[GitHub] [apisix] tzssangglass commented on a diff in pull request #8206: feat: support hide credentials for jwt-auth plugin

[GitBox <gi...@apache.org>]

tzssangglass commented on code in PR #8206:
URL: https://github.com/apache/apisix/pull/8206#discussion_r1009234921


##########
apisix/plugins/jwt-auth.lua:
##########
@@ -357,8 +361,31 @@ local function algorithm_handler(consumer, method_only)
     end
 end
 
+local function set_our_cookie(name, val)
+    core.response.add_header("Set-Cookie", name .. "=" .. val)
+end
+
 
 function _M.rewrite(conf, ctx)
+    local from_header = true
+    local header_key = core.request.header(ctx, conf.header)
+
+    local from_query = true
+
+    if not header_key then
+        from_header = false
+        local uri_args = core.request.get_uri_args(ctx) or {}
+        header_key = uri_args[conf.query]
+        if not header_key then
+            from_query = false
+            local cookie = ctx.var["cookie_" .. conf.cookie]
+            if not cookie then
+                core.log.info("failed to fetch JWT token")
+                return 401, {message = "Missing JWT token in request"}
+            end
+        end
+    end

Review Comment:
   we don't need to add this logic in this PR, we just do same things as: https://github.com/apache/apisix/pull/6670/files



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org