Skip to content

Commit

Permalink
Merge pull request #79 from TencentBlueKing/master
Browse files Browse the repository at this point in the history
  • Loading branch information
wklken authored May 13, 2024
2 parents 63af8b1 + ecfe3c6 commit 3e1d3a3
Show file tree
Hide file tree
Showing 10 changed files with 1,417 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/apisix/ci/Dockerfile.apisix-test-nginx
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ RUN wget https://github.com/apache/apisix/archive/refs/tags/${APISIX_VERSION}.ta
# install dependencies
ARG CODE_DIR=/codes/apisix-${APISIX_VERSION}
RUN sed -i 's#yum install -y openresty openresty-debug openresty-openssl111-debug-devel pcre pcre-devel#yum install -y openresty openresty-debug openresty-openssl111-debug-devel pcre pcre-devel --skip-broken#g' ${CODE_DIR}/ci/centos7-ci.sh
RUN sed -i 's|https://registry.npm.taobao.org|https://registry.npmmirror.com|g' ${CODE_DIR}/t/plugin/grpc-web/package-lock.json
RUN cd ${CODE_DIR} && bash ./ci/centos7-ci.sh install_dependencies
RUN cp -r ${CODE_DIR}/t /usr/local/apisix/

Expand Down
101 changes: 101 additions & 0 deletions src/apisix/t/bk-delete-cookie.t
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
#
# TencentBlueKing is pleased to support the open source community by making
# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available.
# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
# Licensed under the MIT License (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://opensource.org/licenses/MIT
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions and
# limitations under the License.
#
# We undertake not to change the open source license (MIT license) applicable
# to the current version of the project delivered to anyone in the future.
#

use t::APISIX 'no_plan';

repeat_each(1);
no_long_string();
no_shuffle();
no_root_location();

add_block_preprocessor(sub {
my ($block) = @_;

if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
});

run_tests;

__DATA__
=== TEST 1: sanity
--- config
location /t {
content_by_lua_block {
local plugin = require("apisix.plugins.bk-delete-cookie")
local ok, err = plugin.check_schema({})
if not ok then
ngx.say(err)
end
ngx.say("done")
}
}
--- response_body
done
=== TEST 2: add route
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"bk-delete-cookie": {},
"bk-proxy-rewrite": {
"uri": "/uri/plugin_proxy_rewrite"
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
-- code is 201, body is passed
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 3: check with cookie
--- request
GET /hello HTTP/1.1
--- more_headers
Cookie: test cookie
--- response_body
uri: /uri/plugin_proxy_rewrite
host: localhost
x-real-ip: 127.0.0.1
212 changes: 212 additions & 0 deletions src/apisix/t/bk-ip-group-restriction.t
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@
#
# TencentBlueKing is pleased to support the open source community by making
# 蓝鲸智云 - API 网关(BlueKing - APIGateway) available.
# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
# Licensed under the MIT License (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://opensource.org/licenses/MIT
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions and
# limitations under the License.
#
# We undertake not to change the open source license (MIT license) applicable
# to the current version of the project delivered to anyone in the future.
#

BEGIN {
if ($ENV{TEST_NGINX_CHECK_LEAK}) {
$SkipReason = "unavailable for the hup tests";

} else {
$ENV{TEST_NGINX_USE_HUP} = 1;
undef $ENV{TEST_NGINX_USE_STAP};
}
}

use t::APISIX 'no_plan';

repeat_each(1);
no_long_string();
no_shuffle();
no_root_location();

run_tests;

__DATA__
=== TEST 1: sanity
--- config
location /t {
content_by_lua_block {
local plugin = require("apisix.plugins.bk-ip-group-restriction")
local ok, err = plugin.check_schema({
allow = {{
id = 1,
name = "1",
content = "1.1.1.1\n# test\n1.1.1.2",
comment = "test allow"
}},
deny = {{
id = 2,
name = "2",
content = "192.168.1.1\n# test\n192.168.1.2",
comment = "test deny"
}}
})
if not ok then
ngx.say(err)
end
ngx.say("done")
}
}
--- request
GET /t
--- response_body
done
=== TEST 2: add plugin allow ip group
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"bk-ip-group-restriction": {
"allow": [{
"id": 1,
"name": "1",
"content": "127.0.0.0/24\n# test\n1.1.1.1",
"comment": "test allow"
}]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
-- code is 201, body is passed
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 3: hit route and ip cidr in the whitelist
--- request
GET /hello
--- response_body
hello world
=== TEST 4: add plugin deny ip group
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"bk-ip-group-restriction": {
"deny": [{
"id": 1,
"name": "1",
"content": "127.0.0.0/24\n# test\n1.1.1.1",
"comment": "test allow"
}]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
-- code is 201, body is passed
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 5: hit route and ip cidr in the denylist
--- request
GET /hello
--- error_code: 403
=== TEST 6: add plugin error ip
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"bk-ip-group-restriction": {
"allow": [{
"id": 1,
"name": "1",
"content": "test error",
"comment": "test allow"
}]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
-- code is 201, body is passed
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 7: ignore error ip match
--- request
GET /hello
--- error_code: 403
Loading

0 comments on commit 3e1d3a3

Please sign in to comment.