Sounds good.
*ZhengSong Tu* My GitHub: https://github.com/tzssangglass Apache APISIX: https://github.com/apache/apisix Zexuan Luo <spacewan...@apache.org> 于2021年12月27日周一 10:38写道: > > APISIX allows developers to expose public APIs in the plugins. By > default, every client can access the API. > > Currently, we can protect these public APIs by the plugin interceptors. > https://apisix.apache.org/docs/apisix/plugin-interceptors > > There is a problem with the plugin interceptors: you need to implement > them by yourself. > > So here comes a new idea: > We can introduce a new plugin called 'public-api' to forward the > public API, for example: > > ``` > $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: > edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d ' > { > "plugins": { > "ip-restriction": { > "whitelist": ["10.0.0.0/24"] > }, > "public-api": { > } > }, > "uri": "/apisix/my_plugin/api" > }' > ``` > > First of all, we need to make the regular routes match happen before > the API routes. > Then, when handling the 'public-api' plugin, we will do API routes > lookup and call the public API handler if matched. > Therefore, any protection available in regular routes (like cors) can > be used with the API routes. > > What about your opinions?
