You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/04/19 12:59:42 UTC
[GitHub] [apisix] riskgod opened a new issue #4083: request help: hmac {"message":"Invalid signature"} in POST test
riskgod opened a new issue #4083:
URL: https://github.com/apache/apisix/issues/4083
### Issue description
hey, I am using node to create the X-HMAC-SIGNATURE, but it always return "Invalid signature"
#### create one consumer
```
curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
"username": "kelly",
"plugins": {
"hmac-auth": {
"access_key": "user-key-kelly",
"secret_key": "my-secret-key—kelly",
"clock_skew": 0,
"signed_headers": ["User-Agent", "x-custom-a"]
}
}
}'
```
#### enable the plugin global
```
curl http://127.0.0.1:9080/apisix/admin/global_rules/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"request-id": {
"include_in_response": true
},
"hmac-auth":{},
"limit-req": {
"rate": 1,
"burst": 0,
"rejected_code": 503,
"key": "remote_addr"
},
"tcp-logger": {
"host": "127.0.0.1",
"port": 5000,
"tls": false,
"batch_max_size": 1,
"name": "tcp logger"
}
}
}'
```
#### set upstream
```
curl http://127.0.0.1:9080/apisix/admin/upstreams/100 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d '
{
"type":"roundrobin",
"nodes":{
"127.0.0.1:8081": 1
}
}'
```
#### set router
```
curl http://127.0.0.1:9080/apisix/admin/routes/119 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["POST"],
"uri": "/checkAddress",
"plugins": {
"consumer-restriction": {
"whitelist": [
"kelly"
]
}
},
"upstream_id": "100"
}'
```
#### Use node.js to create the signature
```
const crypto = require('crypto');
const signing_string =
`POST
/checkAddress
user-key-kelly
Tue, 19 Jan 2021 11:33:20 GMT
User-Agent:curl/7.29.0
x-custom-a:test
`
const test = crypto.createHmac('sha256', "my-secret-key—kelly").update(signing_string).digest("base64");
console.log(test)
```
#### Test the plugin
```
curl -d '{"coin":"BTC", "address":"rpE6gE8jEN1trDwQwe47VmgDL5y6m3XX2n"}' -X POST 'http://127.0.0.1:9080/checkAddress' \
-H "Content-Type: application/json" \
-H "X-HMAC-SIGNATURE: u+g/xifNHVzw3VdUf0bAkVb6EsJN7duNKHFp8MmkryU=" \
-H "X-HMAC-ALGORITHM: hmac-sha256" \
-H "X-HMAC-ACCESS-KEY: user-key-kelly" \
-H "Date: Tue, 19 Jan 2021 11:33:20 GMT" \
-H "X-HMAC-SIGNED-HEADERS: User-Agent;x-custom-a" \
-H "User-Agent: curl/7.29.0" \
-H "x-custom-a: test"
```
#### Result
```
{"message":"Invalid signature"}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] riskgod closed issue #4083: request help: hmac {"message":"Invalid signature"} in POST test
Posted by GitBox <gi...@apache.org>.
riskgod closed issue #4083:
URL: https://github.com/apache/apisix/issues/4083
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4083: request help: hmac {"message":"Invalid signature"} in POST test
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4083:
URL: https://github.com/apache/apisix/issues/4083#issuecomment-822492256
> const signing_string =
> `POST
> /checkAddress
> user-key-kelly
> Tue, 19 Jan 2021 11:33:20 GMT
> User-Agent:curl/7.29.0
> x-custom-a:test
> `
According to the signature formula `signing_string = HTTP Method + \n + HTTP URI + \n + canonical_query_string + \n + access_key + \n + Date + \n + signed_headers_string`, you can try the following signature string:
```
const signing_string =
`POST
/checkAddress
user-key-kelly
Tue, 19 Jan 2021 11:33:20 GMT
User-Agent:curl/7.29.0
x-custom-a:test
`
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org