shreemaan-abhishek commented on code in PR #11095:
URL: https://github.com/apache/apisix/pull/11095#discussion_r1542505149
##########
apisix/plugins/jwe-decrypt.lua:
##########
@@ -71,15 +72,26 @@ function _M.check_schema(conf, schema_type)
return false, err
end
- -- restrict the length of secret, we use A256GCM for encryption,
- -- so the length should be 32 chars only
- if conf.is_base64_encoded then
- if #base64.decode_base64url(conf.secret) ~= 32 then
- return false, "the secret length after base64 decode should
be 32 chars"
- end
- else
- if #conf.secret ~= 32 then
- return false, "the secret length should be 32 chars"
+ local local_conf, err = core.config.local_conf(true)
+ if not local_conf then
+ return false, "failed to load the configuration file: " .. err
+ end
+
+ local encrypted = core.table.try_read_attr(local_conf, "apisix",
"data_encryption",
+ "enable_encrypt_fields") and (core.config.type == "etcd")
Review Comment:
if data encryption is enabled then the secret length will be more than 32.
So we should not check the length if data encryption is on.
> I think the check_schema is run before the fields encrypted.
yes. This is why we cannot use the code in `plugin.lua`, so I just copied
the logic 😅
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
