Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: forward-auth request body is too large #10425

Closed
wants to merge 15 commits into from
Closed

fix: forward-auth request body is too large #10425

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6befad5
fix:Solve the 403 problem caused by the post request body is too large
lplcc Oct 31, 2023
40b0bf7
move logic to post conditional
shreemaan-abhishek Nov 22, 2023
810b6ba
Merge branch 'master' of github.com:apache/apisix into fix-fw-auth
shreemaan-abhishek Nov 24, 2023
b8ec6cf
add test
shreemaan-abhishek Nov 25, 2023
dba29ea
fix lint
shreemaan-abhishek Nov 25, 2023
3630b1e
add file
shreemaan-abhishek Nov 25, 2023
b61564a
increment
shreemaan-abhishek Nov 25, 2023
f2827e4
fix tabs
shreemaan-abhishek Nov 26, 2023
9dc9eb6
create a file dynamically
shreemaan-abhishek Nov 29, 2023
fb776cb
pass necessary headers
shreemaan-abhishek Nov 30, 2023
68bd5a4
move timeout to better location
shreemaan-abhishek Nov 30, 2023
cf52144
use straight forward upstream
shreemaan-abhishek Nov 30, 2023
87f909c
remove body reading part
shreemaan-abhishek Nov 30, 2023
dae4885
fixes from docs
shreemaan-abhishek Nov 30, 2023
7ea310b
add log
shreemaan-abhishek Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions apisix/plugins/forward-auth.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ function _M.access(conf, ctx)
["X-Forwarded-Host"] = core.request.get_host(ctx),
["X-Forwarded-Uri"] = ctx.var.request_uri,
["X-Forwarded-For"] = core.request.get_remote_client_ip(ctx),
["Expect"] = core.request.header(ctx, "expect"),
["Content-Length"] = core.request.header(ctx, "content-length"),
["Transfer-Encoding"] = core.request.header(ctx, "transfer-encoding")
}

-- append headers that need to be get from the client request header
Expand All @@ -106,18 +109,24 @@ function _M.access(conf, ctx)
method = conf.request_method
}

local httpc = http.new()
httpc:set_timeout(conf.timeout)
if params.method == "POST" then
params.body = core.request.get_body()
local client_body_reader, err = httpc:get_client_body_reader()
if client_body_reader then
params.body = client_body_reader
else
core.log.warn("failed to get client_body_reader. err: ", err,
" using core.request.get_body() instead")
params.body = core.request.get_body()
end
shreemaan-abhishek marked this conversation as resolved.
Show resolved Hide resolved
end

if conf.keepalive then
params.keepalive_timeout = conf.keepalive_timeout
params.keepalive_pool = conf.keepalive_pool
end

local httpc = http.new()
httpc:set_timeout(conf.timeout)

local res, err = httpc:request_uri(conf.uri, params)
if not res and conf.allow_degradation then
return
Expand Down
67 changes: 66 additions & 1 deletion t/plugin/forward-auth.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,14 @@ property "request_method" validation failed: matches none of the enum values
end
end
end
end]],
[[
-- test large body
return function(conf, ctx)
local core = require("apisix.core")
if core.request.get_method() == "POST" and core.request.header(ctx, "Authorization") == "large-body" then
core.response.exit(200)
end
end]]
}
}
Expand Down Expand Up @@ -254,6 +262,25 @@ property "request_method" validation failed: matches none of the enum values
"type": "roundrobin"
}
}]],
},
{
url = "/apisix/admin/routes/7",
data = [[{
"plugins": {
"forward-auth": {
"uri": "http://127.0.0.1:1984/auth",
"request_headers": ["Authorization"],
"request_method": "POST"
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/large-body"
}]],
}
}

Expand All @@ -266,7 +293,7 @@ property "request_method" validation failed: matches none of the enum values
}
}
--- response_body eval
"201passed\n" x 9
"201passed\n" x 10



Expand Down Expand Up @@ -374,3 +401,41 @@ GET /hello
--- more_headers
Authorization: 111
--- error_code: 200



=== TEST 13: test large body
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local http = require("resty.http")
local httpc = http.new()

local tempFileName = os.tmpname()
local file = io.open(tempFileName, "wb")

local fileSizeInBytes = 11 * 1024 * 1024 -- 11MB
for i = 1, fileSizeInBytes do
file:write(string.char(0))
end
file:close()

local large_body = t.read_file(tempFileName)
local uri = "http://127.0.0.1:" .. ngx.var.server_port
.. "/large-body"
local res, err = httpc:request_uri(uri,
{
method = "POST",
body = large_body,
headers = {
["Authorization"] = "large-body",
["Content-Type"] = "application/x-www-form-urlencoded"
}
}
)

ngx.say(res.body)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

2023/12/01 17:40:30 [warn] 92639#13489089: *46 a client request body is buffered to a temporary file /Users/guohao/workspace/apisix/t/servroot/client_body_temp/0000000001, client: 127.0.0.1, server: localhost, request: "POST /auth HTTP/1.1", host: "127.0.0.1:1984"
2023/12/01 17:40:30 [info] 92639#13489089: *46 [lua] request.lua:302: get_body(): attempt to read body from file: /Users/guohao/workspace/apisix/t/servroot/client_body_temp/0000000001, client: 127.0.0.1, server: localhost, request: "POST /auth HTTP/1.1", host: "127.0.0.1:1984"
2023/12/01 17:40:30 [warn] 92639#13489089: *42 [lua] plugin.lua:1159: run_plugin(): forward-auth exits with http status code 400, client: 127.0.0.1, server: localhost, request: "POST /large-body HTTP/1.1", host: "127.0.0.1:1984"
2023/12/01 17:40:30 [warn] 92639#13489089: *3 using uninitialized "upstream_scheme" variable while logging request, client: 127.0.0.1, server: localhost, request: "GET /t HTTP/1.1", host: "localhost"

}
}
--- error_code: 200
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you test the response body or the response header too?

Loading