[GitHub] [apisix] tokers commented on a diff in pull request #6991: feat: just change uri args or headers when hiding credentials

Fri, 06 May 2022 02:42:55 -0700 


tokers commented on code in PR #6991:
URL: https://github.com/apache/apisix/pull/6991#discussion_r866662579


##########
docs/en/latest/plugins/key-auth.md:
##########
@@ -43,11 +43,11 @@ For Consumer:
 
 For Route:
 
-| Name   | Type   | Requirement | Default | Valid | Description                
                                       |
-|--------|--------|-------------|---------|-------|-------------------------------------------------------------------|
-| header | string | optional    | apikey  |       | The header to get the key 
from.                                   |
-| query  | string | optional    | apikey  |       | The query string to get 
the key from. Lower priority than header. |
-| hide_credentials   | bool | optional    | false        |       | When set to 
`false` passes the request header containing authentication information to the 
Upstream. |
+| Name   | Type   | Requirement | Default | Valid | Description                
                                                                                
                                                                                
                                                                                
   |
+|--------|--------|-------------|---------|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| header | string | optional    | apikey  |       | The header to get the key 
from.                                                                           
                                                                                
                                                                                
    |
+| query  | string | optional    | apikey  |       | The query string to get 
the key from. Lower priority than header.                                       
                                                                                
                                                                                
      |
+| hide_credentials   | bool | optional    | false        |       | When set to 
`false` passes the request header or query string containing authentication 
information to the Upstream. If `true`, the corresponding header or query 
string will be deleted, depending on whether the key is obtained from the 
header or from the query string.  |

Review Comment:
   ```suggestion
   | hide_credentials   | bool | optional    | false        |       | Apache 
APISIX will pass the request header or query string that contains the 
authentication information to the Upstream if `hide_credentials` is `false`. 
Otherwise the authentication information will be removed before proxying.|
   ```



##########
apisix/plugins/key-auth.lua:
##########
@@ -89,11 +89,13 @@ end
 
 
 function _M.rewrite(conf, ctx)
+    local hide_header = true

Review Comment:
   The name confuses me first and I spend a while understanding it's usage.
   
   I suggest changing it to `from_header`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to