This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 4f83f09 fix: return response code and msg instead of exit directly in
plugins. (#2115)
4f83f09 is described below
commit 4f83f09eebbf10e5b33765c6b331e42fdc3862e3
Author: nic-chen <[email protected]>
AuthorDate: Tue Aug 25 09:56:45 2020 +0800
fix: return response code and msg instead of exit directly in plugins.
(#2115)
---
.travis/linux_openresty_runner.sh | 2 +
apisix/plugins/authz-keycloak.lua | 13 ++---
apisix/plugins/fault-injection.lua | 2 +-
apisix/plugins/redirect.lua | 4 +-
apisix/plugins/request-validation.lua | 10 ++--
apisix/plugins/uri-blocker.lua | 2 +-
doc/plugin-develop.md | 2 +
doc/zh-cn/plugin-develop.md | 2 +
.../fault-injection.lua => t/fake-plugin-exit.lua | 44 ++++-------------
utils/check-plugins-code.sh | 56 ++++++++++++++++++++++
10 files changed, 86 insertions(+), 51 deletions(-)
diff --git a/.travis/linux_openresty_runner.sh
b/.travis/linux_openresty_runner.sh
index caba1d1..6cc48b4 100755
--- a/.travis/linux_openresty_runner.sh
+++ b/.travis/linux_openresty_runner.sh
@@ -167,6 +167,8 @@ script() {
./bin/apisix stop
sleep 1
+ sudo sh ./utils/check-plugins-code.sh
+
make lint && make license-check || exit 1
APISIX_ENABLE_LUACOV=1 PERL5LIB=.:$PERL5LIB prove -Itest-nginx/lib -r t
}
diff --git a/apisix/plugins/authz-keycloak.lua
b/apisix/plugins/authz-keycloak.lua
index 66dc1de..cfe3352 100644
--- a/apisix/plugins/authz-keycloak.lua
+++ b/apisix/plugins/authz-keycloak.lua
@@ -92,8 +92,7 @@ local function evaluate_permissions(conf, token)
end
if not is_path_protected(conf) and conf.policy_enforcement_mode ==
"ENFORCING" then
- core.response.exit(403)
- return
+ return 403
end
local httpc = http.new()
@@ -126,13 +125,12 @@ local function evaluate_permissions(conf, token)
if not httpc_res then
core.log.error("error while sending authz request to [", host ,"]
port[",
tostring(port), "] ", httpc_err)
- core.response.exit(500, httpc_err)
- return
+ return 500, httpc_err
end
if httpc_res.status >= 400 then
core.log.error("status code: ", httpc_res.status, " msg: ",
httpc_res.body)
- core.response.exit(httpc_res.status, httpc_res.body)
+ return httpc_res.status, httpc_res.body
end
end
@@ -159,7 +157,10 @@ function _M.rewrite(conf, ctx)
return 401, {message = "Missing JWT token in request"}
end
- evaluate_permissions(conf, jwt_token)
+ local status, body = evaluate_permissions(conf, jwt_token)
+ if status then
+ return status, body
+ end
end
diff --git a/apisix/plugins/fault-injection.lua
b/apisix/plugins/fault-injection.lua
index 583ca0f..3e72494 100644
--- a/apisix/plugins/fault-injection.lua
+++ b/apisix/plugins/fault-injection.lua
@@ -66,7 +66,7 @@ function _M.rewrite(conf, ctx)
end
if conf.abort and conf.abort.http_status ~= nil then
- core.response.exit(conf.abort.http_status, conf.abort.body)
+ return conf.abort.http_status, conf.abort.body
end
end
diff --git a/apisix/plugins/redirect.lua b/apisix/plugins/redirect.lua
index ca36ac6..6481973 100644
--- a/apisix/plugins/redirect.lua
+++ b/apisix/plugins/redirect.lua
@@ -141,11 +141,11 @@ function _M.rewrite(conf, ctx)
if not new_uri then
core.log.error("failed to generate new uri by: ", uri, " error: ",
err)
- core.response.exit(500)
+ return 500
end
core.response.set_header("Location", new_uri)
- core.response.exit(ret_code)
+ return ret_code
end
end
diff --git a/apisix/plugins/request-validation.lua
b/apisix/plugins/request-validation.lua
index 438dbb2..e7bf0d2 100644
--- a/apisix/plugins/request-validation.lua
+++ b/apisix/plugins/request-validation.lua
@@ -72,7 +72,7 @@ function _M.rewrite(conf)
local ok, err = core.schema.check(conf.header_schema, headers)
if not ok then
core.log.error("req schema validation failed", err)
- core.response.exit(400, err)
+ return 400, err
end
end
@@ -84,11 +84,11 @@ function _M.rewrite(conf)
if not body then
local filename = ngx.req.get_body_file()
if not filename then
- return core.response.exit(500)
+ return 500
end
local fd = io.open(filename, 'rb')
if not fd then
- return core.response.exit(500)
+ return 500
end
body = fd:read('*a')
end
@@ -101,13 +101,13 @@ function _M.rewrite(conf)
if not req_body then
core.log.error('failed to decode the req body', error)
- return core.response.exit(400, error)
+ return 400, error
end
local ok, err = core.schema.check(conf.body_schema, req_body)
if not ok then
core.log.error("req schema validation failed", err)
- return core.response.exit(400, err)
+ return 400, err
end
end
end
diff --git a/apisix/plugins/uri-blocker.lua b/apisix/plugins/uri-blocker.lua
index b3dba18..4c4833d 100644
--- a/apisix/plugins/uri-blocker.lua
+++ b/apisix/plugins/uri-blocker.lua
@@ -86,7 +86,7 @@ function _M.rewrite(conf, ctx)
local from = re_find(ctx.var.request_uri, conf.block_rules_concat, "jo")
if from then
- core.response.exit(conf.rejected_code)
+ return conf.rejected_code
end
end
diff --git a/doc/plugin-develop.md b/doc/plugin-develop.md
index 052f298..c225246 100644
--- a/doc/plugin-develop.md
+++ b/doc/plugin-develop.md
@@ -154,6 +154,8 @@ function _M.log(conf)
end
```
+**Note : we can't invoke `ngx.exit` or `core.respond.exit` in rewrite phase
and access phase. if need to exit, just return the status and body, the plugin
engine will make the exit happen with the returned status and body.
[example](https://github.com/apache/apisix/blob/master/apisix/plugins/limit-count.lua#L132)**
+
## implement the logic
Write the logic of the plugin in the corresponding phase.
diff --git a/doc/zh-cn/plugin-develop.md b/doc/zh-cn/plugin-develop.md
index 0c5356b..549232a 100644
--- a/doc/zh-cn/plugin-develop.md
+++ b/doc/zh-cn/plugin-develop.md
@@ -139,6 +139,8 @@ $(INSTALL) apisix/plugins/skywalking/*.lua
$(INST_LUADIR)/apisix/plugins/skywalk
该插件在 rewrite 、access 阶段执行都可以,项目中是用 rewrite 阶段执行认证逻辑,一般 IP 准入、接口权限是在 access 阶段
完成的。
+**注意:我们不能在 rewrite 和 access 阶段调用 `ngx.exit` 或者
`core.respond.exit`。如果确实需要退出,只需要 return 状态码和正文,插件引擎将使用返回的状态码和正文进行退出。**
+
## 编写执行逻辑
在对应的阶段方法里编写功能的逻辑代码。
diff --git a/apisix/plugins/fault-injection.lua b/t/fake-plugin-exit.lua
similarity index 50%
copy from apisix/plugins/fault-injection.lua
copy to t/fake-plugin-exit.lua
index 583ca0f..a654874 100644
--- a/apisix/plugins/fault-injection.lua
+++ b/t/fake-plugin-exit.lua
@@ -14,60 +14,32 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
-local core = require("apisix.core")
-local sleep = ngx.sleep
-
-local plugin_name = "fault-injection"
+local core = require("apisix.core")
local schema = {
type = "object",
properties = {
- abort = {
- type = "object",
- properties = {
- http_status = {type = "integer", minimum = 200},
- body = {type = "string", minLength = 0},
- },
- required = {"http_status"}
- },
- delay = {
- type = "object",
- properties = {
- duration = {type = "number", minimum = 0},
- },
- required = {"duration"}
- }
- },
- minProperties = 1,
+ }
}
+
+local plugin_name = "uri-blocker"
+
local _M = {
version = 0.1,
- priority = 11000,
+ priority = 2900,
name = plugin_name,
schema = schema,
}
-function _M.check_schema(conf)
- local ok, err = core.schema.check(schema, conf)
- if not ok then
- return false, err
- end
+function _M.check_schema(conf)
return true
end
function _M.rewrite(conf, ctx)
- core.log.info("plugin rewrite phase, conf: ", core.json.delay_encode(conf))
-
- if conf.delay and conf.delay.duration ~= nil then
- sleep(conf.delay.duration)
- end
-
- if conf.abort and conf.abort.http_status ~= nil then
- core.response.exit(conf.abort.http_status, conf.abort.body)
- end
+ core.respond.exit(400)
end
diff --git a/utils/check-plugins-code.sh b/utils/check-plugins-code.sh
new file mode 100755
index 0000000..7d85e9b
--- /dev/null
+++ b/utils/check-plugins-code.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+checkfunc () {
+ funccontent=$1
+ [[ $funccontent =~ "core.response.exit" ]] && echo "can't exit in rewrite
or access phase !" && exit 1
+ [[ $funccontent =~ "ngx.exit" ]] && echo "can't exit in rewrite or access
phase !" && exit 1
+ echo "passed."
+}
+
+
+filtercode () {
+ content=$1
+
+ rcontent=${content##*_M.rewrite}
+ rewritefunc=${rcontent%%function*}
+ checkfunc "$rewritefunc"
+
+ rcontent=${content##*_M.access}
+ accessfunc=${rcontent%%function*}
+ checkfunc "$accessfunc"
+}
+
+
+for file in apisix/plugins/*.lua
+do
+ if test -f $file
+ then
+ echo $file
+ content=$(cat $file)
+ filtercode "$content"
+ fi
+done
+
+# test case for check
+content=$(cat t/fake-plugin-exit.lua)
+filtercode "$content" > test.log 2>&1 || (cat test.log && exit 1)
+
+echo "done."
