looks good to me.
There are some performance issues that can be optimized, which can be
discussed in detail in PR.
Looking forward to this PR :)
Thanks,
Ming Wen, Apache APISIX
Twitter: _WenMing
Kowloon Zh <kowloo...@gmail.com> 于2020年1月5日周日 下午10:42写道:
> Hi folks,
>
> The most commonly used HTTP authentication scheme is HTTP Basic
> authentication.
>
> I want to add a basic auth plugin to apisix apache, It should have the
> following functions:
>
> 1. API for users to dynamically add and query basic authorization
> information.
>
> function _M.api()
> return {
> {
> methods = { "GET" },
> uri = "/apisix/plugin/basic-auth/get",
> handler = get_auth,
> },
> {
> methods = { "POST", "PUT" },
> uri = "/apisix/plugin/basic-auth/set",
> handler = set_auth,
> }
> }
> end
>
> 2. Verify basic authrization during the access phase.
>
> function _M.access(conf, ctx)
> core.log.info("plugin access phase, conf: ",
> core.json.delay_encode(conf))
>
> -- 0. check conf enable
> if not conf.enable then
> return
> end
>
> -- 1. extract username and password from basic_auth header
> local headers = ngx.req.get_headers()
> if not headers.Authorization then
> return 401, { message = "authorization is required" }
> end
>
> local username, password, err =
> extract_auth_header(headers.Authorization)
> if err then
> return 401, { message = err }
> end
>
> -- 2. get user info from etcd
> local res = authorizations_etcd:get(username)
> if res == nil then
> return 401, { message = "failed to find authorization from etcd" }
> end
>
> -- 3. check if user exists
> if not res.value or not res.value.id then
> return 401, { message = "user is not found" }
> end
>
> local value = res.value
>
> -- 4. check if password correct
> if value.password ~= password then
> return 401, { message = "password is error" }
> end
> end
>
>
> Can anyone give some advice? Is this is needed for your scenarios?
>
