[GitHub] [apisix] membphis commented on a change in pull request #2301: feat: replace timestamp with date and time in GMT format in plugin `hmac-auth`

Thu, 24 Sep 2020 00:36:40 -0700 


membphis commented on a change in pull request #2301:
URL: https://github.com/apache/apisix/pull/2301#discussion_r494099405



##########
File path: apisix/plugins/hmac-auth.lua
##########
@@ -246,10 +246,13 @@ local function validate(ctx, params)
 
     core.log.info("clock_skew: ", conf.clock_skew)
     if conf.clock_skew and conf.clock_skew > 0 then
-        local diff = abs(ngx_time() - params.timestamp)
-        core.log.info("timestamp diff: ", diff)
-        if diff > conf.clock_skew then
-          return nil, {message = "Invalid timestamp"}
+        local time = ngx.parse_http_time(params.gmt)
+        if time then
+            local diff = abs(ngx_time() - time)
+            core.log.info("gmt diff: ", diff)
+            if diff > conf.clock_skew then
+            return nil, {message = "Invalid GMT format time"}

Review comment:
       bad indentation

##########
File path: apisix/plugins/hmac-auth.lua
##########
@@ -285,22 +288,22 @@ local function get_params(ctx)
     local access_key = ACCESS_KEY
     local signature_key = SIGNATURE_KEY
     local algorithm_key = ALGORITHM_KEY
-    local timestamp_key = TIMESTAMP_KEY
+    local http_date_key = HTTP_DATE_KEY
     local signed_headers_key = SIGNED_HEADERS_KEY
 
     if try_attr(local_conf, "plugin_attr", "hmac-auth") then
         local attr = local_conf.plugin_attr["hmac-auth"]
         access_key = attr.access_key or access_key
         signature_key = attr.signature_key or signature_key
         algorithm_key = attr.algorithm_key or algorithm_key
-        timestamp_key = attr.timestamp_key or timestamp_key
+        http_date_key = attr.http_date_key or http_date_key
         signed_headers_key = attr.signed_headers_key or signed_headers_key
     end
 
     local app_key = core.request.header(ctx, access_key)
     local signature = core.request.header(ctx, signature_key)
     local algorithm = core.request.header(ctx, algorithm_key)
-    local timestamp = core.request.header(ctx, timestamp_key)
+    local gmt = core.request.header(ctx, http_date_key)

Review comment:
       `gmt` is not a good name

##########
File path: apisix/plugins/hmac-auth.lua
##########
@@ -218,7 +218,7 @@ local function generate_signature(ctx, secret_key, params)
 
     local signing_string = request_method .. canonical_uri
                             .. canonical_query_string
-                            .. params.access_key .. params.timestamp
+                            .. params.access_key .. params.gmt

Review comment:
       I think `params.date` is better




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to