[GitHub] [apisix] moonming commented on a change in pull request #2244: bugfix(CLI): if the user used default token and allow any IP to acces…

Thu, 17 Sep 2020 00:25:39 -0700 


moonming commented on a change in pull request #2244:
URL: https://github.com/apache/apisix/pull/2244#discussion_r490026730



##########
File path: conf/config.yaml
##########
@@ -21,3 +21,9 @@
 #     host:
 #       - "http://127.0.0.1:2379";
 #
+apisix:
+  admin_key:
+    -
+      name: "admin"
+      key: edd1c9f034335f136f87ad84b625c8f1 # please update the default token 
for safe

Review comment:
       `using fixed API token has security risk, please update it when you 
deploy to production environment`

##########
File path: bin/apisix
##########
@@ -812,6 +814,51 @@ local function init()
     end
     -- print("etcd: ", yaml_conf.etcd.host)
 
+    -- check the Admin API token
+    if yaml_conf.apisix.enable_admin and yaml_conf.apisix.allow_admin then
+        for _, allow_ip in ipairs(yaml_conf.apisix.allow_admin) do
+            if allow_ip == "127.0.0.0/24" then
+                is_checked_admin_key = true
+            end
+        end
+    end
+
+    if yaml_conf.apisix.enable_admin and not is_checked_admin_key then
+        is_checked_admin_key = true
+        local help = [[
+
+%s
+Please set a new Admin API key and store it in the `conf/config.yaml` file.
+
+]]
+        if type(yaml_conf.apisix.admin_key) ~= "table" or
+           #yaml_conf.apisix.admin_key == 0
+        then
+            io.stderr:write(help:format("ERROR: missing valid Admin API Key"))
+            os.exit(1)
+        end
+
+        for _, admin in ipairs(yaml_conf.apisix.admin_key) do
+            if type(admin.key) == "table" then
+                admin.key = ""
+            else
+                admin.key = tostring(admin.key)
+            end
+
+            if admin.key == "" then
+                io.stderr:write(help:format("ERROR: missing valid Admin API 
Key"), "\n")
+                os.exit(1)
+            end
+
+            if admin.key == "edd1c9f034335f136f87ad84b625c8f1" then
+                io.stderr:write(
+                    help:format("WARNING: using the default Key is very 
dangerous."),

Review comment:
       `using the default Key is very dangerous.` -> `using fixed API token has 
security risk, please modify "admin_key" in conf/config.yaml`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to