Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request validation plugin #1709

Merged
merged 17 commits into from
Jul 21, 2020
Merged

Request validation plugin #1709

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6368c33
Adding request validation initial draft
sshniro Jun 13, 2020
b38a565
Merge branch 'master' into request-validator
sshniro Jun 13, 2020
89be33e
Adding request validation plugin
sshniro Jun 13, 2020
9fa1d83
Adding docs
sshniro Jun 13, 2020
25ac2d2
Removing empty spaces
sshniro Jun 13, 2020
f1500d4
Adding content type check before decoding json
sshniro Jun 14, 2020
4e09d32
Adding content type check before decoding json
sshniro Jun 14, 2020
4b2988e
Removing unused variable
sshniro Jun 14, 2020
5abbc07
Removing unused variable
sshniro Jun 14, 2020
0c81b44
Merge branch 'master' into request-validator
Jul 16, 2020
e961fc4
Down merge changes
sshniro Jul 16, 2020
ba75aaa
Adding test cases for header conf
sshniro Jul 16, 2020
c7bd32a
Refactoring to support x-www-form-urlencoded header
sshniro Jul 17, 2020
151575a
Merge branch 'master' into request-validator
sshniro Jul 17, 2020
9c0306d
Adding additional line for unit test
sshniro Jul 17, 2020
778cdc1
Removing gloval variable
sshniro Jul 17, 2020
fae02fe
Removing global variable
sshniro Jul 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions apisix/plugins/request-validation.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements. See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
local core = require("apisix.core")
local plugin_name = "request-validation"
local json_decode = require("cjson").decode
local ngx = ngx

local schema = {
type = "object",
properties = {
body_schema = {type = "object"},
header_schema = {type = "object"}
},
anyOf = {
{required = {"body_schema"}},
{required = {"header_schema"}}
}
}


local _M = {
version = 0.1,
priority = 2800,
type = 'validation',
sshniro marked this conversation as resolved.
Show resolved Hide resolved
name = plugin_name,
schema = schema,
}


function _M.check_schema(conf)
return core.schema.check(schema, conf)
Copy link
Member

@membphis membphis Jun 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

export the API create_validator : https://github.com/apache/incubator-apisix/blob/master/apisix/core/schema.lua#L26

then we can use it to confirm if the input conf is a valid JSON Schema.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand this comment @membphis , ain't coreschema.check internally calls create_validator for validation?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here is the an valid example you provide, the user maybe provide a invalid schema:

"body_schema": {
    "type": "object",
    "required": ["required_payload"],
    "properties": {
            "emum_payload": {
            "type": "string",  # the user maybe specified a wrong type, eg: `str`
            "enum": ["enum_string_1", "enum_string_2"],
            "default": "enum_string_1"
        }
    }
}

here is detail:

image

end


function _M.rewrite(conf)
local headers = ngx.req.get_headers()

if conf.body_schema.properties.header_schema then
sshniro marked this conversation as resolved.
Show resolved Hide resolved
local ok, err = core.schema.check(conf.header_schema, headers)
if not ok then
core.log.error("req schema validation failed", err)
core.response.exit(400, err)
end
end

if not conf.body_schema.properties.body_schema then
sshniro marked this conversation as resolved.
Show resolved Hide resolved
ngx.req.read_body()
local body = ngx.req.get_body_data()

if headers["content-type"] then
if headers["content-type"] == "application/json" then
local data, error = json_decode(body)

if not data then
core.log.error('failed to decode the req body', error)
core.response.exit(400)
return
end

local ok, err = core.schema.check(conf.body_schema, data)
if not ok then
core.log.error("req schema validation failed", err)
core.response.exit(400, err)
end
end
sshniro marked this conversation as resolved.
Show resolved Hide resolved
else
core.response.exit(400)
end
end
end


return _M
1 change: 1 addition & 0 deletions conf/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ plugins: # plugin list
- http-logger
- skywalking
- echo
- request-validation

stream_plugins:
- mqtt-proxy
149 changes: 149 additions & 0 deletions doc/plugins/request-validation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
<!--
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
-->

[Chinese](request-validation-cn.md)

# Summary
- [**Name**](#name)
- [**Attributes**](#attributes)
- [**How To Enable**](#how-to-enable)
- [**Test Plugin**](#test-plugin)
- [**Disable Plugin**](#disable-plugin)
- [**Examples**](#examples)


## Name

`request-validation` plugin validates the requests before forwarding to an upstream service. The validation plugin uses
json-schema to validate the schema. The plugin can be used to validate the headers and body data.

For more information on schema, refer to [JSON schema](https://github.com/api7/jsonschema) for more information.

## Attributes

|Name |Requirement |Description|
|--------- |-------- |-----------|
| header_schema |optional |schema for the header data|
| body_schema |optional |schema for the body data|

## How To Enable

Create a route and enable the request-validation plugin on the route:

```shell
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/get",
"plugins": {
"body_schema": {
sshniro marked this conversation as resolved.
Show resolved Hide resolved
"type": "object",
"required": ["required_payload"],
"properties": {
"required_payload": {"type": "string"},
"boolean_payload": {"type": "boolean"}
}
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:8080": 1
}
}
}
```

## Test Plugin

```shell
curl --header "Content-Type: application/json" \
--request POST \
--data '{"boolean-payload":true,"required_payload":"hello"}' \
http://127.0.0.1:9080/get
```

If the schema is violated the plugin will yield a `400` bad request.

## Disable Plugin

Remove the corresponding json configuration in the plugin configuration to disable the `request-validation`.
APISIX plugins are hot-reloaded, therefore no need to restart APISIX.

```shell
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/get",
"plugins": {
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:8080": 1
}
}
}
```


## Examples:

**Using ENUMS:**

```shell
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should use json here

"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"emum_payload": {
"type": "string",
enum: ["enum_string_1", "enum_string_2"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line should be wrong, it should be "enum":

default = "enum_string_1"
}
}
}
```


**JSON with multiple levels:**

```shell
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

json ditto

"body_schema": {
"type": "object",
"required": ["required_payload"],
"properties": {
"boolean_payload": {"type": "boolean"},
"child_element_name": {
"type": "object",
"properties": {
"http_statuses": {
"type": "array",
"minItems": 1,
"items": {
"type": "integer",
"minimum": 200,
"maximum": 599
},
"uniqueItems": true,
"default": [200, 201, 202, 203]
}
}
}
}
}
```
2 changes: 1 addition & 1 deletion t/admin/plugins.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ __DATA__
--- request
GET /apisix/admin/plugins/list
--- response_body_like eval
qr/\["limit-req","limit-count","limit-conn","key-auth","basic-auth","prometheus","node-status","jwt-auth","zipkin","ip-restriction","grpc-transcode","serverless-pre-function","serverless-post-function","openid-connect","proxy-rewrite","redirect","response-rewrite","fault-injection","udp-logger","wolf-rbac","proxy-cache","tcp-logger","proxy-mirror","kafka-logger","cors","consumer-restriction","syslog","batch-requests","http-logger","skywalking","echo"\]/
qr/\["limit-req","limit-count","limit-conn","key-auth","basic-auth","prometheus","node-status","jwt-auth","zipkin","ip-restriction","grpc-transcode","serverless-pre-function","serverless-post-function","openid-connect","proxy-rewrite","redirect","response-rewrite","fault-injection","udp-logger","wolf-rbac","proxy-cache","tcp-logger","proxy-mirror","kafka-logger","cors","consumer-restriction","syslog","batch-requests","http-logger","skywalking","echo","request-validation"\]/
--- no_error_log
[error]

Expand Down
1 change: 1 addition & 0 deletions t/debug/debug-mode.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ loaded plugin and sort by priority: 10000 name: serverless-pre-function
loaded plugin and sort by priority: 4010 name: batch-requests
loaded plugin and sort by priority: 4000 name: cors
loaded plugin and sort by priority: 3000 name: ip-restriction
loaded plugin and sort by priority: 2800 name: request-validation
loaded plugin and sort by priority: 2599 name: openid-connect
loaded plugin and sort by priority: 2555 name: wolf-rbac
loaded plugin and sort by priority: 2520 name: basic-auth
Expand Down
Loading