riskgod opened a new issue #4036: URL: https://github.com/apache/apisix/issues/4036
### Issue description hey, I am using node to create the X-HMAC-SIGNATURE, but it always return "Invalid signature" #### create one consumer ``` curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' { "username": "kelly", "plugins": { "hmac-auth": { "access_key": "user-key-kelly", "secret_key": "my-secret-key—kelly", "clock_skew": 0, "signed_headers": ["User-Agent", "x-custom-a"] } } }' ``` #### enable the plugin global ``` curl http://127.0.0.1:9080/apisix/admin/global_rules/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "plugins": { "request-id": { "include_in_response": true }, "hmac-auth":{}, "limit-req": { "rate": 1, "burst": 0, "rejected_code": 503, "key": "remote_addr" }, "tcp-logger": { "host": "127.0.0.1", "port": 5000, "tls": false, "batch_max_size": 1, "name": "tcp logger" } } }' ``` #### set upstream ``` curl http://127.0.0.1:9080/apisix/admin/upstreams/100 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d ' { "type":"roundrobin", "scheme": "grpc", "nodes":{ "127.0.0.1:8081": 1 } }' ``` #### set router ``` curl http://127.0.0.1:9080/apisix/admin/routes/120 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "methods": ["GET"], "uri": "/testgrpc", "plugins": { "grpc-transcode": { "proto_id": "1", "service": "helloworld.Greeter", "method": "SayHello" }, "consumer-restriction": { "whitelist": [ "candy" ] } }, "upstream_id": "100" }' ``` #### Use node.js to create the signature ``` const crypto = require('crypto'); const signing_string = ` GET /testgrpc name=world user-key-kelly Tue Apr 13 2021 09:56:35 GMT+0800 (China Standard Time) User-Agent:curl/7.29.0 x-custom-a:test ` const test = crypto.createHmac('sha256', "my-secret-key—kelly").update(signing_string).digest("base64"); console.log(test) ``` #### Test the plugin ``` curl -i "http://127.0.0.1:9080/testgrpc?name=world"; \ -H "X-HMAC-SIGNATURE: hoQVG90Af6OwQs19gVqmsmqfw0QGVrurNIV3/bkFicg=" \ -H "X-HMAC-ALGORITHM: hmac-sha256" \ -H "X-HMAC-ACCESS-KEY: user-key-kelly" \ -H "Tue Apr 13 2021 09:56:35 GMT+0800 (China Standard Time)" \ -H "X-HMAC-SIGNED-HEADERS: User-Agent;x-custom-a" \ -H "x-custom-a: test" \ -H "User-Agent: curl/7.29.0" ``` #### Result ``` HTTP/1.1 401 Unauthorized Date: Tue, 13 Apr 2021 02:21:20 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Server: APISIX/2.5 X-Request-Id: a112df5e-76c3-46bc-a000-fdabc99bb0c8 {"message":"Invalid signature"} ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
