[GitHub] [apisix] spacewander commented on a change in pull request #3691: feat: Add filter on HTTP methods for consumer-restriction plugin

Sun, 28 Feb 2021 17:35:20 -0800 


spacewander commented on a change in pull request #3691:
URL: https://github.com/apache/apisix/pull/3691#discussion_r584398109



##########
File path: apisix/plugins/consumer-restriction.lua
##########
@@ -114,12 +161,16 @@ function _M.access(conf, ctx)
         if not is_include(value, conf.whitelist) then
             block = true
         end
+        if conf.allowed_methods and #conf.allowed_methods > 0 then
+            if not is_method_allow(conf.allowed_methods, method, value) then

Review comment:
       "is_method_allowed"

##########
File path: apisix/plugins/consumer-restriction.lua
##########
@@ -53,6 +53,38 @@ local schema = {
                 rejected_code = {type = "integer", minimum = 200, default = 
403}
             },
             required = {"whitelist"},
+        },
+        {
+            title = "allowed_methods",
+            properties = {
+                type = {

Review comment:
       Can we extra this part and share across the components with different 
titles?

##########
File path: docs/en/latest/plugins/consumer-restriction.md
##########
@@ -116,6 +117,80 @@ HTTP/1.1 403 Forbidden
 {"message":"The consumer_name is forbidden."}
 ```
 
+### How to restrict `allowed_methods`
+
+This example restrict the user `jack1` to only `POST` on the resource
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: 
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "uri": "/index.html",
+    "upstream": {
+        "type": "roundrobin",
+        "nodes": {
+            "127.0.0.1:1980": 1
+        }
+    },
+    "plugins": {
+        "basic-auth": {},
+        "consumer-restriction": {
+            "whitelist": [

Review comment:
       ```
           "consumer-restriction": {
               "allowed_by_methods":[{
                   "user": "jack1",
                   "methods": ["POST"]
               }]
           }
   ```
   is enough. There is no need to configure `jack1` in two places. And the 
`allow` already has the meaning of `whitelist`.

##########
File path: apisix/plugins/consumer-restriction.lua
##########
@@ -53,6 +53,38 @@ local schema = {
                 rejected_code = {type = "integer", minimum = 200, default = 
403}
             },
             required = {"whitelist"},
+        },
+        {
+            title = "allowed_methods",

Review comment:
       Would it be better to use `allowed_by_methods`?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to