moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r364045523
##########
File path: lua/apisix/plugins/basic-auth.lua
##########
@@ -0,0 +1,224 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+ type = "object",
+ properties = {
+ enable = { type = "boolean", default = true, enum = { true, false } },
+ },
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+ local key = "/authorizations/" .. username
+ return key
+end
+
+local _M = {
+ version = 0.1,
+ priority = 1802,
+ name = plugin_name,
+ schema = schema,
+}
+
+function _M.check_schema(conf)
+ local ok, err = core.schema.check(schema, conf)
+
+ if not ok then
+ return false, err
+ end
+
+ return true
+end
+
+local function extract_auth_header(authorization)
+
+ local function do_extract(auth)
+ local obj = { username = "", password = "" }
+
+ local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+ if err then
+ -- error authorization
+ return nil, err
+ end
+
+ local decoded = ngx.decode_base64(m[1])
+
+ local res
+ res, err = ngx_re.split(decoded, ":")
+ if err then
+ return nil, "split authorization err:" .. err
+ end
+
+ obj.username = ngx.re.gsub(res[1], "\\s+", "")
+ obj.password = ngx.re.gsub(res[2], "\\s+", "")
+ core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+ return obj, nil
+ end
+
+ local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+ if matcher then
+ return matcher.username, matcher.password, err
+ else
+ return "", "", err
+ end
+
+
+end
+
+function _M.access(conf, ctx)
+ core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+ -- 0. check the plugin is enabled
+ if not conf.enable then
+ return
+ end
+
+
+ -- 1. extract authorization from header
+ local headers = ngx.req.get_headers()
+ if not headers.Authorization then
+ return 401, { message = "authorization is required" }
+ end
+
+ local username, password, err = extract_auth_header(headers.Authorization)
+ if err then
+ return 401, { message = err }
Review comment:
do we need to add response header `WWW-Authenticate` at the same time?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
