From dc2570ab9ccd5ce062e6da27d914b96e4fa3f40c Mon Sep 17 00:00:00 2001 From: xuwei <> Date: Wed, 1 Sep 2021 13:46:04 +0800 Subject: [PATCH 01/23] fix: when eureka server return compressed data, use lua-zlib to unzip received response data --- apisix/discovery/eureka.lua | 12 +++++++++--- conf/config-default.yaml | 2 +- rockspec/apisix-master-0.rockspec | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/apisix/discovery/eureka.lua b/apisix/discovery/eureka.lua index 1dd35630a974..d776838ff0d4 100644 --- a/apisix/discovery/eureka.lua +++ b/apisix/discovery/eureka.lua @@ -19,6 +19,7 @@ local local_conf = require("apisix.core.config_local").local_conf() local http = require("resty.http") local core = require("apisix.core") local ipmatcher = require("resty.ipmatcher") +local zlib = require("zlib") local ipairs = ipairs local tostring = tostring local type = type @@ -187,10 +188,15 @@ local function fetch_full_registry(premature) return end - local json_str = res.body - local data, err = core.json.decode(json_str) + local encoding = res.headers["Content-Encoding"] + local res_body = res.body + if encoding == 'gzip' then + local stream = zlib.inflate() + res_body = stream(res_body) + end + local data, decode_err = core.json.decode(res_body) if not data then - log.error("invalid response body: ", json_str, " err: ", err) + log.error("invalid response body: ", res_body, " err: ", decode_err) return end local apps = data.applications.application diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 53930c3b2b4a..1ae9d90e09a6 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -256,7 +256,7 @@ etcd: # eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761" -# prefix: /eureka/ +# prefix: /eureka/v2/ # fetch_interval: 30 # default 30s # weight: 100 # default weight for node # timeout: diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec index a171d94ccfd8..249fba027b44 100644 --- a/rockspec/apisix-master-0.rockspec +++ b/rockspec/apisix-master-0.rockspec @@ -69,6 +69,7 @@ dependencies = { "ext-plugin-proto = 0.2.1", "casbin = 1.26.0", "api7-snowflake = 2.0-1", + "lua-zlib = 1.2-1", } build = { From db0c9e7f00334b45d449f89bb5525b07ae86860e Mon Sep 17 00:00:00 2001 From: mango Date: Thu, 6 Jan 2022 16:58:07 +0800 Subject: [PATCH 02/23] feature: support hide the authentication header in basic-auth plugin --- apisix/plugins/basic-auth.lua | 16 ++++- docs/en/latest/plugins/basic-auth.md | 13 ++-- docs/zh/latest/plugins/basic-auth.md | 2 + t/plugin/basic-auth.t | 96 ++++++++++++++++++++++++++++ 4 files changed, 120 insertions(+), 7 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 1df25daefa86..a1abc010ccd6 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -30,7 +30,12 @@ local consumers_lrucache = core.lrucache.new({ local schema = { type = "object", title = "work with route or service object", - properties = {}, + properties = { + hide_auth_header = { + type = "boolean", + default = false, + } + }, } local consumer_schema = { @@ -39,6 +44,10 @@ local consumer_schema = { properties = { username = { type = "string" }, password = { type = "string" }, + hide_auth_header = { + type = "boolean", + default = true, + } }, required = {"username", "password"}, } @@ -161,6 +170,11 @@ function _M.rewrite(conf, ctx) return 401, { message = "Password is error" } end + -- 5. hide `Authentication` header if `hide_auth_header` is `true` + if conf.hide_auth_header == true then + core.response.set_header("Authentication", "") + end + consumer.attach_consumer(ctx, cur_consumer, consumer_conf) core.log.info("hit basic-auth access") diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index e618a58a8500..3367e7f97b7e 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -39,10 +39,11 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped ## Attributes -| Name | Type | Requirement | Default | Valid | Description | -| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | -| password | string | required | | | the user's password | +| Name | Type | Requirement | Default | Valid | Description | +| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | +| password | string | required | | | the user's password | +| hide_auth_header | boolean | optional | false | | Whether to return the Authentication response headers to the client. | ## How To Enable @@ -129,8 +130,8 @@ hello, world ## Disable Plugin When you want to disable the `basic-auth` plugin, it is very simple, - you can delete the corresponding json configuration in the plugin configuration, - no need to restart the service, it will take effect immediately: +you can delete the corresponding json configuration in the plugin configuration, +no need to restart the service, it will take effect immediately: ```shell $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d ' diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 667721bd7ede..6a178297546a 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -43,6 +43,8 @@ title: basic-auth | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | +| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 响应头返回给客户端. | + ## 如何启用 diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 79078b1aeb49..b9fdbec72c73 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -356,3 +356,99 @@ GET /t GET /t --- no_error_log [error] + + + +=== TEST 15: hide auth header = false +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "foo", + "plugins": { + "basic-auth": { + "username": "foo", + "password": "bar", + "hide_auth_header": false + } + } + }]], + [[{ + "node": { + "value": { + "username": "foo", + "plugins": { + "basic-auth": { + "username": "foo", + "password": "bar", + "hide_auth_header": false + } + } + } + }, + "action": "set" + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- request +GET /t +--- error_code: 200 +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 16: enable basic auth plugin using admin api +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "basic-auth": {} + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 17: hit route (catch the authentication header) +--- request +GET /hello +--- response_body chop +hello world +--- response_headers_like +Authentication: +--- no_error_log +[error] \ No newline at end of file From 0cee869b40c139fc6c36a71b2df82e5368b51b91 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 10:52:16 +0800 Subject: [PATCH 03/23] add test case with hide auth header --- t/plugin/basic-auth.t | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index b9fdbec72c73..8a6444117785 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -442,13 +442,16 @@ passed [error] - -=== TEST 17: hit route (catch the authentication header) +=== TEST 17: verify with hide auth header --- request GET /hello ---- response_body chop +--- more_headers +Authorization: Basic Zm9vOmJhcg== +--- response_body hello world --- response_headers_like Authentication: --- no_error_log -[error] \ No newline at end of file +[error] +--- error_log +find consumer foo \ No newline at end of file From 79ca875a8e2619d36e6551206e3f065ac12e2e12 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 11:15:54 +0800 Subject: [PATCH 04/23] Revert "fix: when eureka server return compressed data, use lua-zlib to unzip received response data" This reverts commit dc2570ab --- apisix/discovery/eureka.lua | 12 +++--------- conf/config-default.yaml | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/apisix/discovery/eureka.lua b/apisix/discovery/eureka.lua index d776838ff0d4..1dd35630a974 100644 --- a/apisix/discovery/eureka.lua +++ b/apisix/discovery/eureka.lua @@ -19,7 +19,6 @@ local local_conf = require("apisix.core.config_local").local_conf() local http = require("resty.http") local core = require("apisix.core") local ipmatcher = require("resty.ipmatcher") -local zlib = require("zlib") local ipairs = ipairs local tostring = tostring local type = type @@ -188,15 +187,10 @@ local function fetch_full_registry(premature) return end - local encoding = res.headers["Content-Encoding"] - local res_body = res.body - if encoding == 'gzip' then - local stream = zlib.inflate() - res_body = stream(res_body) - end - local data, decode_err = core.json.decode(res_body) + local json_str = res.body + local data, err = core.json.decode(json_str) if not data then - log.error("invalid response body: ", res_body, " err: ", decode_err) + log.error("invalid response body: ", json_str, " err: ", err) return end local apps = data.applications.application diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 11d9e4419ca1..9436821ce60d 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -281,7 +281,7 @@ etcd: # eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761" -# prefix: /eureka/v2/ +# prefix: /eureka/ # fetch_interval: 30 # default 30s # weight: 100 # default weight for node # timeout: From 9a9565ce96ef4f28a043768863cf3a9923d7fc8b Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 11:17:27 +0800 Subject: [PATCH 05/23] remove blank line --- docs/zh/latest/plugins/basic-auth.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 6a178297546a..1d0917569690 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -45,7 +45,6 @@ title: basic-auth | password | string | 必须 | | | 用户的密码 | | hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 响应头返回给客户端. | - ## 如何启用 ### 1. 创建一个 consumer 对象,并设置插件 `basic-auth` 的值。 From 10d35fdc9ee5a4c40a143b042b5964c28c5d4a70 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 11:18:59 +0800 Subject: [PATCH 06/23] change default value of hide_auth_header to `true` Signed-off-by: mango --- docs/en/latest/plugins/basic-auth.md | 2 +- docs/zh/latest/plugins/basic-auth.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 3367e7f97b7e..9f7ce861db65 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | | password | string | required | | | the user's password | -| hide_auth_header | boolean | optional | false | | Whether to return the Authentication response headers to the client. | +| hide_auth_header | boolean | optional | true | | Whether to return the Authentication response headers to the client. | ## How To Enable diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 1d0917569690..f7715bef2a4f 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ title: basic-auth | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 响应头返回给客户端. | +| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 响应头返回给客户端. | ## 如何启用 From c6426357863723f7acd494b3e30ef83f43fbec69 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 11:19:54 +0800 Subject: [PATCH 07/23] change default value of hide_auth_header to `true` Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index a1abc010ccd6..071a1bba02f9 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -33,7 +33,7 @@ local schema = { properties = { hide_auth_header = { type = "boolean", - default = false, + default = true, } }, } From 29d3077a7e90016d4dd267b8b216fe57f44bd1df Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 11:32:08 +0800 Subject: [PATCH 08/23] fix code lint error Signed-off-by: mango --- t/plugin/basic-auth.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 8a6444117785..445c52dbe72f 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -454,4 +454,4 @@ Authentication: --- no_error_log [error] --- error_log -find consumer foo \ No newline at end of file +find consumer foo From 1c42db05ed2d39c38457767987ed2802ecc6abce Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 13:53:44 +0800 Subject: [PATCH 09/23] fix code lint error Signed-off-by: mango --- t/plugin/basic-auth.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 445c52dbe72f..980ae31a4147 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -442,6 +442,7 @@ passed [error] + === TEST 17: verify with hide auth header --- request GET /hello From 6e8d68498842a4d5ab3e2fbdb71bacb9813f074b Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 15:13:13 +0800 Subject: [PATCH 10/23] hide Authentication request header if hide_auth_header is true Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 4 +- docs/en/latest/plugins/basic-auth.md | 2 +- docs/zh/latest/plugins/basic-auth.md | 2 +- t/plugin/basic-auth.t | 100 --------------------------- 4 files changed, 4 insertions(+), 104 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 071a1bba02f9..1e4e2c36d11a 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -170,9 +170,9 @@ function _M.rewrite(conf, ctx) return 401, { message = "Password is error" } end - -- 5. hide `Authentication` header if `hide_auth_header` is `true` + -- 5. hide `Authentication` request header if `hide_auth_header` is `true` if conf.hide_auth_header == true then - core.response.set_header("Authentication", "") + core.request.set_header(ctx, "Authentication", "") end consumer.attach_consumer(ctx, cur_consumer, consumer_conf) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 9f7ce861db65..1f4cde4b53a9 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | | password | string | required | | | the user's password | -| hide_auth_header | boolean | optional | true | | Whether to return the Authentication response headers to the client. | +| hide_auth_header | boolean | optional | true | | Whether to return the Authentication request headers to the client. | ## How To Enable diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index f7715bef2a4f..e2826de86755 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ title: basic-auth | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 响应头返回给客户端. | +| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 请求头返回给客户端. | ## 如何启用 diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 980ae31a4147..79078b1aeb49 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -356,103 +356,3 @@ GET /t GET /t --- no_error_log [error] - - - -=== TEST 15: hide auth header = false ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/consumers', - ngx.HTTP_PUT, - [[{ - "username": "foo", - "plugins": { - "basic-auth": { - "username": "foo", - "password": "bar", - "hide_auth_header": false - } - } - }]], - [[{ - "node": { - "value": { - "username": "foo", - "plugins": { - "basic-auth": { - "username": "foo", - "password": "bar", - "hide_auth_header": false - } - } - } - }, - "action": "set" - }]] - ) - - ngx.status = code - ngx.say(body) - } - } ---- request -GET /t ---- error_code: 200 ---- response_body -passed ---- no_error_log -[error] - - - -=== TEST 16: enable basic auth plugin using admin api ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/1', - ngx.HTTP_PUT, - [[{ - "plugins": { - "basic-auth": {} - }, - "upstream": { - "nodes": { - "127.0.0.1:1980": 1 - }, - "type": "roundrobin" - }, - "uri": "/hello" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- request -GET /t ---- response_body -passed ---- no_error_log -[error] - - - -=== TEST 17: verify with hide auth header ---- request -GET /hello ---- more_headers -Authorization: Basic Zm9vOmJhcg== ---- response_body -hello world ---- response_headers_like -Authentication: ---- no_error_log -[error] ---- error_log -find consumer foo From ec3bec6869f2c02e8f6099b98240d386146eaaca Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 7 Jan 2022 18:10:15 +0800 Subject: [PATCH 11/23] hide Authentication request header if hide_auth_header is true Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 6 +++--- docs/en/latest/plugins/basic-auth.md | 2 +- docs/zh/latest/plugins/basic-auth.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 1e4e2c36d11a..af937c589002 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -33,7 +33,7 @@ local schema = { properties = { hide_auth_header = { type = "boolean", - default = true, + default = false, } }, } @@ -46,7 +46,7 @@ local consumer_schema = { password = { type = "string" }, hide_auth_header = { type = "boolean", - default = true, + default = false, } }, required = {"username", "password"}, @@ -172,7 +172,7 @@ function _M.rewrite(conf, ctx) -- 5. hide `Authentication` request header if `hide_auth_header` is `true` if conf.hide_auth_header == true then - core.request.set_header(ctx, "Authentication", "") + core.request.set_header(ctx, "Authentication", nil) end consumer.attach_consumer(ctx, cur_consumer, consumer_conf) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 1f4cde4b53a9..485ee7f80bd0 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | | password | string | required | | | the user's password | -| hide_auth_header | boolean | optional | true | | Whether to return the Authentication request headers to the client. | +| hide_auth_header | boolean | optional | false | | Whether to return the Authentication request headers to the upstream. | ## How To Enable diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index e2826de86755..bad15ac2ad9b 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -43,7 +43,7 @@ title: basic-auth | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 请求头返回给客户端. | +| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 请求头传递给 upstream。 | ## 如何启用 From 484d05d9e7dfda72f5d6c78da730edd5d7eb6e9d Mon Sep 17 00:00:00 2001 From: mango Date: Mon, 10 Jan 2022 09:31:46 +0800 Subject: [PATCH 12/23] change config item `hide_auth_header` to `hide_credentials` and update docs Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 12 ++++-------- docs/en/latest/plugins/basic-auth.md | 9 ++++++++- docs/zh/latest/plugins/basic-auth.md | 9 ++++++++- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index af937c589002..8cfd434afdee 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -31,7 +31,7 @@ local schema = { type = "object", title = "work with route or service object", properties = { - hide_auth_header = { + hide_credentials = { type = "boolean", default = false, } @@ -43,11 +43,7 @@ local consumer_schema = { title = "work with consumer object", properties = { username = { type = "string" }, - password = { type = "string" }, - hide_auth_header = { - type = "boolean", - default = false, - } + password = { type = "string" } }, required = {"username", "password"}, } @@ -170,8 +166,8 @@ function _M.rewrite(conf, ctx) return 401, { message = "Password is error" } end - -- 5. hide `Authentication` request header if `hide_auth_header` is `true` - if conf.hide_auth_header == true then + -- 5. hide `Authentication` request header if `hide_credentials` is `true` + if conf.hide_credentials == true then core.request.set_header(ctx, "Authentication", nil) end diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 485ee7f80bd0..8c0fa4037f76 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -39,11 +39,18 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped ## Attributes +For consumer side: + | Name | Type | Requirement | Default | Valid | Description | | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | | password | string | required | | | the user's password | -| hide_auth_header | boolean | optional | false | | Whether to return the Authentication request headers to the upstream. | + +For route side: + +| Name | Type | Requirement | Default | Valid | Description | +| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| hide_credentials | boolean | optional | false | | Whether to return the Authentication request headers to the upstream. | ## How To Enable diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index bad15ac2ad9b..31ec1206af2a 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -39,11 +39,18 @@ title: basic-auth ## 属性 +consumer 端配置: + | 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 | | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 请求头传递给 upstream。 | + +router 端配置: + +| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 | +| -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | +| hide_credentials | boolean | 可选 | false | | 是否将 Authentication 请求头传递给 upstream。 | ## 如何启用 From 63aa7048d81e665bc2d88791026e50bfff1c6d7b Mon Sep 17 00:00:00 2001 From: mango Date: Mon, 10 Jan 2022 09:33:32 +0800 Subject: [PATCH 13/23] change config item `hide_auth_header` to `hide_credentials` and update docs Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 8cfd434afdee..321897bbc50e 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -43,7 +43,7 @@ local consumer_schema = { title = "work with consumer object", properties = { username = { type = "string" }, - password = { type = "string" } + password = { type = "string" }, }, required = {"username", "password"}, } From 210c9d555415ab8949d4e4f953117be882ad7996 Mon Sep 17 00:00:00 2001 From: mango Date: Mon, 10 Jan 2022 14:56:54 +0800 Subject: [PATCH 14/23] add test cases to cover it Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 3 +- docs/en/latest/plugins/basic-auth.md | 2 +- t/plugin/basic-auth.t | 52 ++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 2 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 321897bbc50e..c8652ad99971 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -167,8 +167,9 @@ function _M.rewrite(conf, ctx) end -- 5. hide `Authentication` request header if `hide_credentials` is `true` - if conf.hide_credentials == true then + if conf.hide_credentials then core.request.set_header(ctx, "Authentication", nil) + core.log.info("clear Authentication header of request") end consumer.attach_consumer(ctx, cur_consumer, consumer_conf) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 8c0fa4037f76..d75c72a6b52c 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -50,7 +50,7 @@ For route side: | Name | Type | Requirement | Default | Valid | Description | | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| hide_credentials | boolean | optional | false | | Whether to return the Authentication request headers to the upstream. | +| hide_credentials | boolean | optional | false | | Whether to pass the Authentication request headers to the upstream. | ## How To Enable diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 79078b1aeb49..2060a0bece73 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -356,3 +356,55 @@ GET /t GET /t --- no_error_log [error] + + + +=== TEST 15: enable basic auth plugin using admin api, set hide_credentials = true +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "basic-auth": { + "hide_credentials": true + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 16: verify +--- request +GET /hello +--- more_headers +Authorization: Basic Zm9vOmJhcg== +--- response_body +hello world +--- no_error_log +[error] +--- error_log +clear Authentication header of request From cb53193537a3470b34241e9d13287dc0f82a0358 Mon Sep 17 00:00:00 2001 From: mango Date: Mon, 10 Jan 2022 23:38:23 +0800 Subject: [PATCH 15/23] add test cases to cover it Signed-off-by: mango --- apisix/plugins/basic-auth.lua | 5 +- docs/en/latest/plugins/basic-auth.md | 2 +- docs/zh/latest/plugins/basic-auth.md | 2 +- t/plugin/basic-auth.t | 94 +++++++++++++++++++++++++++- 4 files changed, 95 insertions(+), 8 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index c8652ad99971..4955c4a0f792 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -166,10 +166,9 @@ function _M.rewrite(conf, ctx) return 401, { message = "Password is error" } end - -- 5. hide `Authentication` request header if `hide_credentials` is `true` + -- 5. hide `Authorization` request header if `hide_credentials` is `true` if conf.hide_credentials then - core.request.set_header(ctx, "Authentication", nil) - core.log.info("clear Authentication header of request") + core.request.set_header(ctx, "Authorization", nil) end consumer.attach_consumer(ctx, cur_consumer, consumer_conf) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index d75c72a6b52c..9a41dee16b6d 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -50,7 +50,7 @@ For route side: | Name | Type | Requirement | Default | Valid | Description | | -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| hide_credentials | boolean | optional | false | | Whether to pass the Authentication request headers to the upstream. | +| hide_credentials | boolean | optional | false | | Whether to pass the Authorization request headers to the upstream. | ## How To Enable diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 31ec1206af2a..8f1b18ac970f 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -50,7 +50,7 @@ router 端配置: | 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 | | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | -| hide_credentials | boolean | 可选 | false | | 是否将 Authentication 请求头传递给 upstream。 | +| hide_credentials | boolean | 可选 | false | | 是否将 Authorization 请求头传递给 upstream。 | ## 如何启用 diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 2060a0bece73..b228c39dc69f 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -20,6 +20,46 @@ repeat_each(2); no_long_string(); no_root_location(); no_shuffle(); +log_level('info'); +worker_connections(1024); + +add_block_preprocessor(sub { + my ($block) = @_; + + my $http_config = $block->http_config // <<_EOC_; + + server { + listen 1986; + server_tokens off; + + location / { + content_by_lua_block { + local core = require("apisix.core") + core.log.info("upstream_http_version: ", ngx.req.http_version()) + + local headers_tab = ngx.req.get_headers() + local headers_key = {} + for k in pairs(headers_tab) do + core.table.insert(headers_key, k) + end + core.table.sort(headers_key) + + for _, v in pairs(headers_key) do + if v == "authorization" then + ngx.say("Authorization: ", headers_tab[v]) + return + end + end + + ngx.say("hello world") + } + } + } +_EOC_ + + $block->set_value("http_config", $http_config); +}); + run_tests; __DATA__ @@ -374,7 +414,7 @@ GET /t }, "upstream": { "nodes": { - "127.0.0.1:1980": 1 + "127.0.0.1:1986": 1 }, "type": "roundrobin" }, @@ -406,5 +446,53 @@ Authorization: Basic Zm9vOmJhcg== hello world --- no_error_log [error] ---- error_log -clear Authentication header of request + + + +=== TEST 17: enable basic auth plugin using admin api, hide_credentials = false +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "basic-auth": { + "hide_credentials": false + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1986": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 18: verify +--- request +GET /hello +--- more_headers +Authorization: Basic Zm9vOmJhcg== +--- response_body +Authorization: Basic Zm9vOmJhcg== +--- no_error_log +[error] From 395ac1abe9da7274f4ad72a062d24dea066179f3 Mon Sep 17 00:00:00 2001 From: mango Date: Wed, 12 Jan 2022 14:36:34 +0800 Subject: [PATCH 16/23] add test cases Signed-off-by: mango --- t/plugin/basic-auth.t | 59 ++++++++----------------------------------- 1 file changed, 10 insertions(+), 49 deletions(-) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index b228c39dc69f..3ff36e2c71bc 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -21,45 +21,6 @@ no_long_string(); no_root_location(); no_shuffle(); log_level('info'); -worker_connections(1024); - -add_block_preprocessor(sub { - my ($block) = @_; - - my $http_config = $block->http_config // <<_EOC_; - - server { - listen 1986; - server_tokens off; - - location / { - content_by_lua_block { - local core = require("apisix.core") - core.log.info("upstream_http_version: ", ngx.req.http_version()) - - local headers_tab = ngx.req.get_headers() - local headers_key = {} - for k in pairs(headers_tab) do - core.table.insert(headers_key, k) - end - core.table.sort(headers_key) - - for _, v in pairs(headers_key) do - if v == "authorization" then - ngx.say("Authorization: ", headers_tab[v]) - return - end - end - - ngx.say("hello world") - } - } - } -_EOC_ - - $block->set_value("http_config", $http_config); -}); - run_tests; __DATA__ @@ -414,11 +375,11 @@ GET /t }, "upstream": { "nodes": { - "127.0.0.1:1986": 1 + "httpbin.org:80": 1 }, "type": "roundrobin" }, - "uri": "/hello" + "uri": "/get" }]] ) @@ -439,11 +400,11 @@ passed === TEST 16: verify --- request -GET /hello +GET /get --- more_headers Authorization: Basic Zm9vOmJhcg== ---- response_body -hello world +--- response_headers_like +!Authentication --- no_error_log [error] @@ -464,11 +425,11 @@ hello world }, "upstream": { "nodes": { - "127.0.0.1:1986": 1 + "httpbin.org:80": 1 }, "type": "roundrobin" }, - "uri": "/hello" + "uri": "/get" }]] ) @@ -489,10 +450,10 @@ passed === TEST 18: verify --- request -GET /hello +GET /get --- more_headers Authorization: Basic Zm9vOmJhcg== ---- response_body -Authorization: Basic Zm9vOmJhcg== +--- response_headers_like +Authentication: --- no_error_log [error] From 25602a74d14cdbaf4e3b03bded1db96236d21364 Mon Sep 17 00:00:00 2001 From: mango Date: Wed, 12 Jan 2022 16:00:55 +0800 Subject: [PATCH 17/23] add test cases Signed-off-by: mango --- t/plugin/basic-auth.t | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 3ff36e2c71bc..b106891d1efd 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -375,11 +375,11 @@ GET /t }, "upstream": { "nodes": { - "httpbin.org:80": 1 + "127.0.0.1:1980": 1 }, "type": "roundrobin" }, - "uri": "/get" + "uri": "/echo" }]] ) @@ -398,13 +398,13 @@ passed -=== TEST 16: verify +=== TEST 16: verify Authorization request header is hidden --- request -GET /get +GET /echo --- more_headers Authorization: Basic Zm9vOmJhcg== ---- response_headers_like -!Authentication +--- response_headers +!Authorization --- no_error_log [error] @@ -425,11 +425,11 @@ Authorization: Basic Zm9vOmJhcg== }, "upstream": { "nodes": { - "httpbin.org:80": 1 + "127.0.0.1:1980": 1 }, "type": "roundrobin" }, - "uri": "/get" + "uri": "/echo" }]] ) @@ -448,12 +448,12 @@ passed -=== TEST 18: verify +=== TEST 18: verify Authorization request header should not hidden --- request -GET /get +GET /echo --- more_headers Authorization: Basic Zm9vOmJhcg== ---- response_headers_like -Authentication: +--- response_headers +Authorization: Basic Zm9vOmJhcg== --- no_error_log [error] From 41bb17ef0a10cbb2573f5b29292eb821c40089a3 Mon Sep 17 00:00:00 2001 From: mango Date: Wed, 12 Jan 2022 16:48:59 +0800 Subject: [PATCH 18/23] update basic-auth doc Signed-off-by: mango --- docs/en/latest/plugins/basic-auth.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 9a41dee16b6d..f0b14801f73e 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -41,10 +41,10 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped For consumer side: -| Name | Type | Requirement | Default | Valid | Description | -| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | -| password | string | required | | | the user's password | +| Name | Type | Requirement | Default | Valid | Description | +| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | +| password | string | required | | | the user's password | For route side: From 49b7850f3c91d03398ad753fa9074499e04800eb Mon Sep 17 00:00:00 2001 From: mango Date: Wed, 12 Jan 2022 17:12:32 +0800 Subject: [PATCH 19/23] remove log_level Signed-off-by: mango --- t/plugin/basic-auth.t | 1 - 1 file changed, 1 deletion(-) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index b106891d1efd..b57e615dfeed 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -20,7 +20,6 @@ repeat_each(2); no_long_string(); no_root_location(); no_shuffle(); -log_level('info'); run_tests; __DATA__ From a1deeef71ce57b3289698b2d3dcca82ff2b62b82 Mon Sep 17 00:00:00 2001 From: mango <35127166+mangoGoForward@users.noreply.github.com> Date: Fri, 14 Jan 2022 09:33:12 +0800 Subject: [PATCH 20/23] Revert "feat: support hide the authentication header in basic-auth" --- apisix/discovery/eureka/init.lua | 12 +++- apisix/plugins/basic-auth.lua | 16 +---- conf/config-default.yaml | 2 +- docs/en/latest/plugins/basic-auth.md | 13 ++-- docs/zh/latest/plugins/basic-auth.md | 1 - t/plugin/basic-auth.t | 100 --------------------------- 6 files changed, 17 insertions(+), 127 deletions(-) diff --git a/apisix/discovery/eureka/init.lua b/apisix/discovery/eureka/init.lua index df72a5269e59..481e8e4b212a 100644 --- a/apisix/discovery/eureka/init.lua +++ b/apisix/discovery/eureka/init.lua @@ -19,6 +19,7 @@ local local_conf = require("apisix.core.config_local").local_conf() local http = require("resty.http") local core = require("apisix.core") local ipmatcher = require("resty.ipmatcher") +local zlib = require("zlib") local ipairs = ipairs local tostring = tostring local type = type @@ -161,10 +162,15 @@ local function fetch_full_registry(premature) return end - local json_str = res.body - local data, err = core.json.decode(json_str) + local encoding = res.headers["Content-Encoding"] + local res_body = res.body + if encoding == 'gzip' then + local stream = zlib.inflate() + res_body = stream(res_body) + end + local data, decode_err = core.json.decode(res_body) if not data then - log.error("invalid response body: ", json_str, " err: ", err) + log.error("invalid response body: ", res_body, " err: ", decode_err) return end local apps = data.applications.application diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 25183899f519..5e780566310e 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -30,12 +30,7 @@ local consumers_lrucache = core.lrucache.new({ local schema = { type = "object", title = "work with route or service object", - properties = { - hide_auth_header = { - type = "boolean", - default = true, - } - }, + properties = {}, } local consumer_schema = { @@ -44,10 +39,6 @@ local consumer_schema = { properties = { username = { type = "string" }, password = { type = "string" }, - hide_auth_header = { - type = "boolean", - default = true, - } }, required = {"username", "password"}, } @@ -181,11 +172,6 @@ function _M.rewrite(conf, ctx) return 401, { message = "Password is error" } end - -- 5. hide `Authentication` header if `hide_auth_header` is `true` - if conf.hide_auth_header == true then - core.response.set_header("Authentication", "") - end - consumer.attach_consumer(ctx, cur_consumer, consumer_conf) core.log.info("hit basic-auth access") diff --git a/conf/config-default.yaml b/conf/config-default.yaml index e1ae17912921..c0f8837ff912 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -306,7 +306,7 @@ etcd: # eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761" -# prefix: /eureka/ +# prefix: /eureka/v2/ # fetch_interval: 30 # default 30s # weight: 100 # default weight for node # timeout: diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 9f7ce861db65..e618a58a8500 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -39,11 +39,10 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped ## Attributes -| Name | Type | Requirement | Default | Valid | Description | -| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | -| password | string | required | | | the user's password | -| hide_auth_header | boolean | optional | true | | Whether to return the Authentication response headers to the client. | +| Name | Type | Requirement | Default | Valid | Description | +| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. | +| password | string | required | | | the user's password | ## How To Enable @@ -130,8 +129,8 @@ hello, world ## Disable Plugin When you want to disable the `basic-auth` plugin, it is very simple, -you can delete the corresponding json configuration in the plugin configuration, -no need to restart the service, it will take effect immediately: + you can delete the corresponding json configuration in the plugin configuration, + no need to restart the service, it will take effect immediately: ```shell $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d ' diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index f7715bef2a4f..667721bd7ede 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -43,7 +43,6 @@ title: basic-auth | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 响应头返回给客户端. | ## 如何启用 diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 5c06e2ca7e83..a780f3b618f8 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -395,103 +395,3 @@ GET /t GET /t --- no_error_log [error] - - - -=== TEST 15: hide auth header = false ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/consumers', - ngx.HTTP_PUT, - [[{ - "username": "foo", - "plugins": { - "basic-auth": { - "username": "foo", - "password": "bar", - "hide_auth_header": false - } - } - }]], - [[{ - "node": { - "value": { - "username": "foo", - "plugins": { - "basic-auth": { - "username": "foo", - "password": "bar", - "hide_auth_header": false - } - } - } - }, - "action": "set" - }]] - ) - - ngx.status = code - ngx.say(body) - } - } ---- request -GET /t ---- error_code: 200 ---- response_body -passed ---- no_error_log -[error] - - - -=== TEST 16: enable basic auth plugin using admin api ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/1', - ngx.HTTP_PUT, - [[{ - "plugins": { - "basic-auth": {} - }, - "upstream": { - "nodes": { - "127.0.0.1:1980": 1 - }, - "type": "roundrobin" - }, - "uri": "/hello" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- request -GET /t ---- response_body -passed ---- no_error_log -[error] - - - -=== TEST 17: verify with hide auth header ---- request -GET /hello ---- more_headers -Authorization: Basic Zm9vOmJhcg== ---- response_body -hello world ---- response_headers_like -Authentication: ---- no_error_log -[error] ---- error_log -find consumer foo From 85312273291a8a40c499f4155b6aad51af44aa55 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 14 Jan 2022 09:51:20 +0800 Subject: [PATCH 21/23] Revert "Revert "feat: support hide the authentication header in basic-auth"" This reverts commit a1deeef7 Signed-off-by: mango --- apisix/discovery/eureka/init.lua | 12 +++--------- conf/config-default.yaml | 2 +- docs/zh/latest/plugins/basic-auth.md | 1 + 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/apisix/discovery/eureka/init.lua b/apisix/discovery/eureka/init.lua index 481e8e4b212a..df72a5269e59 100644 --- a/apisix/discovery/eureka/init.lua +++ b/apisix/discovery/eureka/init.lua @@ -19,7 +19,6 @@ local local_conf = require("apisix.core.config_local").local_conf() local http = require("resty.http") local core = require("apisix.core") local ipmatcher = require("resty.ipmatcher") -local zlib = require("zlib") local ipairs = ipairs local tostring = tostring local type = type @@ -162,15 +161,10 @@ local function fetch_full_registry(premature) return end - local encoding = res.headers["Content-Encoding"] - local res_body = res.body - if encoding == 'gzip' then - local stream = zlib.inflate() - res_body = stream(res_body) - end - local data, decode_err = core.json.decode(res_body) + local json_str = res.body + local data, err = core.json.decode(json_str) if not data then - log.error("invalid response body: ", res_body, " err: ", decode_err) + log.error("invalid response body: ", json_str, " err: ", err) return end local apps = data.applications.application diff --git a/conf/config-default.yaml b/conf/config-default.yaml index c0f8837ff912..e1ae17912921 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -306,7 +306,7 @@ etcd: # eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761" -# prefix: /eureka/v2/ +# prefix: /eureka/ # fetch_interval: 30 # default 30s # weight: 100 # default weight for node # timeout: diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 8f1b18ac970f..8f4410364410 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -45,6 +45,7 @@ consumer 端配置: | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | +| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 响应头返回给客户端. | router 端配置: From 31af04df986ab2c3fc2ec8a33d14796c80c82c97 Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 14 Jan 2022 09:53:26 +0800 Subject: [PATCH 22/23] change en doc Signed-off-by: mango --- docs/en/latest/plugins/basic-auth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 422ae216e108..f0b14801f73e 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -137,8 +137,8 @@ hello, world ## Disable Plugin When you want to disable the `basic-auth` plugin, it is very simple, - you can delete the corresponding json configuration in the plugin configuration, - no need to restart the service, it will take effect immediately: +you can delete the corresponding json configuration in the plugin configuration, +no need to restart the service, it will take effect immediately: ```shell $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d ' From ccc46b642e15fa843198e5891611b88327f36f7f Mon Sep 17 00:00:00 2001 From: mango Date: Fri, 14 Jan 2022 09:54:21 +0800 Subject: [PATCH 23/23] change zh doc Signed-off-by: mango --- docs/zh/latest/plugins/basic-auth.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index 8f4410364410..8f1b18ac970f 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -45,7 +45,6 @@ consumer 端配置: | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ | | username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 | | password | string | 必须 | | | 用户的密码 | -| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 响应头返回给客户端. | router 端配置: