Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(request.header): core.request.header return string instead of table #11127

Merged
merged 3 commits into from
Apr 8, 2024
Merged

fix(request.header): core.request.header return string instead of table #11127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
592a7dd
fix(request.header): core.request.header return string instead of table
ronething Apr 2, 2024
c2376cb
fix: lint
ronething Apr 8, 2024
fba9cfa
fix: line too long
ronething Apr 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion apisix/core/request.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,9 @@ function _M.header(ctx, name)
if not ctx then
ctx = ngx.ctx.api_ctx
end
return _headers(ctx)[name]

local value = _headers(ctx)[name]
return type(value) == "table" and value[1] or value
end

local function modify_header(ctx, header_name, header_value, override)
Expand Down
4 changes: 3 additions & 1 deletion apisix/plugins/real-ip.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,9 @@ end
local function get_addr(conf, ctx)
if conf.source == "http_x_forwarded_for" then
-- use the last address from X-Forwarded-For header
local addrs = core.request.header(ctx, "X-Forwarded-For")
-- after core.request.header function changed
-- we need to get original header value by using core.request.headers
local addrs = core.request.headers(ctx)["X-Forwarded-For"]
if not addrs then
return nil
end
Expand Down
4 changes: 3 additions & 1 deletion apisix/plugins/ua-restriction.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,9 @@ end


function _M.access(conf, ctx)
local user_agent = core.request.header(ctx, "User-Agent")
-- after core.request.header function changed
-- we need to get original header value by using core.request.headers
local user_agent = core.request.headers(ctx)["User-Agent"]

if not user_agent then
if conf.bypass_missing then
Expand Down
4 changes: 2 additions & 2 deletions t/core/request.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -454,10 +454,10 @@ $s
local h = core.request.header(ctx, "test_header")
ngx.say(h)
core.request.add_header(ctx, "test_header", "t2")
local h2 = core.request.header(ctx, "test_header")
local h2 = core.request.headers(ctx)["test_header"]
ngx.say(json.encode(h2))
core.request.add_header(ctx, "test_header", "t3")
local h3 = core.request.header(ctx, "test_header")
local h3 = core.request.headers(ctx)["test_header"]
ngx.say(json.encode(h3))
}
}
Expand Down
83 changes: 72 additions & 11 deletions t/plugin/hmac-auth.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,67 @@ passed



=== TEST 15: add consumer with 0 clock skew
=== TEST 15: verify: ok (multiple duplicates X-HMAC-SIGNATURE header)
--- config
location /t {
content_by_lua_block {
local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
local hmac = require("resty.hmac")
local ngx_encode_base64 = ngx.encode_base64

local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"
core.log.info("signing_string:", signing_string)

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
local encoded_signature = ngx_encode_base64(signature)
headers["X-HMAC-SIGNATURE"] = {encoded_signature, "another-signature"}
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

local code, body = t.test('/hello',
ngx.HTTP_GET,
"",
nil,
headers
)

ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed



=== TEST 16: add consumer with 0 clock skew
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -413,11 +473,12 @@ passed



=== TEST 16: verify: invalid signature
=== TEST 17: verify: invalid signature
--- request
GET /hello
--- more_headers
X-HMAC-SIGNATURE: asdf
X-HMAC-SIGNATURE: asdf
X-HMAC-ALGORITHM: hmac-sha256
Date: Thu, 24 Sep 2020 06:39:52 GMT
X-HMAC-ACCESS-KEY: my-access-key3
Expand All @@ -431,7 +492,7 @@ client request can't be validated: Invalid signature



=== TEST 17: add consumer with 1 clock skew
=== TEST 18: add consumer with 1 clock skew
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -463,7 +524,7 @@ passed



=== TEST 18: verify: Invalid GMT format time
=== TEST 19: verify: Invalid GMT format time
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -520,7 +581,7 @@ client request can't be validated: Clock skew exceeded



=== TEST 19: verify: put ok
=== TEST 20: verify: put ok
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -583,7 +644,7 @@ passed



=== TEST 20: verify: put ok (pass auth data by header `Authorization`)
=== TEST 21: verify: put ok (pass auth data by header `Authorization`)
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -645,7 +706,7 @@ passed



=== TEST 21: hit route without auth info
=== TEST 22: hit route without auth info
--- request
GET /hello
--- error_code: 401
Expand All @@ -658,7 +719,7 @@ client request can't be validated: access key or signature missing



=== TEST 22: add consumer with signed_headers
=== TEST 23: add consumer with signed_headers
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -690,7 +751,7 @@ passed



=== TEST 23: verify with invalid signed header
=== TEST 24: verify with invalid signed header
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -745,7 +806,7 @@ client request can't be validated: Invalid signed header x-custom-header-c



=== TEST 24: verify ok with signed headers
=== TEST 25: verify ok with signed headers
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -800,7 +861,7 @@ passed



=== TEST 25: add consumer with plugin hmac-auth - empty configuration
=== TEST 26: add consumer with plugin hmac-auth - empty configuration
--- config
location /t {
content_by_lua_block {
Expand Down
Loading