diff --git a/.travis/linux_apisix_current_luarocks_runner.sh b/.travis/linux_apisix_current_luarocks_runner.sh index 12fcb15e0e96..7c30dc3c5bd4 100755 --- a/.travis/linux_apisix_current_luarocks_runner.sh +++ b/.travis/linux_apisix_current_luarocks_runner.sh @@ -54,6 +54,13 @@ script() { # apisix cli test sudo PATH=$PATH .travis/apisix_cli_test.sh + cat /usr/local/apisix/logs/error.log | grep '\[error\]' > /tmp/error.log | true + if [ -s /tmp/error.log ]; then + echo "=====found error log=====" + cat /usr/local/apisix/logs/error.log + exit 1 + fi + sudo luarocks remove rockspec/apisix-master-0.rockspec } diff --git a/.travis/linux_apisix_master_luarocks_runner.sh b/.travis/linux_apisix_master_luarocks_runner.sh index e1fe268dab37..7be638945209 100755 --- a/.travis/linux_apisix_master_luarocks_runner.sh +++ b/.travis/linux_apisix_master_luarocks_runner.sh @@ -64,6 +64,12 @@ script() { # apisix cli test sudo PATH=$PATH .travis/apisix_cli_test.sh + cat /usr/local/apisix/logs/error.log | grep '\[error\]' > /tmp/error.log | true + if [ -s /tmp/error.log ]; then + echo "=====found error log=====" + cat /usr/local/apisix/logs/error.log + fi + sudo luarocks remove rockspec/apisix-master-0.rockspec } diff --git a/.travis/linux_openresty_runner.sh b/.travis/linux_openresty_runner.sh index 30ef044eeeaf..f941f9bac75d 100755 --- a/.travis/linux_openresty_runner.sh +++ b/.travis/linux_openresty_runner.sh @@ -39,7 +39,7 @@ before_install() { docker pull bitnami/kafka:latest docker network create kafka-net --driver bridge docker run --name zookeeper-server -d -p 2181:2181 --network kafka-net -e ALLOW_ANONYMOUS_LOGIN=yes bitnami/zookeeper:3.6.0 - docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest + docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest sleep 5 docker exec -it kafka-server1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server:2181 --replication-factor 1 --partitions 1 --topic test2 } diff --git a/.travis/linux_tengine_runner.sh b/.travis/linux_tengine_runner.sh index d14cec25d5dd..f73a1bdddfe4 100755 --- a/.travis/linux_tengine_runner.sh +++ b/.travis/linux_tengine_runner.sh @@ -39,7 +39,7 @@ before_install() { docker pull bitnami/kafka:latest docker network create kafka-net --driver bridge docker run --name zookeeper-server -d -p 2181:2181 --network kafka-net -e ALLOW_ANONYMOUS_LOGIN=yes bitnami/zookeeper:3.6.0 - docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest + docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest sleep 5 docker exec -it kafka-server1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server:2181 --replication-factor 1 --partitions 1 --topic test2 } diff --git a/Makefile b/Makefile index 780dc1e590b1..a69576516e2b 100644 --- a/Makefile +++ b/Makefile @@ -156,6 +156,9 @@ install: $(INSTALL) -d $(INST_LUADIR)/apisix/lua/apisix/stream/router $(INSTALL) lua/apisix/stream/router/*.lua $(INST_LUADIR)/apisix/lua/apisix/stream/router/ + $(INSTALL) -d $(INST_LUADIR)/apisix/lua/apisix/utils + $(INSTALL) lua/apisix/utils/*.lua $(INST_LUADIR)/apisix/lua/apisix/utils/ + $(INSTALL) README.md $(INST_CONFDIR)/README.md $(INSTALL) bin/apisix $(INST_BINDIR)/apisix diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index 6699b0c20aef..d6887d35a93f 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -273,3 +273,148 @@ WWW-Authenticate: Bearer realm=apisix --- no_error_log [error] --- SKIP + + + +=== TEST 8: update plugin public key +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "openid-connect": { + "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH", + "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", + "discovery": "https://samples.auth0.com/.well-known/openid-configuration", + "redirect_uri": "https://iresty.com", + "ssl_verify": false, + "timeout": 10, + "bearer_only": true, + "scope": "apisix", + "public_key": "-----BEGIN PUBLIC KEY----- +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANW16kX5SMrMa2t7F2R1w6Bk/qpjS4QQ +hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ== +-----END PUBLIC KEY-----", + "token_signing_alg_values_expected": "RS256" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]], + [[{ + "node": { + "value": { + "plugins": { + "openid-connect": { + "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH", + "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", + "discovery": "https://samples.auth0.com/.well-known/openid-configuration", + "redirect_uri": "https://iresty.com", + "ssl_verify": "no", + "timeout": 10000, + "bearer_only": true, + "scope": "apisix", + "public_key": "-----BEGIN PUBLIC KEY----- +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANW16kX5SMrMa2t7F2R1w6Bk/qpjS4QQ +hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ== +-----END PUBLIC KEY-----", + "token_signing_alg_values_expected": "RS256" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }, + "key": "/apisix/routes/1" + }, + "action": "set" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 9: access introspection with correct token +--- config + location /t { + content_by_lua_block { + local http = require "resty.http" + local httpc = http.new() + local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello" + local res, err = httpc:request_uri(uri, { + method = "GET", + headers = { + ["Authorization"] = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9" .. + ".eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk" .. + "4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCB" .. + "jb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqX" .. + "RyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w", + } + }) + ngx.status = res.status + if res.status == 200 then + ngx.say(true) + end + } + } +--- request +GET /t +--- response_body +true +--- no_error_log +[error] + + + +=== TEST 10: access introspection with wrong token +--- config + location /t { + content_by_lua_block { + local http = require "resty.http" + local httpc = http.new() + local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello" + local res, err = httpc:request_uri(uri, { + method = "GET", + headers = { + ["Authorization"] = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9" .. + ".eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk" .. + "4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCB" .. + "jb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqX" .. + "RyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7", + } + }) + ngx.status = res.status + if res.status == 200 then + ngx.say(true) + end + } + } +--- request +GET /t +--- error_code: 401 +--- error_log +jwt signature verification failed diff --git a/utils/check-lua-code-style.sh b/utils/check-lua-code-style.sh index 7e67a8340fe8..9a73bfadf54e 100755 --- a/utils/check-lua-code-style.sh +++ b/utils/check-lua-code-style.sh @@ -32,7 +32,7 @@ luacheck -q lua lua/apisix/plugins/limit-count/*.lua > \ /tmp/check.log 2>&1 || (cat /tmp/check.log && exit 1) -count=`grep -E ".lua:[0-9]+:" /tmp/check.log -c || true` +count=`grep -E ".lua:[0-9]+:" /tmp/check.log -c | true` if [ $count -ne 0 ] then