fix(http-logger): avoid empty Authorization header by default (#7444)

Signed-off-by: spacewander <[email protected]>
apache · Aug 17, 2022 · 7268fe7 · 7268fe7
1 parent aa17261
commit 7268fe7
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 14 deletions.
diff --git a/apisix/plugins/http-logger.lua b/apisix/plugins/http-logger.lua
@@ -33,7 +33,7 @@ local schema = {
     type = "object",
     properties = {
         uri = core.schema.uri_def,
-        auth_header = {type = "string", default = ""},
+        auth_header = {type = "string"},
         timeout = {type = "integer", minimum = 1, default = 3},
         include_req_body = {type = "boolean", default = false},
         include_resp_body = {type = "boolean", default = false},

diff --git a/docs/en/latest/plugins/http-logger.md b/docs/en/latest/plugins/http-logger.md
@@ -29,18 +29,17 @@ This will provide the ability to send Log data requests as JSON objects to Monit
 
 ## Attributes
 
-| Name             | Type    | Requirement | Default       | Valid   | Description                                                                              |
-| ---------------- | ------- | ----------- | ------------- | ------- | ---------------------------------------------------------------------------------------- |
-| uri              | string  | required    |               |         | The URI of the `HTTP/HTTPS` server.                                                      |
-| auth_header      | string  | optional    | ""            |         | Any authorization headers.                                                               |
-| timeout          | integer | optional    | 3             | [1,...] | Time to keep the connection alive after sending a request.                               |
-| name             | string  | optional    | "http logger" |         | A unique identifier to identity the logger.                                              |
-|  include_req_body | boolean | optional    | false         | [false, true] | Whether to include the request body. false: indicates that the requested body is not included; true: indicates that the requested body is included. Note: if the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitation. |
-| include_resp_body| boolean | optional    | false         | [false, true] | Whether to include the response body. The response body is included if and only if it is `true`. |
-| include_resp_body_expr  | array  | optional    |          |         | When `include_resp_body` is true, control the behavior based on the result of the [lua-resty-expr](https://github.com/api7/lua-resty-expr) expression. If present, only log the response body when the result is true. |
-| concat_method    | string  | optional    | "json"        | ["json", "new_line"] | Enum type: `json` and `new_line`. **json**: use `json.encode` for all pending logs. **new_line**: use `json.encode` for each pending log and concat them with "\n" line. |
-| ssl_verify       | boolean | optional    | false          | [false, true] | Whether to verify certificate. |
-
+| Name                   | Type    | Required | Default       | Valid values         | Description                                                                                                                                                                                                              |
+| ---------------------- | ------- | -------- | ------------- | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| uri                    | string  | True     |               |                      | URI of the HTTP/HTTPS server.                                                                                                                                                                                            |
+| auth_header            | string  | False    |               |                      | Authorization headers if required.                                                                                                                                                                                       |
+| timeout                | integer | False    | 3             | [1,...]              | Time to keep the connection alive for after sending a request.                                                                                                                                                           |
+| name                   | string  | False    | "http logger" |                      | Unique identifier to identify the logger.                                                                                                                                                                                |
+| include_req_body       | boolean | False    | false         | [false, true]        | When set to `true` includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations.                                                         |
+| include_resp_body      | boolean | False    | false         | [false, true]        | When set to `true` includes the response body in the log.                                                                                                                                                                |
+| include_resp_body_expr | array   | False    |               |                      | When the `include_resp_body` attribute is set to `true`, use this to filter based on [lua-resty-expr](https://github.com/api7/lua-resty-expr). If present, only logs the response if the expression evaluates to `true`. |
+| concat_method          | string  | False    | "json"        | ["json", "new_line"] | Sets how to concatenate logs. When set to `json`, uses `json.encode` for all pending logs and when set to `new_line`, also uses `json.encode` but uses the newline (`\n`) to concatenate lines.                          |
+| ssl_verify             | boolean | False    | false         | [false, true]        | When set to `true` verifies the SSL certificate.                                                                                                                                                                         |
 The plugin supports the use of batch processors to aggregate and process entries(logs/data) in a batch. This avoids frequent data submissions by the plugin, which by default the batch processor submits data every `5` seconds or when the data in the queue reaches `1000`. For information or custom batch processor parameter settings, see [Batch-Processor](../batch-processor.md#configuration) configuration section.
 
 ## How To Enable

diff --git a/docs/zh/latest/plugins/http-logger.md b/docs/zh/latest/plugins/http-logger.md
@@ -32,7 +32,7 @@ title: http-logger
 | 名称             | 类型    | 必选项 | 默认值        | 有效值  | 描述                                             |
 | ---------------- | ------- | ------ | ------------- | ------- | ------------------------------------------------ |
 | uri              | string  | 必须   |               |         | `HTTP/HTTPS` 服务器的 URI。                   |
-| auth_header      | string  | 可选   | ""            |         | 授权头部。                                    |
+| auth_header      | string  | 可选   |               |         | 授权头部。                                    |
 | timeout          | integer | 可选   | 3             | [1,...] | 发送请求后保持连接活动的时间。                   |
 | name             | string  | 可选   | "http logger" |         | 标识 logger 的唯一标识符。                     |
 | include_req_body | boolean | 可选   | false         | [false, true] | 是否包括请求 body。false： 表示不包含请求的 body ； true： 表示包含请求的 body 。 |

diff --git a/t/plugin/http-logger2.t b/t/plugin/http-logger2.t
@@ -42,6 +42,13 @@ add_block_preprocessor(sub {
             }
         }
 
+        location /http-logger/Authorization {
+            content_by_lua_block {
+                ngx.log(ngx.WARN, "received Authorization header: [", ngx.var.http_authorization, "]")
+                ngx.say("OK")
+            }
+        }
+
         location /http-logger/center {
             content_by_lua_block {
                 local function str_split(str, reps)
@@ -253,3 +260,52 @@ test-http-logger-response
 request.body:test-http-logger-request
 response.body:test-http-logger-response
 --- wait: 1.5
+
+
+
+=== TEST 8: test default Authorization header sent to the log server
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                        "methods": ["POST"],
+                        "plugins": {
+                            "http-logger": {
+                                "uri": "http://127.0.0.1:12001/http-logger/Authorization",
+                                "batch_max_size": 1,
+                                "max_retry_count": 1,
+                                "retry_delay": 2,
+                                "buffer_duration": 2,
+                                "inactive_timeout": 2
+                            }
+                        },
+                        "upstream": {
+                            "nodes": {
+                                "127.0.0.1:12001": 1
+                            },
+                            "type": "roundrobin"
+                        },
+                        "uri": "/http-logger/test"
+                }]])
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- response_body
+passed
+
+
+
+=== TEST 9: hit
+--- request
+POST /http-logger/test
+test-http-logger-request
+--- error_log
+received Authorization header: [nil]
+--- wait: 1.5