This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 32bae9594f95ea1a279460e4bf55afab57e18216 Author: tzssangglass <[email protected]> AuthorDate: Wed Jul 27 17:05:43 2022 +0800 fix: auth plugin repeats the rewrite phase (#7531) --- apisix/plugin.lua | 14 ++++++---- t/node/consumer-plugin2.t | 65 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 5 deletions(-) diff --git a/apisix/plugin.lua b/apisix/plugin.lua index e87dbc750..a624a5696 100644 --- a/apisix/plugin.lua +++ b/apisix/plugin.lua @@ -881,13 +881,17 @@ function _M.run_plugin(phase, plugins, api_ctx) and phase ~= "delayed_body_filter" then for i = 1, #plugins, 2 do - if phase == "rewrite_in_consumer" and plugins[i + 1]._from_consumer - and plugins[i].type ~= "auth"then - phase = "rewrite" + local phase_func + if phase == "rewrite_in_consumer" then + if plugins[i].type == "auth" then + plugins[i + 1]._skip_rewrite_in_consumer = true + end + phase_func = plugins[i]["rewrite"] + else + phase_func = plugins[i][phase] end - local phase_func = plugins[i][phase] - if phase == "rewrite" and plugins[i + 1]._skip_rewrite_in_consumer then + if phase == "rewrite_in_consumer" and plugins[i + 1]._skip_rewrite_in_consumer then goto CONTINUE end diff --git a/t/node/consumer-plugin2.t b/t/node/consumer-plugin2.t index 249441a6c..c05762f40 100644 --- a/t/node/consumer-plugin2.t +++ b/t/node/consumer-plugin2.t @@ -238,3 +238,68 @@ x-real-ip: 127.0.0.1 } --- response_body {"key-auth":true,"proxy-rewrite":true} + + + +=== TEST 7: configure non-auth plugins in the consumer and run it's rewrite phase +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/jack', + ngx.HTTP_PUT, + [[{ + "username": "jack", + "plugins": { + "key-auth": { + "key": "auth-jack" + }, + "ip-restriction": { + "blacklist": [ + "127.0.0.0/24" + ] + } + } + }]] + ) + if code >= 300 then + ngx.status = code + ngx.say(body) + return + end + + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "key-auth": {} + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 8: hit routes and ip-restriction work well +--- request +GET /hello +--- more_headers +apikey: auth-jack +--- error_code: 403 +--- response_body +{"message":"Your IP address is not allowed"}
