You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/04/27 08:39:26 UTC
[GitHub] [apisix] riskgod opened a new issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
riskgod opened a new issue #4139:
URL: https://github.com/apache/apisix/issues/4139
Hey, here is the init apisix steps:
#### 设置key-auth
```
curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
"username": "bruce",
"plugins": {
"hmac-auth": {
"access_key": "user-key-bruce",
"secret_key": "my-secret-key—bruce",
"clock_skew": 5,
"keep_headers": true,
"signed_headers": ["Date", "app_id", "sys_name", "sys_event", "sign", "timestamp", "version"]
}
}
}'
```
#### 设置全部运行的插件 新加入熔断api-breaker
```
curl http://127.0.0.1:9080/apisix/admin/global_rules/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"request-id": {
"include_in_response": true
},
"hmac-auth":{},
"limit-req": {
"rate": 100,
"burst": 50,
"rejected_code": 503,
"key": "remote_addr"
},
"api-breaker": {
"break_response_code": 502,
"max_breaker_sec": 300,
"unhealthy": {
"http_statuses": [500, 503],
"failures": 1
},
"healthy": {
"http_statuses": [200, 201],
"successes": 1
}
}
}
}'
```
#### 设置upstream
```
curl http://127.0.0.1:9080/apisix/admin/upstreams/100 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d '
{
"type":"roundrobin",
"nodes":{
"127.0.0.1:8081": 1
}
}'
```
#### 设置service1
```
curl http://127.0.0.1:9080/apisix/admin/services/100 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"consumer-restriction": {
"whitelist": [
"bruce"
]
}
},
"upstream_id": 100
}'
```
#### 设置service2
```
curl http://127.0.0.1:9080/apisix/admin/services/101 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"consumer-restriction": {
"whitelist": [
"bruce"
]
}
},
"upstream_id": 100
}'
```
#### 设置checkAddress 的 router
```
curl http://127.0.0.1:9080/apisix/admin/routes/119 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["POST"],
"uri": "/checkAddress",
"service_id": "100"
}'
```
#### 设置checkHealth 的 router
```
curl http://127.0.0.1:9080/apisix/admin/routes/121 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/health",
"service_id": "100"
}'
```
#### 设置userWithdrawal 的 router
```
curl http://127.0.0.1:9080/apisix/admin/routes/120 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["POST"],
"uri": "/userWithdrawal",
"service_id": "100"
}'
```
### Test the hmac plugin
```
const crypto = require('crypto');
const axios = require('axios').default;
const today = new Date();
const dateNow = today.toGMTString();
console.log(dateNow)
const check_address =
`POST
/checkAddress
user-key-bruce
${dateNow}
Date:${dateNow}
app_id:222222
sys_name:asset/wallet/frontend
sys_event:deposit
sign:x010xx0101
timestamp:#1619434305
version:1
`;
const sign_string_bruce = crypto.createHmac('sha256', "my-secret-key—bruce").update(check_address).digest("base64");
console.log(sign_string_bruce)
async function testBruce() {
const bodyData = {
"coin":"BTC",
"address":"rpE6gE8jEN1trDwQwe47VmgDL5y6m3XX2n"
};
const headers = {
"Content-Type": "application/json",
"X-HMAC-SIGNATURE": sign_string_bruce,
"X-HMAC-ALGORITHM": "hmac-sha256",
"X-HMAC-ACCESS-KEY": "user-key-bruce",
"X-HMAC-SIGNED-HEADERS": "Date;app_id;sys_name,sys_event;sign;timestamp;version",
"Date": dateNow,
"app_id": 222222,
"sys_name": "asset/wallet/frontend",
"sys_event": "deposit",
"sign": "x010xx0101",
"timestamp":"#1619434305",
"version":1
}
try {
const options = {
method: 'POST',
headers: headers,
data: bodyData,
url: "http://127.0.0.1:9080/checkAddress"
};
const result = await axios(options);
console.log(result.data)
} catch (error) {
console.error(error.response.data)
}
}
testBruce()
```
### The result is
```
Tue, 27 Apr 2021 08:15:05 GMT
me5A/tAz2oVZ1GS1ktDadxD7WxDfrjSYOJSQEKvjq9w=
{ message: 'Invalid signed header sys_name,sys_event' }
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou edited a comment on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
Firstsawyou edited a comment on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827444501
According to the following information of https://github.com/apache/apisix/issues/4138:
>
> hey, after debug, the json is the same, but why shows the `{ message: 'Invalid signed header sys_name,sys_event' }`
> here is the debug json
>
> ```
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:311: validate(): headers_map: {"timestamp":true,"app_id":true,"Date":true,"sys_event":true,"sign":true,"version":true,"sys_name":true}, client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
>
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:314: validate(): signed_headers: ["Date","app_id","sys_name,sys_event","sign","timestamp","version"], client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
> ```
> { message: 'Invalid signed header sys_name,sys_event' }
This "sys_name,sys_event" is one header, not two headers. But they are two headers in headers_map.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] riskgod closed issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
riskgod closed issue #4139:
URL: https://github.com/apache/apisix/issues/4139
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827444501
According to the following information of https://github.com/apache/apisix/issues/4138:
>
> hey, after debug, the json is the same, but why shows the `{ message: 'Invalid signed header sys_name,sys_event' }`
> here is the debug json
>
> ```
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:311: validate(): headers_map: {"timestamp":true,"app_id":true,"Date":true,"sys_event":true,"sign":true,"version":true,"sys_name":true}, client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
>
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:314: validate(): signed_headers: ["Date","app_id","sys_name,sys_event","sign","timestamp","version"], client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
> ```
> { message: 'Invalid signed header sys_name,sys_event' }
This is one header, not two headers. But they are two headers in headers_map.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] riskgod commented on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
riskgod commented on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827456070
> According to the following information of [https://github.com/apache/apisix/issues/4138:](https://github.com/apache/apisix/issues/4138%EF%BC%9A)
>
> > hey, after debug, the json is the same, but why shows the `{ message: 'Invalid signed header sys_name,sys_event' }`
> > here is the debug json
> > ```
> > 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:311: validate(): headers_map: {"timestamp":true,"app_id":true,"Date":true,"sys_event":true,"sign":true,"version":true,"sys_name":true}, client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
> >
> > 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:314: validate(): signed_headers: ["Date","app_id","sys_name,sys_event","sign","timestamp","version"], client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
> > ```
>
> > { message: 'Invalid signed header sys_name,sys_event' }
>
> This `"sys_name,sys_event"` is one header, not two headers. But they are two headers in headers_map.
Is the `signed_headers` which I set is consumers?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] riskgod commented on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
riskgod commented on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827467549
After check the `signed_headers`, the err is `"X-HMAC-SIGNED-HEADERS": "Date;app_id;sys_name,sys_event;sign;timestamp;version",` after update it , the err is gone, thx
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] riskgod edited a comment on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
riskgod edited a comment on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827467549
After check the `signed_headers`, the err is `"X-HMAC-SIGNED-HEADERS": "sys_name,sys_event",` after update it , the err is gone, thx
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou edited a comment on issue #4139: request help: { message: 'Invalid signed header sys_name,sys_event' }
Posted by GitBox <gi...@apache.org>.
Firstsawyou edited a comment on issue #4139:
URL: https://github.com/apache/apisix/issues/4139#issuecomment-827444501
According to the following information of https://github.com/apache/apisix/issues/4138:
>
> hey, after debug, the json is the same, but why shows the `{ message: 'Invalid signed header sys_name,sys_event' }`
> here is the debug json
>
> ```
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:311: validate(): headers_map: {"timestamp":true,"app_id":true,"Date":true,"sys_event":true,"sign":true,"version":true,"sys_name":true}, client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
>
> 2021/04/27 16:16:15 [warn] 48159#118191: *314 [lua] hmac-auth.lua:314: validate(): signed_headers: ["Date","app_id","sys_name,sys_event","sign","timestamp","version"], client: 127.0.0.1, server: _, request: "POST /checkAddress HTTP/1.1", host: "127.0.0.1:9080"
> ```
> { message: 'Invalid signed header sys_name,sys_event' }
This `"sys_name,sys_event"` is one header, not two headers. But they are two headers in headers_map.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org