From ab4fe8837da6aba4aca868291c0ea9f3876fa829 Mon Sep 17 00:00:00 2001 From: soulbird Date: Wed, 23 Nov 2022 15:57:20 +0800 Subject: [PATCH] refactor(consumer): expose create_consume_cache so that we can preprocess the consumer conf (#8379) Co-authored-by: soulbird --- apisix/consumer.lua | 23 +++++++++++++++++++++++ apisix/plugins/basic-auth.lua | 25 ++----------------------- apisix/plugins/hmac-auth.lua | 25 +------------------------ apisix/plugins/jwt-auth.lua | 29 ++--------------------------- apisix/plugins/key-auth.lua | 27 +-------------------------- apisix/plugins/ldap-auth.lua | 27 +++------------------------ apisix/plugins/wolf-rbac.lua | 28 ++-------------------------- 7 files changed, 34 insertions(+), 150 deletions(-) diff --git a/apisix/consumer.lua b/apisix/consumer.lua index 2eaf67d4ed16..27ea42768720 100644 --- a/apisix/consumer.lua +++ b/apisix/consumer.lua @@ -28,6 +28,9 @@ local _M = { version = 0.3, } +local lrucache = core.lrucache.new({ + ttl = 300, count = 512 +}) local function plugin_consumer() local plugins = {} @@ -94,6 +97,26 @@ function _M.consumers() end +local function create_consume_cache(consumers_conf, key_attr) + local consumer_names = {} + + for _, consumer in ipairs(consumers_conf.nodes) do + core.log.info("consumer node: ", core.json.delay_encode(consumer)) + consumer_names[consumer.auth_conf[key_attr]] = consumer + end + + return consumer_names +end + + +function _M.consumers_kv(plugin_name, consumer_conf, key_attr) + local consumers = lrucache("consumers_key#".. plugin_name, consumer_conf.conf_version, + create_consume_cache, consumer_conf, key_attr) + + return consumers +end + + local function check_consumer(consumer) return plugin_checker(consumer, core.schema.TYPE_CONSUMER) end diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 32c0e0445966..5f984ed66a09 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -17,15 +17,11 @@ local core = require("apisix.core") local ngx = ngx local ngx_re = require("ngx.re") -local ipairs = ipairs local consumer = require("apisix.consumer") local lrucache = core.lrucache.new({ ttl = 300, count = 512 }) -local consumers_lrucache = core.lrucache.new({ - type = "plugin", -}) local schema = { type = "object", @@ -50,6 +46,7 @@ local consumer_schema = { local plugin_name = "basic-auth" + local _M = { version = 0.1, priority = 2520, @@ -122,22 +119,6 @@ local function extract_auth_header(authorization) end -local create_consume_cache -do - local consumer_names = {} - - function create_consume_cache(consumers) - core.table.clear(consumer_names) - - for _, cur_consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", - core.json.delay_encode(cur_consumer)) - consumer_names[cur_consumer.auth_conf.username] = cur_consumer - end - - return consumer_names - end -end function _M.rewrite(conf, ctx) core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf)) @@ -161,9 +142,7 @@ function _M.rewrite(conf, ctx) return 401, { message = "Missing related consumer" } end - local consumers = consumers_lrucache("consumers_key", - consumer_conf.conf_version, - create_consume_cache, consumer_conf) + local consumers = consumer.consumers_kv(plugin_name, consumer_conf, "username") -- 3. check user exists local cur_consumer = consumers[username] diff --git a/apisix/plugins/hmac-auth.lua b/apisix/plugins/hmac-auth.lua index 5c234937ef76..c03e5ce82438 100644 --- a/apisix/plugins/hmac-auth.lua +++ b/apisix/plugins/hmac-auth.lua @@ -39,9 +39,6 @@ local SIGNED_HEADERS_KEY = "X-HMAC-SIGNED-HEADERS" local plugin_name = "hmac-auth" local MAX_REQ_BODY = 1024 * 512 -local lrucache = core.lrucache.new({ - type = "plugin", -}) local schema = { type = "object", @@ -139,24 +136,6 @@ local function remove_headers(ctx, ...) end -local create_consumer_cache -do - local consumer_names = {} - - function create_consumer_cache(consumers) - core.table.clear(consumer_names) - - for _, consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", core.json.delay_encode(consumer)) - consumer_names[consumer.auth_conf.access_key] = consumer - end - - return consumer_names - end - -end -- do - - function _M.check_schema(conf, schema_type) core.log.info("input conf: ", core.json.delay_encode(conf)) @@ -178,9 +157,7 @@ local function get_consumer(access_key) return nil, "Missing related consumer" end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consumer_cache, consumer_conf) - + local consumers = consumer.consumers_kv(plugin_name, consumer_conf, "access_key") local consumer = consumers[access_key] if not consumer then return nil, "Invalid access key" diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua index a3c366f1ffda..1215fedb9c9b 100644 --- a/apisix/plugins/jwt-auth.lua +++ b/apisix/plugins/jwt-auth.lua @@ -23,7 +23,6 @@ local new_tab = require ("table.new") local ngx_encode_base64 = ngx.encode_base64 local ngx_decode_base64 = ngx.decode_base64 -local ipairs = ipairs local ngx = ngx local ngx_time = ngx.time local sub_str = string.sub @@ -34,10 +33,6 @@ local plugin_name = "jwt-auth" local pcall = pcall -local lrucache = core.lrucache.new({ - type = "plugin", -}) - local schema = { type = "object", properties = { @@ -137,24 +132,6 @@ local _M = { } -local create_consume_cache -do - local consumer_names = {} - - function create_consume_cache(consumers) - core.table.clear(consumer_names) - - for _, consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", core.json.delay_encode(consumer)) - consumer_names[consumer.auth_conf.key] = consumer - end - - return consumer_names - end - -end -- do - - function _M.check_schema(conf, schema_type) core.log.info("input conf: ", core.json.delay_encode(conf)) @@ -435,8 +412,7 @@ function _M.rewrite(conf, ctx) return 401, {message = "Missing related consumer"} end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consume_cache, consumer_conf) + local consumers = consumer_mod.consumers_kv(plugin_name, consumer_conf, "key") local consumer = consumers[user_key] if not consumer then @@ -482,8 +458,7 @@ local function gen_token() return core.response.exit(404) end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consume_cache, consumer_conf) + local consumers = consumer_mod.consumers_kv(plugin_name, consumer_conf, "key") core.log.info("consumers: ", core.json.delay_encode(consumers)) local consumer = consumers[key] diff --git a/apisix/plugins/key-auth.lua b/apisix/plugins/key-auth.lua index 3c0f8a97acb2..5806025a6c7f 100644 --- a/apisix/plugins/key-auth.lua +++ b/apisix/plugins/key-auth.lua @@ -17,13 +17,8 @@ local core = require("apisix.core") local consumer_mod = require("apisix.consumer") local plugin_name = "key-auth" -local ipairs = ipairs -local lrucache = core.lrucache.new({ - type = "plugin", -}) - local schema = { type = "object", properties = { @@ -61,24 +56,6 @@ local _M = { } -local create_consume_cache -do - local consumer_names = {} - - function create_consume_cache(consumers) - core.table.clear(consumer_names) - - for _, consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", core.json.delay_encode(consumer)) - consumer_names[consumer.auth_conf.key] = consumer - end - - return consumer_names - end - -end -- do - - function _M.check_schema(conf, schema_type) if schema_type == core.schema.TYPE_CONSUMER then return core.schema.check(consumer_schema, conf) @@ -107,9 +84,7 @@ function _M.rewrite(conf, ctx) return 401, {message = "Missing related consumer"} end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consume_cache, consumer_conf) - + local consumers = consumer_mod.consumers_kv(plugin_name, consumer_conf, "key") local consumer = consumers[key] if not consumer then return 401, {message = "Invalid API key in request"} diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua index d155696b6337..6486f9a13c91 100644 --- a/apisix/plugins/ldap-auth.lua +++ b/apisix/plugins/ldap-auth.lua @@ -17,14 +17,9 @@ local core = require("apisix.core") local ngx = ngx local ngx_re = require("ngx.re") -local ipairs = ipairs local consumer_mod = require("apisix.consumer") local ldap = require("resty.ldap") -local lrucache = core.lrucache.new({ - ttl = 300, count = 512 -}) - local schema = { type = "object", title = "work with route or service object", @@ -49,6 +44,7 @@ local consumer_schema = { local plugin_name = "ldap-auth" + local _M = { version = 0.1, priority = 2540, @@ -69,23 +65,6 @@ function _M.check_schema(conf, schema_type) return ok, err end -local create_consumer_cache -do - local consumer_names = {} - - function create_consumer_cache(consumers) - core.table.clear(consumer_names) - - for _, consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", core.json.delay_encode(consumer)) - consumer_names[consumer.auth_conf.user_dn] = consumer - end - - return consumer_names - end - -end -- do - local function extract_auth_header(authorization) local obj = { username = "", password = "" } @@ -162,8 +141,8 @@ function _M.rewrite(conf, ctx) if not consumer_conf then return 401, { message = "Missing related consumer" } end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consumer_cache, consumer_conf) + + local consumers = consumer_mod.consumers_kv(plugin_name, consumer_conf, "user_dn") local consumer = consumers[userdn] if not consumer then return 401, {message = "Invalid user authorization"} diff --git a/apisix/plugins/wolf-rbac.lua b/apisix/plugins/wolf-rbac.lua index a6be6474cd9b..62cb7b04fbba 100644 --- a/apisix/plugins/wolf-rbac.lua +++ b/apisix/plugins/wolf-rbac.lua @@ -21,7 +21,6 @@ local json = require("apisix.core.json") local sleep = core.sleep local ngx_re = require("ngx.re") local http = require("resty.http") -local ipairs = ipairs local ngx = ngx local rawget = rawget local rawset = rawset @@ -34,10 +33,6 @@ local req_get_body_data = ngx.req.get_body_data local plugin_name = "wolf-rbac" -local lrucache = core.lrucache.new({ - type = "plugin", -}) - local schema = { type = "object", properties = { @@ -65,23 +60,6 @@ local _M = { } -local create_consume_cache -do - local consumer_names = {} - - function create_consume_cache(consumers) - core.table.clear(consumer_names) - - for _, consumer in ipairs(consumers.nodes) do - core.log.info("consumer node: ", core.json.delay_encode(consumer)) - consumer_names[consumer.auth_conf.appid] = consumer - end - - return consumer_names - end - -end -- do - local token_version = 'V1' local function create_rbac_token(appid, wolf_token) return token_version .. "#" .. appid .. "#" .. wolf_token @@ -285,8 +263,7 @@ function _M.rewrite(conf, ctx) return 401, fail_response("Missing related consumer") end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consume_cache, consumer_conf) + local consumers = consumer.consumers_kv(plugin_name, consumer_conf, "appid") core.log.info("------ consumers: ", core.json.delay_encode(consumers)) local consumer = consumers[appid] @@ -353,8 +330,7 @@ local function get_consumer(appid) core.response.exit(500) end - local consumers = lrucache("consumers_key", consumer_conf.conf_version, - create_consume_cache, consumer_conf) + local consumers = consumer.consumers_kv(plugin_name, consumer_conf, "appid") core.log.info("------ consumers: ", core.json.delay_encode(consumers)) local consumer = consumers[appid]