juzhiyuan commented on a change in pull request #1947: URL: https://github.com/apache/apisix/pull/1947#discussion_r489886319
########## File path: apisix/plugins/signature.lua ########## @@ -0,0 +1,214 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local redis_new = require("resty.redis").new +local ngx = ngx +local md5 = ngx.md5 +local encode_args = ngx.encode_args +local tonumber = tonumber +local plugin_name = "signature" + +local schema = { + type = "object", + properties = { + appkey = {type = "string",minLength = 5,maxLength = 32,pattern = [[^[a-zA-Z0-9_-]{5,32}$]]}, + secret = {type = "string",minLength = 1}, + algorithm = { + type = "string", + enum = {"md5"}, + default = "md5" + }, + timeout = {type = "integer", minimum = 10, default = 10}, + anti_reply = { + type = "boolean", + default = true + }, + policy = { + type = "string", + enum = {"redis"}, + default = "redis" + }, + redis_host = { Review comment: Please take a look at https://github.com/apache/apisix/blob/master/apisix/plugins/limit-count.lua#L59-L77 , your codes look good to me, but I would prefer using dependencies. ########## File path: apisix/plugins/signature.lua ########## @@ -0,0 +1,214 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local redis_new = require("resty.redis").new +local ngx = ngx +local md5 = ngx.md5 +local encode_args = ngx.encode_args +local tonumber = tonumber +local plugin_name = "signature" + +local schema = { + type = "object", + properties = { + appkey = {type = "string",minLength = 5,maxLength = 32,pattern = [[^[a-zA-Z0-9_-]{5,32}$]]}, + secret = {type = "string",minLength = 1}, + algorithm = { + type = "string", + enum = {"md5"}, + default = "md5" + }, + timeout = {type = "integer", minimum = 10, default = 10}, + anti_reply = { + type = "boolean", + default = true + }, + policy = { + type = "string", + enum = {"redis"}, + default = "redis" + }, + redis_host = { + type = "string", minLength = 2, default = "127.0.0.1" + }, + redis_port = { + type = "integer", minimum = 1, default = 6379 + }, + redis_password = { + type = "string", minLength = 0, default="" + }, + redis_timeout = { + type = "integer", minimum = 1 + }, + redis_keepalive = { + type = "integer", minimum = 10 + }, + redis_poolsize = { + type = "integer", minimum = 100 + }, + }, + required = {"appkey", "secret", "timeout", "algorithm"} +} + +local _M = { + version = 0.1, + priority = 2513, + type = 'auth', + name = plugin_name, + schema = schema, +} + +function _M.check_schema(conf) + local ok, err = core.schema.check(schema, conf) + if not ok then + return false, err + end + + if not conf.algorithm then Review comment: From codes above, `conf.algorithm` will always exist here I think? ########## File path: apisix/plugins/signature.lua ########## @@ -0,0 +1,214 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local redis_new = require("resty.redis").new +local ngx = ngx +local md5 = ngx.md5 +local encode_args = ngx.encode_args +local tonumber = tonumber +local plugin_name = "signature" + +local schema = { + type = "object", + properties = { + appkey = {type = "string",minLength = 5,maxLength = 32,pattern = [[^[a-zA-Z0-9_-]{5,32}$]]}, + secret = {type = "string",minLength = 1}, + algorithm = { + type = "string", + enum = {"md5"}, + default = "md5" + }, + timeout = {type = "integer", minimum = 10, default = 10}, + anti_reply = { + type = "boolean", + default = true + }, + policy = { + type = "string", + enum = {"redis"}, + default = "redis" + }, + redis_host = { + type = "string", minLength = 2, default = "127.0.0.1" + }, + redis_port = { + type = "integer", minimum = 1, default = 6379 + }, + redis_password = { + type = "string", minLength = 0, default="" + }, + redis_timeout = { + type = "integer", minimum = 1 + }, + redis_keepalive = { + type = "integer", minimum = 10 + }, + redis_poolsize = { + type = "integer", minimum = 100 + }, + }, + required = {"appkey", "secret", "timeout", "algorithm"} +} + +local _M = { + version = 0.1, + priority = 2513, + type = 'auth', + name = plugin_name, + schema = schema, +} + +function _M.check_schema(conf) + local ok, err = core.schema.check(schema, conf) + if not ok then + return false, err + end + + if not conf.algorithm then + conf.algorithm = "md5" + end + + if not conf.timeout then + conf.timeout = 10 + end + + if conf.policy == "redis" then + if not conf.redis_host then + return false, "missing valid redis option host" + end + + conf.redis_port = conf.redis_port or 6379 + conf.redis_timeout = conf.redis_timeout or 1000 + end + + return true +end + +local function get_args(action) + local query_params = ngx.req.get_uri_args() + local encode_query = encode_args(query_params) + local body = "" + if action ~= "GET" then + ngx.req.read_body() + body = ngx.req.get_body_data() + if "nil" == type(body) then + body = "" + end + end + + local args = encode_query .. body + core.log.info("request original args is: ",args) + return args +end + +local function anti_reply(conf,key) + local is_attack = false + local red = redis_new() + local timeout = conf.redis_timeout or 1000 -- 1sec + red:set_timeouts(timeout, timeout, timeout) + + local ok, err = red:connect(conf.redis_host, conf.redis_port or 6379) Review comment: Why not put the default 6379 in `check_schema` ? ########## File path: apisix/plugins/signature.lua ########## @@ -0,0 +1,214 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local redis_new = require("resty.redis").new +local ngx = ngx +local md5 = ngx.md5 +local encode_args = ngx.encode_args +local tonumber = tonumber +local plugin_name = "signature" + +local schema = { + type = "object", + properties = { + appkey = {type = "string",minLength = 5,maxLength = 32,pattern = [[^[a-zA-Z0-9_-]{5,32}$]]}, Review comment: There should have space beside `,` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
