moonming commented on a change in pull request #2244: URL: https://github.com/apache/apisix/pull/2244#discussion_r490026730
########## File path: conf/config.yaml ########## @@ -21,3 +21,9 @@ # host: # - "http://127.0.0.1:2379" # +apisix: + admin_key: + - + name: "admin" + key: edd1c9f034335f136f87ad84b625c8f1 # please update the default token for safe Review comment: `using fixed API token has security risk, please update it when you deploy to production environment` ########## File path: bin/apisix ########## @@ -812,6 +814,51 @@ local function init() end -- print("etcd: ", yaml_conf.etcd.host) + -- check the Admin API token + if yaml_conf.apisix.enable_admin and yaml_conf.apisix.allow_admin then + for _, allow_ip in ipairs(yaml_conf.apisix.allow_admin) do + if allow_ip == "127.0.0.0/24" then + is_checked_admin_key = true + end + end + end + + if yaml_conf.apisix.enable_admin and not is_checked_admin_key then + is_checked_admin_key = true + local help = [[ + +%s +Please set a new Admin API key and store it in the `conf/config.yaml` file. + +]] + if type(yaml_conf.apisix.admin_key) ~= "table" or + #yaml_conf.apisix.admin_key == 0 + then + io.stderr:write(help:format("ERROR: missing valid Admin API Key")) + os.exit(1) + end + + for _, admin in ipairs(yaml_conf.apisix.admin_key) do + if type(admin.key) == "table" then + admin.key = "" + else + admin.key = tostring(admin.key) + end + + if admin.key == "" then + io.stderr:write(help:format("ERROR: missing valid Admin API Key"), "\n") + os.exit(1) + end + + if admin.key == "edd1c9f034335f136f87ad84b625c8f1" then + io.stderr:write( + help:format("WARNING: using the default Key is very dangerous."), Review comment: `using the default Key is very dangerous.` -> `using fixed API token has security risk, please modify "admin_key" in conf/config.yaml` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org