feat: backport hmac-auth plugin refactor

apache · Sep 17, 2024 · 42552bc · 42552bc
1 parent d46737f
commit 42552bc
Show file tree

Hide file tree

Showing 8 changed files with 761 additions and 2,178 deletions.
diff --git a/apisix/plugins/hmac-auth.lua b/apisix/plugins/hmac-auth.lua
diff --git a/t/node/consumer-plugin.t b/t/node/consumer-plugin.t
@@ -341,30 +341,25 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/status",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /status",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
         core.log.info("signing_string:", signing_string)
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 

diff --git a/t/plugin/consumer-restriction.t b/t/plugin/consumer-restriction.t
@@ -738,7 +738,7 @@ passed
                     "username": "jack",
                     "plugins": {
                         "hmac-auth": {
-                            "access_key": "my-access-key",
+                            "key_id": "my-access-key",
                             "secret_key": "my-secret-key"
                         },
                         "consumer-restriction": {
@@ -811,29 +811,24 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 
@@ -934,29 +929,24 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 
@@ -992,7 +982,7 @@ qr/\{"message":"The service_id is forbidden."\}/
                     "username": "jack",
                     "plugins": {
                         "hmac-auth": {
-                            "access_key": "my-access-key",
+                            "key_id": "my-access-key",
                             "secret_key": "my-secret-key"
                         },
                         "consumer-restriction": {
@@ -1064,29 +1054,24 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 
@@ -1158,29 +1143,24 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 
@@ -1213,7 +1193,7 @@ passed
                     "username": "jack",
                     "plugins": {
                         "hmac-auth": {
-                            "access_key": "my-access-key",
+                            "key_id": "my-access-key",
                             "secret_key": "my-secret-key"
                         },
                         "consumer-restriction": {
@@ -1248,29 +1228,24 @@ location /t {
         local ngx_encode_base64 = ngx.encode_base64
         local secret_key = "my-secret-key"
         local gmt = ngx_http_time(ngx_time)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b
 
@@ -1303,7 +1278,7 @@ passed
                     "username": "jack",
                     "plugins": {
                         "hmac-auth": {
-                            "access_key": "my-access-key",
+                            "key_id": "my-access-key",
                             "secret_key": "my-secret-key"
                         },
                         "consumer-restriction": {
@@ -1340,29 +1315,24 @@ location /t {
         local secret_key = "my-secret-key"
         local timestamp = ngx_time()
         local gmt = ngx_http_time(timestamp)
-        local access_key = "my-access-key"
+        local key_id = "my-access-key"
         local custom_header_a = "asld$%dfasf"
         local custom_header_b = "23879fmsldfk"
 
         local signing_string = {
-            "GET",
-            "/hello",
-            "",
-            access_key,
-            gmt,
-            "x-custom-header-a:" .. custom_header_a,
-            "x-custom-header-b:" .. custom_header_b
+            key_id,
+            "GET /hello",
+            "date: " .. gmt,
+            "x-custom-header-a: " .. custom_header_a,
+            "x-custom-header-b: " .. custom_header_b
         }
         signing_string = core.table.concat(signing_string, "\n") .. "\n"
 
         local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
         core.log.info("signature:", ngx_encode_base64(signature))
         local headers = {}
-        headers["X-HMAC-SIGNATURE"] = ngx_encode_base64(signature)
-        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
         headers["Date"] = gmt
-        headers["X-HMAC-ACCESS-KEY"] = access_key
-        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["Authorization"] = "Signature keyId=\"" .. key_id .. "\",algorithm=\"hmac-sha256\"" .. ",headers=\"@request-target date x-custom-header-a x-custom-header-b\",signature=\"" .. ngx_encode_base64(signature) .. "\""
         headers["x-custom-header-a"] = custom_header_a
         headers["x-custom-header-b"] = custom_header_b