Skip to content

Commit

Permalink
feat: rewrite hmac-auth plugin for usability (#11581)
Browse files Browse the repository at this point in the history
  • Loading branch information
Revolyssup authored Sep 19, 2024
1 parent d46737f commit a393320
Show file tree
Hide file tree
Showing 8 changed files with 753 additions and 2,175 deletions.
364 changes: 135 additions & 229 deletions apisix/plugins/hmac-auth.lua

Large diffs are not rendered by default.

21 changes: 8 additions & 13 deletions t/node/consumer-plugin.t
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ GET /t
"key": "consumer-plugin-John_Doe"
},
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key",
"clock_skew": 1
}
Expand Down Expand Up @@ -341,30 +341,25 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/status",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /status",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"
core.log.info("signing_string:", signing_string)

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
122 changes: 46 additions & 76 deletions t/plugin/consumer-restriction.t
Original file line number Diff line number Diff line change
Expand Up @@ -738,7 +738,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -811,29 +811,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -934,29 +929,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -992,7 +982,7 @@ qr/\{"message":"The service_id is forbidden."\}/
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1064,29 +1054,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1158,29 +1143,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1213,7 +1193,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1248,29 +1228,24 @@ location /t {
local ngx_encode_base64 = ngx.encode_base64
local secret_key = "my-secret-key"
local gmt = ngx_http_time(ngx_time)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down Expand Up @@ -1303,7 +1278,7 @@ passed
"username": "jack",
"plugins": {
"hmac-auth": {
"access_key": "my-access-key",
"key_id": "my-access-key",
"secret_key": "my-secret-key"
},
"consumer-restriction": {
Expand Down Expand Up @@ -1340,29 +1315,24 @@ location /t {
local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local key_id = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"

local signing_string = {
"GET",
"/hello",
"",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
key_id,
"GET /hello",
"date: " .. gmt,
"x-custom-header-a: " .. custom_header_a,
"x-custom-header-b: " .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

Expand Down
Loading

0 comments on commit a393320

Please sign in to comment.