Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: rewrite hmac-auth plugin for usability #11581

Merged
merged 8 commits into from
Sep 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
364 changes: 135 additions & 229 deletions apisix/plugins/hmac-auth.lua

Large diffs are not rendered by default.

21 changes: 8 additions & 13 deletions t/node/consumer-plugin.t
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ GET /t
"key": "consumer-plugin-John_Doe"
},
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key",
"clock_skew": 1
}
Expand Down Expand Up @@ -341,30 +341,25 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/status",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /status",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"
core.log.info("signing_string:", signing_string)

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
122 changes: 46 additions & 76 deletions t/plugin/consumer-restriction.t
Original file line number Diff line number Diff line change
Expand Up @@ -738,7 +738,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -811,29 +811,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -934,29 +929,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -992,7 +982,7 @@ qr/\{"message":"The service_id is forbidden."\}/
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1064,29 +1054,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1158,29 +1143,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1213,7 +1193,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1248,29 +1228,24 @@ location /t {
local ngx_encode_base64 = ngx.encode_base64
local secret_key = "my-secret-key"
local gmt = ngx_http_time(ngx_time)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1303,7 +1278,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1340,29 +1315,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
Loading
Loading