[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488482999
##
File path: t/plugin/hmac-auth.t
##
@@ -0,0 +1,596 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+repeat_each(2);
+no_long_string();
+no_root_location();
+no_shuffle();
+run_tests;
+
+__DATA__
+
+=== TEST 1: add consumer with username and plugins
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key"
+}
+}
+}]],
+[[{
+"node": {
+"value": {
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key",
+"algorithm": "hmac-sha256",
+"clock_skew": 300
+}
+}
+}
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 2: add consumer with plugin hmac-auth - missing secret key
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "foo",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key"
+}
+}
+}]])
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid plugins configuration: failed to check the
configuration of plugin hmac-auth err: value should match only one schema, but
matches none"\}/
+--- no_error_log
+[error]
+
+
+
+=== TEST 3: add consumer with plugin hmac-auth - missing access key
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "bar",
+"plugins": {
+"hmac-auth": {
+"secret_key": "skey"
+}
+}
+}]])
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid plugins configuration: failed to check the
configuration of plugin hmac-auth err: value should match only one schema, but
matches none"\}/
+--- no_error_log
+[error]
+
+
+
+=== TEST 4: add consumer with plugin hmac-auth - access key exceeds the length
limit
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "li",
+"plugins": {
+"hmac-auth": {
+"access_key":
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488476189
##
File path: t/plugin/hmac-auth.t
##
@@ -0,0 +1,596 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+repeat_each(2);
+no_long_string();
+no_root_location();
+no_shuffle();
+run_tests;
+
+__DATA__
+
+=== TEST 1: add consumer with username and plugins
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key"
+}
+}
+}]],
+[[{
+"node": {
+"value": {
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key",
+"algorithm": "hmac-sha256",
+"clock_skew": 300
+}
+}
+}
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 2: add consumer with plugin hmac-auth - missing secret key
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "foo",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key"
+}
+}
+}]])
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid plugins configuration: failed to check the
configuration of plugin hmac-auth err: value should match only one schema, but
matches none"\}/
+--- no_error_log
+[error]
+
+
+
+=== TEST 3: add consumer with plugin hmac-auth - missing access key
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "bar",
+"plugins": {
+"hmac-auth": {
+"secret_key": "skey"
+}
+}
+}]])
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- error_code: 400
+--- response_body eval
+qr/\{"error_msg":"invalid plugins configuration: failed to check the
configuration of plugin hmac-auth err: value should match only one schema, but
matches none"\}/
+--- no_error_log
+[error]
+
+
+
+=== TEST 4: add consumer with plugin hmac-auth - access key exceeds the length
limit
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "li",
+"plugins": {
+"hmac-auth": {
+"access_key":
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488343173
##
File path: doc/zh-cn/plugins/hmac-auth.md
##
@@ -0,0 +1,152 @@
+
+
+- [English](../../plugins/hmac-auth.md)
+
+# 目录
+- [**名字**](#名字)
+- [**属性**](#属性)
+- [**如何启用**](#如何启用)
+- [**测试插件**](#测试插件)
+- [**禁用插件**](#禁用插件)
+
+
+## 名字
+
+`hmac-auth` 是一个认证插件,它需要与 `consumer` 一起配合才能工作。
+
+添加 HMAC Authentication 到一个 `service` 或 `route`。 然后 `consumer` 将其签名添加到请求头以验证其请求。
+
+## 属性
+
+|属性名 |是否可选 | 默认值 |描述|
+|- ||---|---|
+| `access_key` | 必须 | 无 | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的
`access_key` ,将会出现请求匹配异常。|
+| `secret_key`| 必须 | 无 | 与 `access_key` 配对使用。|
+| `algorithm` | 可选 | hmac-sha256 | 加密算法。目前支持 `hmac-sha1`, `hmac-sha256` 和
`hmac-sha512`。|
+| `clock_skew`| 可选 | 300 | 签名允许的时间偏移,以秒为单位的计时。比如允许时间偏移 10 秒钟,那么就应设置为
`10`。特别地,`0` 表示不对 `timestamp` 进行检查。|
+
+## 如何启用
+
+1. 创建一个 consumer 对象,并设置插件 `hmac-auth` 的值。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key",
+"secret_key": "my-secret-key",
+"clock_skew": 10
+}
+}
+}'
+```
+
+2. 创建 Route 或 Service 对象,并开启 `hmac-auth` 插件。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"uri": "/index.html",
+"plugins": {
+"hmac-auth": {}
+},
+"upstream": {
+"type": "roundrobin",
+"nodes": {
+"39.97.63.215:80": 1
+}
+}
+}'
+```
+
+## 测试插件
+
+### 签名生成公式
+
+签名的计算公式为 `signature = HMAC-SHAx-HEX(secret_key,
signning_string)`,从公式可以看出,想要获得签名需要得到 `secret_key` 和 `signning_string` 两个参数。其中
`secret_key` 为对应 consumer 所配置的, `signning_string` 的计算公式为: `signning_string =
HTTP Method + HTTP URI + canonical_query_string + HTTP BODY + access_key +
timestamp + secret_key`
Review comment:
I think this typesetting method can be optimized, for example:
`签名的计算公式为: `, then re-line, `signning_string 的计算公式为: XXX`.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488339941
##
File path: doc/zh-cn/plugins/hmac-auth.md
##
@@ -0,0 +1,152 @@
+
+
+- [English](../../plugins/hmac-auth.md)
+
+# 目录
+- [**名字**](#名字)
+- [**属性**](#属性)
+- [**如何启用**](#如何启用)
+- [**测试插件**](#测试插件)
+- [**禁用插件**](#禁用插件)
+
+
+## 名字
+
+`hmac-auth` 是一个认证插件,它需要与 `consumer` 一起配合才能工作。
+
+添加 HMAC Authentication 到一个 `service` 或 `route`。 然后 `consumer` 将其签名添加到请求头以验证其请求。
+
+## 属性
+
+|属性名 |是否可选 | 默认值 |描述|
+|- ||---|---|
+| `access_key` | 必须 | 无 | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的
`access_key` ,将会出现请求匹配异常。|
+| `secret_key`| 必须 | 无 | 与 `access_key` 配对使用。|
+| `algorithm` | 可选 | hmac-sha256 | 加密算法。目前支持 `hmac-sha1`, `hmac-sha256` 和
`hmac-sha512`。|
+| `clock_skew`| 可选 | 300 | 签名允许的时间偏移,以秒为单位的计时。比如允许时间偏移 10 秒钟,那么就应设置为
`10`。特别地,`0` 表示不对 `timestamp` 进行检查。|
+
+## 如何启用
+
+1. 创建一个 consumer 对象,并设置插件 `hmac-auth` 的值。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key",
+"secret_key": "my-secret-key",
+"clock_skew": 10
+}
+}
+}'
+```
+
+2. 创建 Route 或 Service 对象,并开启 `hmac-auth` 插件。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"uri": "/index.html",
+"plugins": {
+"hmac-auth": {}
+},
+"upstream": {
+"type": "roundrobin",
+"nodes": {
+"39.97.63.215:80": 1
+}
+}
+}'
+```
+
+## 测试插件
+
+### 签名生成公式
+
+签名的计算公式为 `signature = HMAC-SHAx-HEX(secret_key,
signning_string)`,从公式可以看出,想要获得签名需要得到 `secret_key` 和 `signning_string` 两个参数。其中
`secret_key` 为对应 consumer 所配置的, `signning_string` 的计算公式为: `signning_string =
HTTP Method + HTTP URI + canonical_query_string + HTTP BODY + access_key +
timestamp + secret_key`
Review comment:
`签名的计算公式为` Is it necessary to add ":" here?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488336742
##
File path: doc/plugins/hmac-auth.md
##
@@ -0,0 +1,151 @@
+
+
+- [中文](../zh-cn/plugins/hmac-auth.md)
+
+# Summary
+- [**Name**](#name)
+- [**Attributes**](#attributes)
+- [**How To Enable**](#how-to-enable)
+- [**Test Plugin**](#test-plugin)
+- [**Disable Plugin**](#disable-plugin)
+
+
+## Name
+
+`hmac-auth` is an authentication plugin that need to work with `consumer`. Add
HMAC Authentication to a `service` or `route`.
+
+The `consumer` then adds its key to request header to verify its request.
+
+## Attributes
+
+|Name |Requirement |Default |Description|
+|- ||---|---|
+| access_key | required | none |Different `consumer` objects should
have different values, and it should be unique. If different consumers use the
same `access_key`, a request matching exception will occur|
+| secret_key | required | none |Use as a pair with `access_key`|
+| algorithm| optional| hmac-sha256 |Encryption algorithm. support
`hmac-sha1`, `hmac-sha256` and `hmac-sha512`|
+| clock_skew | optional | 300 |The clock skew allowed by the signature in
seconds. For example, if the time is allowed to skew by 10 seconds, then it
should be set to `10`. especially, `0` means not checking timestamp.|
+
+## How To Enable
+
+1. set a consumer and config the value of the `hmac-auth` option
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key",
+"secret_key": "my-secret-key",
+"clock_skew": 10
+}
+}
+}'
+```
+
+2. add a Route or add a Service , and enable the `hmac-auth` plugin
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"uri": "/index.html",
+"plugins": {
+"hmac-auth": {}
+},
+"upstream": {
+"type": "roundrobin",
+"nodes": {
+"39.97.63.215:80": 1
+}
+}
+}'
+```
+
+## Test Plugin
+
+### generate signature:
+The calculation formula of the signature is `signature =
HMAC-SHAx-HEX(secret_key, signning_string)`. From the formula, it can be seen
that in order to obtain the signature, two parameters, `SECRET_KEY` and
`SIGNNING_STRING`, are required. Where secret_key is configured by the
corresponding consumer, the calculation formula of `SIGNNING_STRING` is:
`signning_string = HTTP Method + HTTP URI + canonical_query_string + HTTP BODY
+ ACCESS_KEY + TIMESTAMP + SECRET_KEY`
+
+1. **HTTP Method** : Refers to the GET, PUT, POST and other request methods
defined in the HTTP protocol, and must be in all uppercase.
+2. **HTTP URI** : `HTTP URI` requirements must start with "/", those that do
not start with "/" need to be added, and the empty path is "/".
+3. **canonical_query_string** :`canonical_query_string` is the result of
encoding the `query` in the URL (`query` is the string "key1 = valve1 & key2 =
valve2" after the "?" in the URL).
+
+> The coding steps are as follows:
+
+* Extract the `query` item in the URL, that is, the string "key1 = valve1 &
key2 = valve2" after the "?" in the URL.
+* Split the `query` into several items according to the & separator, each item
is in the form of key=value or only key.
+* Encoding each item after disassembly is divided into the following three
situations.
+
+* When the item has only key, the conversion formula is UriEncode(key) +
"=".
+* When the item is in the form of key=value, the conversion formula is in
the form of UriEncode(key) + "=" + UriEncode(value). Here value can be an empty
string.
+* After converting each item, sort by key in lexicographic order (ASCII
code from small to large), and connect them with the & symbol to generate the
corresponding canonical_query_string.
Review comment:
`After XXX` shouldn't be a case, right?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488335359
##
File path: doc/plugins/hmac-auth.md
##
@@ -0,0 +1,151 @@
+
+
+- [中文](../zh-cn/plugins/hmac-auth.md)
+
+# Summary
+- [**Name**](#name)
+- [**Attributes**](#attributes)
+- [**How To Enable**](#how-to-enable)
+- [**Test Plugin**](#test-plugin)
+- [**Disable Plugin**](#disable-plugin)
+
+
+## Name
+
+`hmac-auth` is an authentication plugin that need to work with `consumer`. Add
HMAC Authentication to a `service` or `route`.
+
+The `consumer` then adds its key to request header to verify its request.
+
+## Attributes
+
+|Name |Requirement |Default |Description|
+|- ||---|---|
+| access_key | required | none |Different `consumer` objects should
have different values, and it should be unique. If different consumers use the
same `access_key`, a request matching exception will occur|
+| secret_key | required | none |Use as a pair with `access_key`|
+| algorithm| optional| hmac-sha256 |Encryption algorithm. support
`hmac-sha1`, `hmac-sha256` and `hmac-sha512`|
+| clock_skew | optional | 300 |The clock skew allowed by the signature in
seconds. For example, if the time is allowed to skew by 10 seconds, then it
should be set to `10`. especially, `0` means not checking timestamp.|
+
+## How To Enable
+
+1. set a consumer and config the value of the `hmac-auth` option
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "user-key",
+"secret_key": "my-secret-key",
+"clock_skew": 10
+}
+}
+}'
+```
+
+2. add a Route or add a Service , and enable the `hmac-auth` plugin
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+"uri": "/index.html",
+"plugins": {
+"hmac-auth": {}
+},
+"upstream": {
+"type": "roundrobin",
+"nodes": {
+"39.97.63.215:80": 1
+}
+}
+}'
+```
+
+## Test Plugin
+
+### generate signature:
+The calculation formula of the signature is `signature =
HMAC-SHAx-HEX(secret_key, signning_string)`. From the formula, it can be seen
that in order to obtain the signature, two parameters, `SECRET_KEY` and
`SIGNNING_STRING`, are required. Where secret_key is configured by the
corresponding consumer, the calculation formula of `SIGNNING_STRING` is:
`signning_string = HTTP Method + HTTP URI + canonical_query_string + HTTP BODY
+ ACCESS_KEY + TIMESTAMP + SECRET_KEY`
+
+1. **HTTP Method** : Refers to the GET, PUT, POST and other request methods
defined in the HTTP protocol, and must be in all uppercase.
+2. **HTTP URI** : `HTTP URI` requirements must start with "/", those that do
not start with "/" need to be added, and the empty path is "/".
+3. **canonical_query_string** :`canonical_query_string` is the result of
encoding the `query` in the URL (`query` is the string "key1 = valve1 & key2 =
valve2" after the "?" in the URL).
+
+> The coding steps are as follows:
+
+* Extract the `query` item in the URL, that is, the string "key1 = valve1 &
key2 = valve2" after the "?" in the URL.
+* Split the `query` into several items according to the & separator, each item
is in the form of key=value or only key.
+* Encoding each item after disassembly is divided into the following three
situations.
+
+* When the item has only key, the conversion formula is UriEncode(key) +
"=".
+* When the item is in the form of key=value, the conversion formula is in
the form of UriEncode(key) + "=" + UriEncode(value). Here value can be an empty
string.
+* After converting each item, sort by key in lexicographic order (ASCII
code from small to large), and connect them with the & symbol to generate the
corresponding canonical_query_string.
Review comment:
Is "the following three situations" wrong? Shouldn't it be the two
situations?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488101612
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,303 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local tbl = t
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+tbl = tbl[attr]
+if type(tbl) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
+end
+
+
+local function get_consumer(access_key)
+if not access_key then
+return nil, {message = "missing access key"}
+end
+
+local consumer_conf = consumer.plugin(plugin_name)
+if not consumer_conf then
+return nil, {message = "Missing related consumer"}
+end
+
+local consumers = core.lrucache.plugin(plugin_name, "consumers_key",
+consumer_conf.conf_version,
+create_consumer_cache, consumer_conf)
+
+local consumer = consumers[access_key]
+if not consumer then
+return nil, {message = "Invalid access key"}
+end
+core.log.info("consumer: ", core.json.delay_encode(consumer))
+
+return consumer
+end
+
+
+local function generate_signature(ctx, secret_key, params)
+local canonical_uri = ctx.var.uri
+local canonical_query_string = ""
+local request_method = ngx_req.get_method()
+local args = ngx_req.get_uri_args()
+
+if
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488095303
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,303 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local tbl = t
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+tbl = tbl[attr]
+if type(tbl) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
+end
+
+
+local function get_consumer(access_key)
+if not access_key then
+return nil, {message = "missing access key"}
+end
+
+local consumer_conf = consumer.plugin(plugin_name)
+if not consumer_conf then
+return nil, {message = "Missing related consumer"}
+end
+
+local consumers = core.lrucache.plugin(plugin_name, "consumers_key",
+consumer_conf.conf_version,
+create_consumer_cache, consumer_conf)
+
+local consumer = consumers[access_key]
+if not consumer then
+return nil, {message = "Invalid access key"}
+end
+core.log.info("consumer: ", core.json.delay_encode(consumer))
+
+return consumer
+end
+
+
+local function generate_signature(ctx, secret_key, params)
+local canonical_uri = ctx.var.uri
+local canonical_query_string = ""
+local request_method = ngx_req.get_method()
+local args = ngx_req.get_uri_args()
+
+if
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r488073128
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,298 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local str_fmt= string.format
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local conf
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+conf = t[attr]
+if type(conf) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
Review comment:
Understand, look at other plug-in processing methods different from this.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r487997453
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,303 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local tbl = t
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+tbl = tbl[attr]
+if type(tbl) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
+end
+
+
+local function get_consumer(access_key)
+if not access_key then
+return nil, {message = "missing access key"}
+end
+
+local consumer_conf = consumer.plugin(plugin_name)
+if not consumer_conf then
+return nil, {message = "Missing related consumer"}
+end
+
+local consumers = core.lrucache.plugin(plugin_name, "consumers_key",
+consumer_conf.conf_version,
+create_consumer_cache, consumer_conf)
+
+local consumer = consumers[access_key]
+if not consumer then
+return nil, {message = "Invalid access key"}
+end
+core.log.info("consumer: ", core.json.delay_encode(consumer))
+
+return consumer
+end
+
+
+local function generate_signature(ctx, secret_key, params)
+local canonical_uri = ctx.var.uri
+local canonical_query_string = ""
+local request_method = ngx_req.get_method()
+local args = ngx_req.get_uri_args()
+
+if
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r487970495
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,303 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local tbl = t
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+tbl = tbl[attr]
+if type(tbl) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
+end
+
+
+local function get_consumer(access_key)
+if not access_key then
+return nil, {message = "missing access key"}
+end
+
+local consumer_conf = consumer.plugin(plugin_name)
+if not consumer_conf then
+return nil, {message = "Missing related consumer"}
+end
+
+local consumers = core.lrucache.plugin(plugin_name, "consumers_key",
+consumer_conf.conf_version,
+create_consumer_cache, consumer_conf)
+
+local consumer = consumers[access_key]
+if not consumer then
+return nil, {message = "Invalid access key"}
+end
+core.log.info("consumer: ", core.json.delay_encode(consumer))
+
+return consumer
+end
+
+
+local function generate_signature(ctx, secret_key, params)
+local canonical_uri = ctx.var.uri
+local canonical_query_string = ""
+local request_method = ngx_req.get_method()
+local args = ngx_req.get_uri_args()
+
+if
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2192: feat: add AK/SK auth plugin
Firstsawyou commented on a change in pull request #2192:
URL: https://github.com/apache/apisix/pull/2192#discussion_r487791781
##
File path: apisix/plugins/hmac-auth.lua
##
@@ -0,0 +1,298 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local ngx= ngx
+local type = type
+local select = select
+local abs= math.abs
+local ngx_time = ngx.time
+local str_fmt= string.format
+local ngx_re = require("ngx.re")
+local ngx_req= ngx.req
+local pairs = pairs
+local ipairs = ipairs
+local hmac_sha1 = ngx.hmac_sha1
+local escape_uri = ngx.escape_uri
+local core = require("apisix.core")
+local hmac = require("resty.hmac")
+local consumer = require("apisix.consumer")
+local ngx_decode_base64 = ngx.decode_base64
+
+local SIGNATURE_KEY = "X-HMAC-SIGNATURE"
+local ALGORITHM_KEY = "X-HMAC-ALGORITHM"
+local TIMESTAMP_KEY = "X-HMAC-TIMESTAMP"
+local ACCESS_KEY= "X-HMAC-ACCESS-KEY"
+local plugin_name = "hmac-auth"
+
+local schema = {
+type = "object",
+oneOf = {
+{
+title = "work with consumer object",
+properties = {
+access_key = {type = "string", minLength = 1, maxLength = 256},
+secret_key = {type = "string", minLength = 1, maxLength = 256},
+algorithm = {
+type = "string",
+enum = {"hmac-sha1", "hmac-sha256", "hmac-sha512"},
+default = "hmac-sha256"
+},
+clock_skew = {
+type = "integer",
+default = 300
+}
+},
+required = {"access_key", "secret_key"},
+additionalProperties = false,
+},
+{
+title = "work with route or service object",
+properties = {},
+additionalProperties = false,
+}
+}
+}
+
+local _M = {
+version = 0.1,
+priority = 2530,
+type = 'auth',
+name = plugin_name,
+schema = schema,
+}
+
+local hmac_funcs = {
+["hmac-sha1"] = function(secret_key, message)
+return hmac_sha1(secret_key, message)
+end,
+["hmac-sha256"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA256):final(message)
+end,
+["hmac-sha512"] = function(secret_key, message)
+return hmac:new(secret_key, hmac.ALGOS.SHA512):final(message)
+end,
+}
+
+
+local function try_attr(t, ...)
+local conf
+local count = select('#', ...)
+for i = 1, count do
+local attr = select(i, ...)
+conf = t[attr]
+if type(conf) ~= "table" then
+return false
+end
+end
+
+return true
+end
+
+
+local create_consumer_cache
+do
+local consumer_ids = {}
+
+function create_consumer_cache(consumers)
+core.table.clear(consumer_ids)
+
+for _, consumer in ipairs(consumers.nodes) do
+core.log.info("consumer node: ", core.json.delay_encode(consumer))
+consumer_ids[consumer.auth_conf.access_key] = consumer
+end
+
+return consumer_ids
+end
+
+end -- do
+
+
+function _M.check_schema(conf)
+core.log.info("input conf: ", core.json.delay_encode(conf))
+
+return core.schema.check(schema, conf)
Review comment:
Is there no need for error handling here? For example "local ok, err =
core.schema.check(schema, conf)".
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
