This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new b2940177e fix: auth plugin repeats the rewrite phase (#7531)
b2940177e is described below
commit b2940177e4bea18f39ec1654a47ee7ae2e256ad0
Author: tzssangglass <[email protected]>
AuthorDate: Wed Jul 27 17:05:43 2022 +0800
fix: auth plugin repeats the rewrite phase (#7531)
---
apisix/plugin.lua | 14 ++++++----
t/node/consumer-plugin2.t | 65 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 74 insertions(+), 5 deletions(-)
diff --git a/apisix/plugin.lua b/apisix/plugin.lua
index e87dbc750..a624a5696 100644
--- a/apisix/plugin.lua
+++ b/apisix/plugin.lua
@@ -881,13 +881,17 @@ function _M.run_plugin(phase, plugins, api_ctx)
and phase ~= "delayed_body_filter"
then
for i = 1, #plugins, 2 do
- if phase == "rewrite_in_consumer" and plugins[i + 1]._from_consumer
- and plugins[i].type ~= "auth"then
- phase = "rewrite"
+ local phase_func
+ if phase == "rewrite_in_consumer" then
+ if plugins[i].type == "auth" then
+ plugins[i + 1]._skip_rewrite_in_consumer = true
+ end
+ phase_func = plugins[i]["rewrite"]
+ else
+ phase_func = plugins[i][phase]
end
- local phase_func = plugins[i][phase]
- if phase == "rewrite" and plugins[i + 1]._skip_rewrite_in_consumer
then
+ if phase == "rewrite_in_consumer" and plugins[i +
1]._skip_rewrite_in_consumer then
goto CONTINUE
end
diff --git a/t/node/consumer-plugin2.t b/t/node/consumer-plugin2.t
index 249441a6c..c05762f40 100644
--- a/t/node/consumer-plugin2.t
+++ b/t/node/consumer-plugin2.t
@@ -238,3 +238,68 @@ x-real-ip: 127.0.0.1
}
--- response_body
{"key-auth":true,"proxy-rewrite":true}
+
+
+
+=== TEST 7: configure non-auth plugins in the consumer and run it's rewrite
phase
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/consumers/jack',
+ ngx.HTTP_PUT,
+ [[{
+ "username": "jack",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "ip-restriction": {
+ "blacklist": [
+ "127.0.0.0/24"
+ ]
+ }
+ }
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ ngx.say(body)
+ return
+ end
+
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "key-auth": {}
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 8: hit routes and ip-restriction work well
+--- request
+GET /hello
+--- more_headers
+apikey: auth-jack
+--- error_code: 403
+--- response_body
+{"message":"Your IP address is not allowed"}
