Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: rewrite hmac-auth plugin for usability #11581

Merged
merged 8 commits into from
Sep 19, 2024
Merged

feat: rewrite hmac-auth plugin for usability #11581

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
42552bc
feat: backport hmac-auth plugin refactor
Revolyssup Sep 17, 2024
f368463
fix spelling
Revolyssup Sep 17, 2024
1f48b1d
fix lint
Revolyssup Sep 17, 2024
72ca1d4
fix lint
Revolyssup Sep 17, 2024
e5773c8
fix configuration
Revolyssup Sep 17, 2024
ee595ab
reindex
Revolyssup Sep 17, 2024
5793e98
apply suggestion
Revolyssup Sep 18, 2024
2422020
format
Revolyssup Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
364 changes: 135 additions & 229 deletions apisix/plugins/hmac-auth.lua
View file
Open in desktop

Large diffs are not rendered by default.

21 changes: 8 additions & 13 deletions t/node/consumer-plugin.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ GET /t
"key": "consumer-plugin-John_Doe"
},
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key",
"clock_skew": 1
}
Expand Down Expand Up @@ -341,30 +341,25 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/status",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /status",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"
core.log.info("signing_string:", signing_string)

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
122 changes: 46 additions & 76 deletions t/plugin/consumer-restriction.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,7 +738,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -811,29 +811,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -934,29 +929,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -992,7 +982,7 @@ qr/\{"message":"The service_id is forbidden."\}/
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1064,29 +1054,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1158,29 +1143,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1213,7 +1193,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1248,29 +1228,24 @@ location /t {
local ngx_encode_base64 = ngx.encode_base64
local secret_key = "my-secret-key"
local gmt = ngx_http_time(ngx_time)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1303,7 +1278,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1340,29 +1315,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
Loading
Loading