This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new e36db170f fix(request.header): core.request.header return string
instead of table (#11127)
e36db170f is described below
commit e36db170f7e7d3ca0901bedd66ff175f55557250
Author: Ashing Zheng <[email protected]>
AuthorDate: Mon Apr 8 16:23:13 2024 +0800
fix(request.header): core.request.header return string instead of table
(#11127)
---
apisix/core/request.lua | 4 +-
apisix/plugins/real-ip.lua | 4 +-
apisix/plugins/ua-restriction.lua | 4 +-
t/core/request.t | 4 +-
t/plugin/hmac-auth.t | 83 +++++++++++++++++++++++++++++++++------
5 files changed, 83 insertions(+), 16 deletions(-)
diff --git a/apisix/core/request.lua b/apisix/core/request.lua
index 0c614edf1..98b357f7a 100644
--- a/apisix/core/request.lua
+++ b/apisix/core/request.lua
@@ -107,7 +107,9 @@ function _M.header(ctx, name)
if not ctx then
ctx = ngx.ctx.api_ctx
end
- return _headers(ctx)[name]
+
+ local value = _headers(ctx)[name]
+ return type(value) == "table" and value[1] or value
end
local function modify_header(ctx, header_name, header_value, override)
diff --git a/apisix/plugins/real-ip.lua b/apisix/plugins/real-ip.lua
index 71c33095b..212199662 100644
--- a/apisix/plugins/real-ip.lua
+++ b/apisix/plugins/real-ip.lua
@@ -90,7 +90,9 @@ end
local function get_addr(conf, ctx)
if conf.source == "http_x_forwarded_for" then
-- use the last address from X-Forwarded-For header
- local addrs = core.request.header(ctx, "X-Forwarded-For")
+ -- after core.request.header function changed
+ -- we need to get original header value by using core.request.headers
+ local addrs = core.request.headers(ctx)["X-Forwarded-For"]
if not addrs then
return nil
end
diff --git a/apisix/plugins/ua-restriction.lua
b/apisix/plugins/ua-restriction.lua
index 577dc2b67..bf28685dd 100644
--- a/apisix/plugins/ua-restriction.lua
+++ b/apisix/plugins/ua-restriction.lua
@@ -150,7 +150,9 @@ end
function _M.access(conf, ctx)
- local user_agent = core.request.header(ctx, "User-Agent")
+ -- after core.request.header function changed
+ -- we need to get original header value by using core.request.headers
+ local user_agent = core.request.headers(ctx)["User-Agent"]
if not user_agent then
if conf.bypass_missing then
diff --git a/t/core/request.t b/t/core/request.t
index 9bf48ddba..dc9a82c2e 100644
--- a/t/core/request.t
+++ b/t/core/request.t
@@ -454,10 +454,10 @@ $s
local h = core.request.header(ctx, "test_header")
ngx.say(h)
core.request.add_header(ctx, "test_header", "t2")
- local h2 = core.request.header(ctx, "test_header")
+ local h2 = core.request.headers(ctx)["test_header"]
ngx.say(json.encode(h2))
core.request.add_header(ctx, "test_header", "t3")
- local h3 = core.request.header(ctx, "test_header")
+ local h3 = core.request.headers(ctx)["test_header"]
ngx.say(json.encode(h3))
}
}
diff --git a/t/plugin/hmac-auth.t b/t/plugin/hmac-auth.t
index ef4503159..4efdae88f 100644
--- a/t/plugin/hmac-auth.t
+++ b/t/plugin/hmac-auth.t
@@ -382,7 +382,67 @@ passed
-=== TEST 15: add consumer with 0 clock skew
+=== TEST 15: verify: ok (multiple duplicates X-HMAC-SIGNATURE header)
+--- config
+location /t {
+ content_by_lua_block {
+ local ngx_time = ngx.time
+ local ngx_http_time = ngx.http_time
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+ local hmac = require("resty.hmac")
+ local ngx_encode_base64 = ngx.encode_base64
+
+ local secret_key = "my-secret-key"
+ local timestamp = ngx_time()
+ local gmt = ngx_http_time(timestamp)
+ local access_key = "my-access-key"
+ local custom_header_a = "asld$%dfasf"
+ local custom_header_b = "23879fmsldfk"
+
+ local signing_string = {
+ "GET",
+ "/hello",
+ "",
+ access_key,
+ gmt,
+ "x-custom-header-a:" .. custom_header_a,
+ "x-custom-header-b:" .. custom_header_b
+ }
+ signing_string = core.table.concat(signing_string, "\n") .. "\n"
+ core.log.info("signing_string:", signing_string)
+
+ local signature = hmac:new(secret_key,
hmac.ALGOS.SHA256):final(signing_string)
+ core.log.info("signature:", ngx_encode_base64(signature))
+ local headers = {}
+ local encoded_signature = ngx_encode_base64(signature)
+ headers["X-HMAC-SIGNATURE"] = {encoded_signature, "another-signature"}
+ headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
+ headers["Date"] = gmt
+ headers["X-HMAC-ACCESS-KEY"] = access_key
+ headers["X-HMAC-SIGNED-HEADERS"] =
"x-custom-header-a;x-custom-header-b"
+ headers["x-custom-header-a"] = custom_header_a
+ headers["x-custom-header-b"] = custom_header_b
+
+ local code, body = t.test('/hello',
+ ngx.HTTP_GET,
+ "",
+ nil,
+ headers
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 16: add consumer with 0 clock skew
--- config
location /t {
content_by_lua_block {
@@ -413,11 +473,12 @@ passed
-=== TEST 16: verify: invalid signature
+=== TEST 17: verify: invalid signature
--- request
GET /hello
--- more_headers
X-HMAC-SIGNATURE: asdf
+X-HMAC-SIGNATURE: asdf
X-HMAC-ALGORITHM: hmac-sha256
Date: Thu, 24 Sep 2020 06:39:52 GMT
X-HMAC-ACCESS-KEY: my-access-key3
@@ -431,7 +492,7 @@ client request can't be validated: Invalid signature
-=== TEST 17: add consumer with 1 clock skew
+=== TEST 18: add consumer with 1 clock skew
--- config
location /t {
content_by_lua_block {
@@ -463,7 +524,7 @@ passed
-=== TEST 18: verify: Invalid GMT format time
+=== TEST 19: verify: Invalid GMT format time
--- config
location /t {
content_by_lua_block {
@@ -520,7 +581,7 @@ client request can't be validated: Clock skew exceeded
-=== TEST 19: verify: put ok
+=== TEST 20: verify: put ok
--- config
location /t {
content_by_lua_block {
@@ -583,7 +644,7 @@ passed
-=== TEST 20: verify: put ok (pass auth data by header `Authorization`)
+=== TEST 21: verify: put ok (pass auth data by header `Authorization`)
--- config
location /t {
content_by_lua_block {
@@ -645,7 +706,7 @@ passed
-=== TEST 21: hit route without auth info
+=== TEST 22: hit route without auth info
--- request
GET /hello
--- error_code: 401
@@ -658,7 +719,7 @@ client request can't be validated: access key or signature
missing
-=== TEST 22: add consumer with signed_headers
+=== TEST 23: add consumer with signed_headers
--- config
location /t {
content_by_lua_block {
@@ -690,7 +751,7 @@ passed
-=== TEST 23: verify with invalid signed header
+=== TEST 24: verify with invalid signed header
--- config
location /t {
content_by_lua_block {
@@ -745,7 +806,7 @@ client request can't be validated: Invalid signed header
x-custom-header-c
-=== TEST 24: verify ok with signed headers
+=== TEST 25: verify ok with signed headers
--- config
location /t {
content_by_lua_block {
@@ -800,7 +861,7 @@ passed
-=== TEST 25: add consumer with plugin hmac-auth - empty configuration
+=== TEST 26: add consumer with plugin hmac-auth - empty configuration
--- config
location /t {
content_by_lua_block {
