This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 72f907e feat: the request parameter participating in the signature
can be the parameter name (#2830)
72f907e is described below
commit 72f907ea8bd8387f0e87371e0c820d6db6c884c7
Author: Yuelin Zheng <[email protected]>
AuthorDate: Wed Nov 25 13:05:03 2020 +0800
feat: the request parameter participating in the signature can be the
parameter name (#2830)
close #2823
---
apisix/plugins/hmac-auth.lua | 7 +++
t/plugin/hmac-auth.t | 138 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 137 insertions(+), 8 deletions(-)
diff --git a/apisix/plugins/hmac-auth.lua b/apisix/plugins/hmac-auth.lua
index 772c4ca..62df8bb 100644
--- a/apisix/plugins/hmac-auth.lua
+++ b/apisix/plugins/hmac-auth.lua
@@ -224,6 +224,13 @@ local function generate_signature(ctx, secret_key, params)
for _, key in pairs(keys) do
local param = args[key]
+ -- when args without `=<value>`, value is treated as true.
+ -- In order to be compatible with args lacking `=<value>`,
+ -- we need to replace true with an empty string.
+ if type(param) == "boolean" then
+ param = ""
+ end
+
-- whether to encode the uri parameters
if type(param) == "table" then
for _, val in pairs(param) do
diff --git a/t/plugin/hmac-auth.t b/t/plugin/hmac-auth.t
index da95e73..e6fe620 100644
--- a/t/plugin/hmac-auth.t
+++ b/t/plugin/hmac-auth.t
@@ -324,7 +324,7 @@ X-HMAC-ACCESS-KEY: my-access-key
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -497,7 +497,7 @@ passed
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -617,7 +617,7 @@ passed
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -741,7 +741,7 @@ passed
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -1361,7 +1361,7 @@ passed
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -1423,7 +1423,7 @@ qr/name=LeBron\%2Cjames\&name2=\%2C\%3E/
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -1517,7 +1517,7 @@ passed
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -1579,7 +1579,7 @@ qr/\{"message":"Invalid signature"\}/
--- config
location /t {
content_by_lua_block {
- local ngx_time = ngx.time
+ local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
@@ -1633,3 +1633,125 @@ GET /t
passed
--- no_error_log
[error]
+
+
+
+=== TEST 42: verify: ok, the request parameter is missing `=<value>`.
+--- config
+location /t {
+ content_by_lua_block {
+ local ngx_time = ngx.time
+ local ngx_http_time = ngx.http_time
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+ local hmac = require("resty.hmac")
+ local ngx_encode_base64 = ngx.encode_base64
+
+ local secret_key = "my-secret-key6"
+ local timestamp = ngx_time()
+ local gmt = ngx_http_time(timestamp)
+ local access_key = "my-access-key6"
+ local custom_header_a = "asld$%dfasf"
+ local custom_header_b = "23879fmsldfk"
+
+ local signing_string = {
+ "GET",
+ "/hello",
+ "age=&name=jack",
+ access_key,
+ gmt,
+ "x-custom-header-a:" .. custom_header_a,
+ "x-custom-header-b:" .. custom_header_b
+ }
+ signing_string = core.table.concat(signing_string, "\n") .. "\n"
+ core.log.info("signing_string:", signing_string)
+
+ local signature = hmac:new(secret_key,
hmac.ALGOS.SHA256):final(signing_string)
+ core.log.info("signature:", ngx_encode_base64(signature))
+ local headers = {}
+ headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
+ headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
+ headers["Date"] = gmt
+ headers["X-HMAC-ACCESS-KEY"] = access_key
+ headers["X-HMAC-SIGNED-HEADERS"] =
"x-custom-header-a;x-custom-header-b"
+ headers["x-custom-header-a"] = custom_header_a
+ headers["x-custom-header-b"] = custom_header_b
+
+ local code, body = t.test('/hello?name=jack&age',
+ ngx.HTTP_GET,
+ "",
+ nil,
+ headers
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 43: verify: ok, the value of the request parameter is true.
+--- config
+location /t {
+ content_by_lua_block {
+ local ngx_time = ngx.time
+ local ngx_http_time = ngx.http_time
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+ local hmac = require("resty.hmac")
+ local ngx_encode_base64 = ngx.encode_base64
+
+ local secret_key = "my-secret-key6"
+ local timestamp = ngx_time()
+ local gmt = ngx_http_time(timestamp)
+ local access_key = "my-access-key6"
+ local custom_header_a = "asld$%dfasf"
+ local custom_header_b = "23879fmsldfk"
+
+ local signing_string = {
+ "GET",
+ "/hello",
+ "age=true&name=jack",
+ access_key,
+ gmt,
+ "x-custom-header-a:" .. custom_header_a,
+ "x-custom-header-b:" .. custom_header_b
+ }
+ signing_string = core.table.concat(signing_string, "\n") .. "\n"
+ core.log.info("signing_string:", signing_string)
+
+ local signature = hmac:new(secret_key,
hmac.ALGOS.SHA256):final(signing_string)
+ core.log.info("signature:", ngx_encode_base64(signature))
+ local headers = {}
+ headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
+ headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
+ headers["Date"] = gmt
+ headers["X-HMAC-ACCESS-KEY"] = access_key
+ headers["X-HMAC-SIGNED-HEADERS"] =
"x-custom-header-a;x-custom-header-b"
+ headers["x-custom-header-a"] = custom_header_a
+ headers["x-custom-header-b"] = custom_header_b
+
+ local code, body = t.test('/hello?name=jack&age=true',
+ ngx.HTTP_GET,
+ "",
+ nil,
+ headers
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
