riskgod opened a new issue #4083: URL: https://github.com/apache/apisix/issues/4083
### Issue description hey, I am using node to create the X-HMAC-SIGNATURE, but it always return "Invalid signature" #### create one consumer ``` curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' { "username": "kelly", "plugins": { "hmac-auth": { "access_key": "user-key-kelly", "secret_key": "my-secret-key—kelly", "clock_skew": 0, "signed_headers": ["User-Agent", "x-custom-a"] } } }' ``` #### enable the plugin global ``` curl http://127.0.0.1:9080/apisix/admin/global_rules/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "plugins": { "request-id": { "include_in_response": true }, "hmac-auth":{}, "limit-req": { "rate": 1, "burst": 0, "rejected_code": 503, "key": "remote_addr" }, "tcp-logger": { "host": "127.0.0.1", "port": 5000, "tls": false, "batch_max_size": 1, "name": "tcp logger" } } }' ``` #### set upstream ``` curl http://127.0.0.1:9080/apisix/admin/upstreams/100 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d ' { "type":"roundrobin", "nodes":{ "127.0.0.1:8081": 1 } }' ``` #### set router ``` curl http://127.0.0.1:9080/apisix/admin/routes/119 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "methods": ["POST"], "uri": "/checkAddress", "plugins": { "consumer-restriction": { "whitelist": [ "kelly" ] } }, "upstream_id": "100" }' ``` #### Use node.js to create the signature ``` const crypto = require('crypto'); const signing_string = `POST /checkAddress user-key-kelly Tue, 19 Jan 2021 11:33:20 GMT User-Agent:curl/7.29.0 x-custom-a:test ` const test = crypto.createHmac('sha256', "my-secret-key—kelly").update(signing_string).digest("base64"); console.log(test) ``` #### Test the plugin ``` curl -d '{"coin":"BTC", "address":"rpE6gE8jEN1trDwQwe47VmgDL5y6m3XX2n"}' -X POST 'http://127.0.0.1:9080/checkAddress' \ -H "Content-Type: application/json" \ -H "X-HMAC-SIGNATURE: u+g/xifNHVzw3VdUf0bAkVb6EsJN7duNKHFp8MmkryU=" \ -H "X-HMAC-ALGORITHM: hmac-sha256" \ -H "X-HMAC-ACCESS-KEY: user-key-kelly" \ -H "Date: Tue, 19 Jan 2021 11:33:20 GMT" \ -H "X-HMAC-SIGNED-HEADERS: User-Agent;x-custom-a" \ -H "User-Agent: curl/7.29.0" \ -H "x-custom-a: test" ``` #### Result ``` {"message":"Invalid signature"} ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
