[GitHub] [apisix] Firstsawyou opened a new issue #2823: feat(hmac-auth): the request parameter participating in the signature can be the parameter name

[GitBox]

Firstsawyou opened a new issue #2823:
URL: https://github.com/apache/apisix/issues/2823


   ### Issue description
   
   When the request parameters of the hmac-auth plug-in participate in the 
signature. If the parameter is in the form of `key` instead of `key=value` or 
`key=`, the Lua thread will be aborted and the signature will fail. Therefore, 
we need to be compatible with this `key` situation.
   
   Example：
   
   Add a test case in `hmac-auth.t`, contains request parameters in the form of 
`key`(name=jack&age):
   
   ```
   === TEST 41: verify: ok
   --- config
   location /t {
       content_by_lua_block {
           local ngx_time   = ngx.time
           local ngx_http_time = ngx.http_time
           local core = require("apisix.core")
           local t = require("lib.test_admin")
           local hmac = require("resty.hmac")
           local ngx_encode_base64 = ngx.encode_base64
   
           local secret_key = "my-secret-key6"
           local timestamp = ngx_time()
           local gmt = ngx_http_time(timestamp)
           local access_key = "my-access-key6"
           local custom_header_a = "asld$%dfasf"
           local custom_header_b = "23879fmsldfk"
   
           local signing_string = {
               "GET",
               "/hello",
               "name=jack&age",
               access_key,
               gmt,
               "x-custom-header-a:" .. custom_header_a,
               "x-custom-header-b:" .. custom_header_b
           }
           signing_string = core.table.concat(signing_string, "\n") .. "\n"
           core.log.info("signing_string:", signing_string)
   
           local signature = hmac:new(secret_key, 
hmac.ALGOS.SHA256):final(signing_string)
           core.log.info("signature:", ngx_encode_base64(signature))
           local headers = {}
           headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
           headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
           headers["Date"] = gmt
           headers["X-HMAC-ACCESS-KEY"] = access_key
           headers["X-HMAC-SIGNED-HEADERS"] = 
"x-custom-header-a;x-custom-header-b"
           headers["x-custom-header-a"] = custom_header_a
           headers["x-custom-header-b"] = custom_header_b
   
           local code, body = t.test('/hello?name=jack&age',
               ngx.HTTP_GET,
               "",
               nil,
               headers
           )
   
           ngx.status = code
           ngx.say(body)
       }
   }
   --- request
   GET /t
   --- response_body
   passed
   --- no_error_log
   [error]
   ```
   
   Test case run results：
   
   <img width="1269" alt="截屏2020-11-23 下午1 59 39" 
src="https://user-images.githubusercontent.com/52862365/99932853-44f13400-2d94-11eb-931c-091b1c198e46.png";>
   
   
   ### Environment
   
   * apisix version (cmd: `apisix version`): 2.0
   * OS: 
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org