Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(hmac-auth): hmac-auth plugin sort array param #6314

Merged
merged 4 commits into from
Feb 16, 2022
Merged

fix(hmac-auth): hmac-auth plugin sort array param #6314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cb82fb8
hmac-auth plugin sort array param
Feb 14, 2022
f2390f4
handle boolean value in array param
Feb 15, 2022
6d1cdd3
add testcase
Feb 15, 2022
d55b932
remove extra ONLY comment in testcase
Feb 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions apisix/plugins/hmac-auth.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,16 @@ local function generate_signature(ctx, secret_key, params)

-- whether to encode the uri parameters
if type(param) == "table" then
local vals = {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i wonder that why not use table.new

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just keep the same code style like table keys

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not necessary to keep old code style here. We can specify the initialization size when we create a new table by using core.table.new(narray, nhash)

for _, val in pairs(param) do
if type(val) == "boolean" then
val = ""
end
core.table.insert(vals, val)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remember to convert boolean to '' before sorting. table.sort only supports sorting in the same type.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

end
core.table.sort(vals)

for _, val in pairs(vals) do
core.table.insert(query_tab, encode_or_not(key) .. "=" .. encode_or_not(val))
end
else
Expand Down
61 changes: 61 additions & 0 deletions t/plugin/hmac-auth3.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -532,3 +532,64 @@ plugin_attr:
}
--- response_body
passed



=== TEST 10: Test sort table param.
--- config
location /t {
content_by_lua_block {
local ngx_time = ngx.time
local ngx_http_time = ngx.http_time
local core = require("apisix.core")
local t = require("lib.test_admin")
local hmac = require("resty.hmac")
local ngx_encode_base64 = ngx.encode_base64

local secret_key = "my-secret-key"
local timestamp = ngx_time()
local gmt = ngx_http_time(timestamp)
local access_key = "my-access-key"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
local body = "{\"name\": \"world\"}"

local signing_string = {
"POST",
"/hello",
"a=&a=1&a=2&a1a=123&c=&name=123",
access_key,
gmt,
"x-custom-header-a:" .. custom_header_a,
"x-custom-header-b:" .. custom_header_b
}
signing_string = core.table.concat(signing_string, "\n") .. "\n"
core.log.info("signing_string:", signing_string)

local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
local body_digest = hmac:new(secret_key, hmac.ALGOS.SHA256):final(body)

core.log.info("signature:", ngx_encode_base64(signature))
local headers = {}
headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
headers["Date"] = gmt
headers["X-HMAC-DIGEST"] = ngx_encode_base64(body_digest)
headers["X-HMAC-ACCESS-KEY"] = access_key
headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
headers["x-custom-header-a"] = custom_header_a
headers["x-custom-header-b"] = custom_header_b

local code, body = t.test('/hello?c=&a1a=123&name=123&a&a=2&a=1',
ngx.HTTP_POST,
body,
nil,
headers
)

ngx.status = code
ngx.say(body)
}
}
--- response_body
passed