Right! This keeps it consistent with other plugin configurations.
李玉升 <leeys....@gmail.com> 于2022年3月10日周四 12:14写道:
> Hi, Jintao.
>
> Do you mean supporting both header and query at the same time, rather than
> one of them? e.g. read from header first, if it does not exist, fallback to
> query?
>
> On Wed, Mar 9, 2022 at 4:32 PM Jintao Zhang <zhangjin...@apache.org>
> wrote:
>
> > > How about parameter_source?
> > I prefer to be consistent with other configurations in APISIX's plugins,
> > such as using `header`, `query`, etc.
> >
> > YuanSheng Wang <membp...@apache.org> 于2022年3月9日周三 13:39写道:
> >
> > > > {
> > > > "plugins": {
> > > > "recaptcha": {
> > > > "apis":[
> > > > {
> > > > "path":"/login",
> > > > "methods":[ "POST" ],
> > > > "param_from":"header",
> > > > "param_name":"captcha"
> > >
> > > can we use this project? https://github.com/api7/lua-resty-expr
> > >
> > > `lua-resty-expr` should be simpler.
> > >
> > >
> > > On Tue, Mar 8, 2022 at 7:41 PM 李玉升 <leeys....@gmail.com> wrote:
> > >
> > > > Background
> > > > Google reCAPTCHA is a popular human-identify service in the world. It
> > > > protects website(API) from spam and abuse.
> > > >
> > > >
> > > >
> > > > For now, the APISIX users who want to integrate the reCAPTCHA service
> > in
> > > > their system, either write the plugin on their own or just leave it
> to
> > > the
> > > > backend microservices. Therefore, users have required the skills of
> > > plugin
> > > > development, or into a bad situation where the reCAPTCHA layer is
> > spread
> > > to
> > > > multiple microservices.
> > > >
> > > >
> > > >
> > > > Based on the pre context. It's will be great if APISIX has official
> > > > recaptcha plugin. Backend services can just focus on their core
> > business
> > > > logic and take every request as if it were sent by humans.
> > > >
> > > >
> > > >
> > > > Here is the code snippet of recaptcha plugin schema
> > > >
> > > > local schema = {
> > > > type = "object",
> > > > properties = {
> > > > -- The secret key of the Google reCAPTCHA service.
> > > > recaptcha_secret_key = { type = "string" },
> > > > -- The list of APIs needs to be verified by reCAPTCHA.
> > > > apis = {
> > > > type = "array",
> > > > items = {
> > > > type = "object",
> > > > properties = {
> > > > -- The API path
> > > > path = { type = "string" },
> > > > -- The list of HTTP method
> > > > methods = { type = "array", items = { type =
> > "string"
> > > > }, minItems = 1 },
> > > > -- The enum of captcha parameter source. Only
> > header,
> > > > query are supported.
> > > > param_from = {
> > > > type = "string",
> > > > default = "header",
> > > > enum = { "header", "query" }
> > > > },
> > > > -- The name of captcha parameter.
> > > > param_name = { type = "string", default =
> "captcha"
> > > },
> > > > }
> > > > },
> > > > minItems = 1
> > > > },
> > > > -- The response of invalid recaptcha token.
> > > > response = {
> > > > type = "object",
> > > > properties = {
> > > > content_type = { type = "string", default =
> > > > "application/json; charset=utf-8" },
> > > > status_code = { type = "number", default = 400 },
> > > > body = { type = "string", default = '{"message":
> > "invalid
> > > > captcha"}' }
> > > > }
> > > > },
> > > >
> > > > },
> > > > additionalProperties = false,
> > > > required = { "recaptcha_secret_key" },
> > > > }
> > > >
> > > >
> > > >
> > > >
> > > > And the example of plugin config
> > > >
> > > > {
> > > > "plugins": {
> > > > "recaptcha": {
> > > > "apis":[
> > > > {
> > > > "path":"/login",
> > > > "methods":[ "POST" ],
> > > > "param_from":"header",
> > > > "param_name":"captcha"
> > > > },
> > > > {
> > > > "path":"/users/*/active",
> > > > "methods":[ "POST" ],
> > > > "param_from":"query",
> > > > "param_name":"captcha"
> > > > }
> > > > ],
> > > > "response":{
> > > > "content_type":"application/json; charset=utf-8",
> > > > "body":"{\"message\":\"invalid captcha\"}\n",
> > > > "status_code":400
> > > > },
> > > >
> "recaptcha_secret_key":"6LeIxAcTAAAAAGGXXXXXXXXXXXXXXXXXXX"
> > > > }
> > > > }
> > > > }
> > > >
> > > >
> > > >
> > > >
> > > > The process would be like this
> > > > 1. client-side provides a recaptcha token(obtain from google JS
> SDK)
> > > when
> > > > invoking server API
> > > > 2. the plugin determines whether to verify the request based on the
> > > > plugin apis configuration.
> > > > 1. NO: request will continue
> > > > 2. YES: retrieve the captcha parameter from the request, and
> > > verify
> > > > it to the google recaptcha api. allowing the request if token valid,
> > > > terminating the request if token invalid.
> > > >
> > > >
> > > > plugin document:
> > > >
> > > >
> > >
> >
> https://github.com/apache/apisix/blob/41db53714936bb8e1099f477e50973b494118718/docs/en/latest/plugins/recaptcha.md
> > > >
> > >
> > >
> > > --
> > >
> > > *MembPhis*
> > > My GitHub: https://github.com/membphis
> > > Apache APISIX: https://github.com/apache/apisix
> > >
> >
>
