Agree, I had pointed out similar issues in the PR, but there seems to be some disagreement.
comments: https://github.com/apache/apisix/pull/6512#discussion_r819439267 YuanSheng Wang <membp...@apache.org> 于2022年3月9日周三 16:38写道: > On Wed, Mar 9, 2022 at 1:39 PM YuanSheng Wang <membp...@apache.org> wrote: > > > > { > > > "plugins": { > > > "recaptcha": { > > > "apis":[ > > > { > > > "path":"/login", > > > "methods":[ "POST" ], > > > "param_from":"header", > > > "param_name":"captcha" > > > > can we use this project? https://github.com/api7/lua-resty-expr > > > > `lua-resty-expr` should be simpler. > > > > > Please ignore this message. > > BTW, I think we can remove `apis`. We can bind the plugin recaptcha to a > specific APISIX route. > It is easier to use. > If the community needs more power, we can implement it later. > > > > > > On Tue, Mar 8, 2022 at 7:41 PM 李玉升 <leeys....@gmail.com> wrote: > > > >> Background > >> Google reCAPTCHA is a popular human-identify service in the world. It > >> protects website(API) from spam and abuse. > >> > >> > >> > >> For now, the APISIX users who want to integrate the reCAPTCHA service in > >> their system, either write the plugin on their own or just leave it to > the > >> backend microservices. Therefore, users have required the skills of > plugin > >> development, or into a bad situation where the reCAPTCHA layer is spread > >> to > >> multiple microservices. > >> > >> > >> > >> Based on the pre context. It's will be great if APISIX has official > >> recaptcha plugin. Backend services can just focus on their core business > >> logic and take every request as if it were sent by humans. > >> > >> > >> > >> Here is the code snippet of recaptcha plugin schema > >> > >> local schema = { > >> type = "object", > >> properties = { > >> -- The secret key of the Google reCAPTCHA service. > >> recaptcha_secret_key = { type = "string" }, > >> -- The list of APIs needs to be verified by reCAPTCHA. > >> apis = { > >> type = "array", > >> items = { > >> type = "object", > >> properties = { > >> -- The API path > >> path = { type = "string" }, > >> -- The list of HTTP method > >> methods = { type = "array", items = { type = > "string" > >> }, minItems = 1 }, > >> -- The enum of captcha parameter source. Only > header, > >> query are supported. > >> param_from = { > >> type = "string", > >> default = "header", > >> enum = { "header", "query" } > >> }, > >> -- The name of captcha parameter. > >> param_name = { type = "string", default = "captcha" > }, > >> } > >> }, > >> minItems = 1 > >> }, > >> -- The response of invalid recaptcha token. > >> response = { > >> type = "object", > >> properties = { > >> content_type = { type = "string", default = > >> "application/json; charset=utf-8" }, > >> status_code = { type = "number", default = 400 }, > >> body = { type = "string", default = '{"message": > "invalid > >> captcha"}' } > >> } > >> }, > >> > >> }, > >> additionalProperties = false, > >> required = { "recaptcha_secret_key" }, > >> } > >> > >> > >> > >> > >> And the example of plugin config > >> > >> { > >> "plugins": { > >> "recaptcha": { > >> "apis":[ > >> { > >> "path":"/login", > >> "methods":[ "POST" ], > >> "param_from":"header", > >> "param_name":"captcha" > >> }, > >> { > >> "path":"/users/*/active", > >> "methods":[ "POST" ], > >> "param_from":"query", > >> "param_name":"captcha" > >> } > >> ], > >> "response":{ > >> "content_type":"application/json; charset=utf-8", > >> "body":"{\"message\":\"invalid captcha\"}\n", > >> "status_code":400 > >> }, > >> "recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX" > >> } > >> } > >> } > >> > >> > >> > >> > >> The process would be like this > >> 1. client-side provides a recaptcha token(obtain from google JS SDK) > >> when > >> invoking server API > >> 2. the plugin determines whether to verify the request based on the > >> plugin apis configuration. > >> 1. NO: request will continue > >> 2. YES: retrieve the captcha parameter from the request, and > verify > >> it to the google recaptcha api. allowing the request if token valid, > >> terminating the request if token invalid. > >> > >> > >> plugin document: > >> > >> > https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md > >> > > > > > > -- > > > > *MembPhis* > > My GitHub: https://github.com/membphis > > Apache APISIX: https://github.com/apache/apisix > > > > > -- > > *MembPhis* > My GitHub: https://github.com/membphis > Apache APISIX: https://github.com/apache/apisix >
