diff --git a/.github/workflows/chaos.yml b/.github/workflows/chaos.yml index 1fdaed14fcc1..d4dafac44c40 100644 --- a/.github/workflows/chaos.yml +++ b/.github/workflows/chaos.yml @@ -54,7 +54,7 @@ jobs: run: | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash helm repo add bitnami https://charts.bitnami.com/bitnami - helm install etcd bitnami/etcd --set replicaCount=3 --set auth.rbac.enabled=false + helm install etcd bitnami/etcd --set replicaCount=3 --set auth.rbac.create=false kubectl wait pods -l app.kubernetes.io/instance=etcd --for=condition=Ready --timeout=300s --all diff --git a/CHANGELOG.md b/CHANGELOG.md index 387eb5fec925..f1b5d9cd03fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ title: Changelog ## Table of Contents +- [2.12.1](#2121) - [2.12.0](#2120) - [2.11.0](#2110) - [2.10.3](#2103) @@ -51,6 +52,13 @@ title: Changelog - [0.7.0](#070) - [0.6.0](#060) +## 2.12.1 + +### Bugfix + +- fix(batch-requests): real ip header should be overridden [#6251](https://github.com/apache/apisix/pull/6251) +- fix(batch-requests): should be disabled by default [#6204](https://github.com/apache/apisix/pull/6204) + ## 2.12.0 ### Change diff --git a/apisix/core/version.lua b/apisix/core/version.lua index de741afb55a8..8ecfe8f0fe93 100644 --- a/apisix/core/version.lua +++ b/apisix/core/version.lua @@ -15,5 +15,5 @@ -- limitations under the License. -- return { - VERSION = "2.12.0" + VERSION = "2.12.1" } diff --git a/apisix/plugins/batch-requests.lua b/apisix/plugins/batch-requests.lua index 71a37524d42f..54dfba07d488 100644 --- a/apisix/plugins/batch-requests.lua +++ b/apisix/plugins/batch-requests.lua @@ -165,6 +165,8 @@ local function set_common_header(data) local local_conf = core.config.local_conf() local real_ip_hdr = core.table.try_read_attr(local_conf, "nginx_config", "http", "real_ip_header") + -- we don't need to handle '_' to '-' as Nginx won't treat 'X_REAL_IP' as 'X-Real-IP' + real_ip_hdr = str_lower(real_ip_hdr) local outer_headers = core.request.headers(nil) for i,req in ipairs(data.pipeline) do diff --git a/conf/config-default.yaml b/conf/config-default.yaml index f73697f3cb3b..37e6a5c1d1ba 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -329,7 +329,7 @@ plugins: # plugin list (sorted by priority) - request-id # priority: 11010 - fault-injection # priority: 11000 - serverless-pre-function # priority: 10000 - - batch-requests # priority: 4010 + #- batch-requests # priority: 4010 - cors # priority: 4000 - ip-restriction # priority: 3000 - ua-restriction # priority: 2999 diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index d3279ccbf2d6..5ed1d84be209 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.12.0", + "version": "2.12.1", "sidebar": [ { "type": "category", diff --git a/docs/en/latest/how-to-build.md b/docs/en/latest/how-to-build.md index 55bda5a98054..806ab174423f 100644 --- a/docs/en/latest/how-to-build.md +++ b/docs/en/latest/how-to-build.md @@ -81,10 +81,10 @@ Please refer to: [Installing Apache APISIX with Helm Chart](https://github.com/a ### Installation via Source Release Package -1. Create a directory named `apisix-2.12.0`. +1. Create a directory named `apisix-2.12.1`. ```shell - $ APISIX_VERSION='2.12.0' + $ APISIX_VERSION='2.12.1' $ mkdir apisix-${APISIX_VERSION} ``` diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 013b7a6c77df..54a0164538af 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -23,6 +23,7 @@ title: CHANGELOG ## Table of Contents +- [2.12.1](#2121) - [2.12.0](#2120) - [2.11.0](#2110) - [2.10.3](#2103) @@ -51,6 +52,13 @@ title: CHANGELOG - [0.7.0](#070) - [0.6.0](#060) +## 2.12.1 + +### Bugfix + +- batch-requests 插件应当覆盖 real ip 请求头 [#6251](https://github.com/apache/apisix/pull/6251) +- batch-requests 插件应当默认不启用 [#6204](https://github.com/apache/apisix/pull/6204) + ## 2.12.0 ### Change diff --git a/docs/zh/latest/config.json b/docs/zh/latest/config.json index e34df7944eea..0c21f40f2b78 100644 --- a/docs/zh/latest/config.json +++ b/docs/zh/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.12.0", + "version": "2.12.1", "sidebar": [ { "type": "category", diff --git a/docs/zh/latest/how-to-build.md b/docs/zh/latest/how-to-build.md index dd2869f8e283..b4e519daafc9 100644 --- a/docs/zh/latest/how-to-build.md +++ b/docs/zh/latest/how-to-build.md @@ -81,10 +81,10 @@ $ sudo yum install ./apisix/*.rpm ### 通过源码包安装 -1. 创建一个名为 `apisix-2.12.0` 的目录。 +1. 创建一个名为 `apisix-2.12.1` 的目录。 ```shell - $ APISIX_VERSION='2.12.0' + $ APISIX_VERSION='2.12.1' $ mkdir apisix-${APISIX_VERSION} ``` diff --git a/rockspec/apisix-2.12.1-0.rockspec b/rockspec/apisix-2.12.1-0.rockspec new file mode 100644 index 000000000000..52a1a8131799 --- /dev/null +++ b/rockspec/apisix-2.12.1-0.rockspec @@ -0,0 +1,97 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +package = "apisix" +version = "2.12.1-0" +supported_platforms = {"linux", "macosx"} + +source = { + url = "git://github.com/apache/apisix", + branch = "2.12.1", +} + +description = { + summary = "Apache APISIX is a cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices.", + homepage = "https://github.com/apache/apisix", + license = "Apache License 2.0", +} + +dependencies = { + "lua-resty-ctxdump = 0.1-0", + "lua-resty-dns-client = 5.2.3", + "lua-resty-template = 2.0", + "lua-resty-etcd = 1.6.0", + "api7-lua-resty-http = 0.2.0", + "lua-resty-balancer = 0.04", + "lua-resty-ngxvar = 0.5.2", + "lua-resty-jit-uuid = 0.0.7", + "lua-resty-healthcheck-api7 = 2.2.0", + "lua-resty-jwt = 0.2.0", + "lua-resty-hmac-ffi = 0.05", + "lua-resty-cookie = 0.1.0", + "lua-resty-session = 2.24", + "opentracing-openresty = 0.1", + "lua-resty-radixtree = 2.8.1", + "lua-protobuf = 0.3.3", + "lua-resty-openidc = 1.7.2-1", + "luafilesystem = 1.7.0-2", + "api7-lua-tinyyaml = 0.4.2", + "nginx-lua-prometheus = 0.20210206", + "jsonschema = 0.9.6", + "lua-resty-ipmatcher = 0.6.1", + "lua-resty-kafka = 0.07", + "lua-resty-logger-socket = 2.0-0", + "skywalking-nginx-lua = 0.6.0", + "base64 = 1.5-2", + "binaryheap = 0.4", + "dkjson = 2.5-2", + "resty-redis-cluster = 1.02-4", + "lua-resty-expr = 1.3.1", + "graphql = 0.0.2", + "argparse = 0.7.1-1", + "luasocket = 3.0rc1-2", + "luasec = 0.9-1", + "lua-resty-consul = 0.3-2", + "penlight = 1.9.2-1", + "ext-plugin-proto = 0.3.0", + "casbin = 1.26.0", + "api7-snowflake = 2.0-1", + "inspect == 3.1.1", + "lualdap = 1.2.6-1", + "lua-resty-rocketmq = 0.3.0-0", +} + +build = { + type = "make", + build_variables = { + CFLAGS="$(CFLAGS)", + LIBFLAG="$(LIBFLAG)", + LUA_LIBDIR="$(LUA_LIBDIR)", + LUA_BINDIR="$(LUA_BINDIR)", + LUA_INCDIR="$(LUA_INCDIR)", + LUA="$(LUA)", + OPENSSL_INCDIR="$(OPENSSL_INCDIR)", + OPENSSL_LIBDIR="$(OPENSSL_LIBDIR)", + }, + install_variables = { + ENV_INST_PREFIX="$(PREFIX)", + ENV_INST_BINDIR="$(BINDIR)", + ENV_INST_LIBDIR="$(LIBDIR)", + ENV_INST_LUADIR="$(LUADIR)", + ENV_INST_CONFDIR="$(CONFDIR)", + }, +} diff --git a/t/admin/plugins.t b/t/admin/plugins.t index 95425a2cdb74..b47b97555cb9 100644 --- a/t/admin/plugins.t +++ b/t/admin/plugins.t @@ -68,7 +68,6 @@ zipkin request-id fault-injection serverless-pre-function -batch-requests cors ip-restriction ua-restriction diff --git a/t/debug/debug-mode.t b/t/debug/debug-mode.t index fea9461a830a..579068e5b90d 100644 --- a/t/debug/debug-mode.t +++ b/t/debug/debug-mode.t @@ -48,7 +48,6 @@ loaded plugin and sort by priority: 11011 name: zipkin loaded plugin and sort by priority: 11010 name: request-id loaded plugin and sort by priority: 11000 name: fault-injection loaded plugin and sort by priority: 10000 name: serverless-pre-function -loaded plugin and sort by priority: 4010 name: batch-requests loaded plugin and sort by priority: 4000 name: cors loaded plugin and sort by priority: 3000 name: ip-restriction loaded plugin and sort by priority: 2990 name: referer-restriction diff --git a/t/plugin/batch-requests2.t b/t/plugin/batch-requests2.t index ba578c47c9a4..c61278dcb9b9 100644 --- a/t/plugin/batch-requests2.t +++ b/t/plugin/batch-requests2.t @@ -224,3 +224,154 @@ plugin_attr: ngx.status = 200 } } + + + +=== TEST 5: ensure real ip header is overridden +--- config + location = /aggregate { + content_by_lua_block { + local core = require("apisix.core") + local t = require("lib.test_admin").test + local code, body = t('/apisix/batch-requests', + ngx.HTTP_POST, + [=[{ + "headers": { + "x-real-ip": "127.0.0.2" + }, + "pipeline":[ + { + "path": "/c", + "method": "PUT" + }] + }]=], + [=[[ + { + "status": 201, + "body":"C", + "headers": { + "Client-IP": "127.0.0.1", + "Client-IP-From-Hdr": "127.0.0.1" + } + } + ]]=]) + + ngx.status = code + ngx.say(body) + } + } + + location = /c { + content_by_lua_block { + ngx.status = 201 + ngx.header["Client-IP"] = ngx.var.remote_addr + ngx.header["Client-IP-From-Hdr"] = ngx.req.get_headers()["x-real-ip"] + ngx.print("C") + } + } +--- request +GET /aggregate +--- response_body +passed + + + +=== TEST 6: ensure real ip header is overridden, header from the pipeline +--- config + location = /aggregate { + content_by_lua_block { + local core = require("apisix.core") + local t = require("lib.test_admin").test + local code, body = t('/apisix/batch-requests', + ngx.HTTP_POST, + [=[{ + "headers": { + }, + "pipeline":[ + { + "path": "/c", + "headers": { + "x-real-ip": "127.0.0.2" + }, + "method": "PUT" + }] + }]=], + [=[[ + { + "status": 201, + "body":"C", + "headers": { + "Client-IP": "127.0.0.1", + "Client-IP-From-Hdr": "127.0.0.1" + } + } + ]]=]) + + ngx.status = code + ngx.say(body) + } + } + + location = /c { + content_by_lua_block { + ngx.status = 201 + ngx.header["Client-IP"] = ngx.var.remote_addr + ngx.header["Client-IP-From-Hdr"] = ngx.req.get_headers()["x-real-ip"] + ngx.print("C") + } + } +--- request +GET /aggregate +--- response_body +passed + + + +=== TEST 7: ensure real ip header is overridden, header has underscore +--- config + location = /aggregate { + content_by_lua_block { + local core = require("apisix.core") + local t = require("lib.test_admin").test + local code, body = t('/apisix/batch-requests', + ngx.HTTP_POST, + [=[{ + "headers": { + }, + "pipeline":[ + { + "path": "/c", + "headers": { + "x_real-ip": "127.0.0.2" + }, + "method": "PUT" + }] + }]=], + [=[[ + { + "status": 201, + "body":"C", + "headers": { + "Client-IP": "127.0.0.1", + "Client-IP-From-Hdr": "127.0.0.1" + } + } + ]]=]) + + ngx.status = code + ngx.say(body) + } + } + + location = /c { + content_by_lua_block { + ngx.status = 201 + ngx.header["Client-IP"] = ngx.var.remote_addr + ngx.header["Client-IP-From-Hdr"] = ngx.req.get_headers()["x-real-ip"] + ngx.print("C") + } + } +--- request +GET /aggregate +--- response_body +passed