Re: [PR] feat: rewrite hmac-auth plugin for usability [apisix]

Wed, 18 Sep 2024 01:56:29 -0700 


membphis commented on code in PR #11581:
URL: https://github.com/apache/apisix/pull/11581#discussion_r1764662315


##########
apisix/plugins/hmac-auth.lua:
##########
@@ -354,86 +283,62 @@ local function validate(ctx, params)
 end
 
 
-local function get_params(ctx)
-    local params = {}
-    local access_key = ACCESS_KEY
-    local signature_key = SIGNATURE_KEY
-    local algorithm_key = ALGORITHM_KEY
-    local date_key = DATE_KEY
-    local signed_headers_key = SIGNED_HEADERS_KEY
-    local body_digest_key = BODY_DIGEST_KEY
-
-
-    local attr = plugin.plugin_attr(plugin_name)
-    if attr then
-        access_key = attr.access_key or access_key
-        signature_key = attr.signature_key or signature_key
-        algorithm_key = attr.algorithm_key or algorithm_key
-        date_key = attr.date_key or date_key
-        signed_headers_key = attr.signed_headers_key or signed_headers_key
-        body_digest_key = attr.body_digest_key or body_digest_key
+local function retrieve_hmac_fields(ctx)
+    local hmac_params = {}
+    local auth_string = core.request.header(ctx, "Authorization")
+    if not auth_string then
+        return nil, "missing Authorization header"
     end
 
-    local app_key = core.request.header(ctx, access_key)
-    local signature = core.request.header(ctx, signature_key)
-    local algorithm = core.request.header(ctx, algorithm_key)
-    local date = core.request.header(ctx, date_key)
-    local signed_headers = core.request.header(ctx, signed_headers_key)
-    local body_digest = core.request.header(ctx, body_digest_key)
-    core.log.info("signature_key: ", signature_key)
-
-    -- get params from header `Authorization`
-    if not app_key then
-        local auth_string = core.request.header(ctx, "Authorization")
-        if not auth_string then
-            return params
-        end
-
-        local auth_data = ngx_re.split(auth_string, "#")
-        core.log.info("auth_string: ", auth_string, " #auth_data: ",
-                      #auth_data, " auth_data: ",
-                      core.json.delay_encode(auth_data))
-
-        if #auth_data == 6 and auth_data[1] == "hmac-auth-v1" then
-            app_key = auth_data[2]
-            signature = auth_data[3]
-            algorithm = auth_data[4]
-            date = auth_data[5]
-            signed_headers = auth_data[6]
-        end
+    if not auth_string:match("^Signature") then

Review Comment:
   https://github.com/apache/apisix/blob/master/apisix/core/string.lua#L62



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to