api` is used for exposing an API endpoint through a general HTTP API router.
 
-With the `public-api` plugin, we put all public APIs into the general HTTP API router, which is consistent with the normal Route registered by the user and can apply any plugin. The public API added in the user plugin is no longer expose by default by APISIX, and the user has to manually configure the Route for it, the user can configure any uri and plugin.
+When you are using custom Plugins, you can use the `public-api` Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint `/apisix/plugin/jwt/sign` for JWT authentication using the [jwt-auth](./jwt-auth.md) Plugin.
 
-## Attributes
-
-| Name | Type | Requirement | Default | Valid | Description |
-| -- | -- | -- | -- | -- | -- |
-| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the `public-api` Plugin on it.
 
-## Example
+## Attributes
 
-We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+| Name | Type   | Required | Default | Description                                                                                                                                                  |

Review Comment:
   It was presented in such a way.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

navendu-pottekkat commented on PR #6911:
URL: https://github.com/apache/apisix/pull/6911#issuecomment-1108065735

   Fixed the lint errors.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] hf400159 commented on a diff in pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

hf400159 commented on code in PR #6911:
URL: https://github.com/apache/apisix/pull/6911#discussion_r856110494


##########
docs/en/latest/plugins/public-api.md:
##########
@@ -23,31 +29,28 @@ title: public-api
 
 ## Description
 
-The `public-api` plugin is used to enhance the plugin public API access control.
-When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+The `public-api` is used for exposing an API endpoint through a general HTTP API router.
 
-With the `public-api` plugin, we put all public APIs into the general HTTP API router, which is consistent with the normal Route registered by the user and can apply any plugin. The public API added in the user plugin is no longer expose by default by APISIX, and the user has to manually configure the Route for it, the user can configure any uri and plugin.
+When you are using custom Plugins, you can use the `public-api` Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint `/apisix/plugin/jwt/sign` for JWT authentication using the [jwt-auth](./jwt-auth.md) Plugin.
 
-## Attributes
-
-| Name | Type | Requirement | Default | Valid | Description |
-| -- | -- | -- | -- | -- | -- |
-| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the `public-api` Plugin on it.
 
-## Example
+## Attributes
 
-We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+| Name | Type   | Required | Default | Description                                                                                                                                                  |

Review Comment:
   I think the `Default` column can be deleted.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander merged pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

spacewander merged PR #6911:
URL: https://github.com/apache/apisix/pull/6911


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

navendu-pottekkat commented on PR #6911:
URL: https://github.com/apache/apisix/pull/6911#issuecomment-1108671492

   @spacewander @yzeng25 Could you review the PR?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on a diff in pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

navendu-pottekkat commented on code in PR #6911:
URL: https://github.com/apache/apisix/pull/6911#discussion_r856153415


##########
docs/en/latest/plugins/public-api.md:
##########
@@ -23,31 +29,28 @@ title: public-api
 
 ## Description
 
-The `public-api` plugin is used to enhance the plugin public API access control.
-When current users develop custom plugins, they can register some public APIs for fixed functionality, such as the `/apisix/plugin/jwt/sign` API in `jwt-auth`. These APIs can only apply limited plugins for access control (currently only `ip-restriction`) by way of plugin interceptors.
+The `public-api` is used for exposing an API endpoint through a general HTTP API router.
 
-With the `public-api` plugin, we put all public APIs into the general HTTP API router, which is consistent with the normal Route registered by the user and can apply any plugin. The public API added in the user plugin is no longer expose by default by APISIX, and the user has to manually configure the Route for it, the user can configure any uri and plugin.
+When you are using custom Plugins, you can use the `public-api` Plugin to define a fixed, public API for a particular functionality. For example, you can create a public API endpoint `/apisix/plugin/jwt/sign` for JWT authentication using the [jwt-auth](./jwt-auth.md) Plugin.
 
-## Attributes
-
-| Name | Type | Requirement | Default | Valid | Description |
-| -- | -- | -- | -- | -- | -- |
-| uri | string | optional | "" |   | The uri of the public API. When you set up the route, you can use this to configure the original API uri if it is used in a way that is inconsistent with the original public API uri. |
+The public API added in a custom Plugin is not exposed by default and the user should manually configure a Route and enable the `public-api` Plugin on it.
 
-## Example
+## Attributes
 
-We take the `jwt-auth` token sign API as an example to show how to configure the `public-api` plugin. Also, the `key-auth` will be used to show how to configure the protection plugin for the public API.
+| Name | Type   | Required | Default | Description                                                                                                                                                  |

Review Comment:
   I thought the default value would be an empty string.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] navendu-pottekkat commented on a diff in pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

navendu-pottekkat commented on code in PR #6911:
URL: https://github.com/apache/apisix/pull/6911#discussion_r858644205


##########
docs/en/latest/plugins/referer-restriction.md:
##########
@@ -23,24 +29,27 @@ title: referer-restriction
 
 ## Description
 
-The `referer-restriction` can restrict access to a Service or a Route by
-whitelisting/blacklisting request header Referrers.
+The `referer-restriction` Plugin can be used to restrict access to a Service or a Route by
+whitelisting/blacklisting the `Referer` request header.

Review Comment:
   Done. Thanks.



##########
docs/en/latest/plugins/consumer-restriction.md:
##########
@@ -23,29 +29,36 @@ title: consumer-restriction
 
 ## Description
 
-The `consumer-restriction` makes corresponding access restrictions based on different objects selected.
+The `consumer-restriction` Plugin allows to set access restrictions based on Consumer, Route, or Service.

Review Comment:
   Done.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] yzeng25 commented on a diff in pull request #6911: docs: update "Security" docs

Posted by GitBox <gi...@apache.org>.

yzeng25 commented on code in PR #6911:
URL: https://github.com/apache/apisix/pull/6911#discussion_r858623219


##########
docs/en/latest/plugins/consumer-restriction.md:
##########
@@ -23,29 +29,36 @@ title: consumer-restriction
 
 ## Description
 
-The `consumer-restriction` makes corresponding access restrictions based on different objects selected.
+The `consumer-restriction` Plugin allows to set access restrictions based on Consumer, Route, or Service.

Review Comment:
   ```suggestion
   The `consumer-restriction` Plugin allows users to set access restrictions based on Consumer, Route, or Service.
   ```



##########
docs/en/latest/plugins/referer-restriction.md:
##########
@@ -23,24 +29,27 @@ title: referer-restriction
 
 ## Description
 
-The `referer-restriction` can restrict access to a Service or a Route by
-whitelisting/blacklisting request header Referrers.
+The `referer-restriction` Plugin can be used to restrict access to a Service or a Route by
+whitelisting/blacklisting the `Referer` request header.

Review Comment:
   Can you convert it to one line?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org