[GitHub] [incubator-apisix] membphis commented on a change in pull request #1095: feature: Add wolf rbac plugin

Sat, 01 Feb 2020 04:07:06 -0800 

membphis commented on a change in pull request #1095: feature: Add wolf rbac 
plugin
URL: https://github.com/apache/incubator-apisix/pull/1095#discussion_r373776579
 
 

 ##########
 File path: lua/apisix/plugins/wolf-rbac.lua
 ##########
 @@ -0,0 +1,376 @@
+
+local core     = require("apisix.core")
+local ck       = require("resty.cookie")
+local consumer = require("apisix.consumer")
+local json     = require("apisix.core.json")
+local ngx_re = require("ngx.re")
+local http     = require("resty.http")
+local ipairs   = ipairs
+local ngx      = ngx
+local plugin_name = "wolf-rbac"
+
+
+local schema = {
+    type = "object",
+    properties = {
+        appid = {
+            type = "string",
+            default = "unset"
+        },
+        server = {
+            type = "string",
+            default = "http://127.0.0.1:10080";
+        },
+    }
+}
+
+local _M = {
+    version = 0.1,
+    priority = 2555,
+    type = 'auth',
+    name = plugin_name,
+    schema = schema,
+}
+
+
+local create_consume_cache
+do
+    local consumer_ids = {}
+
+    function create_consume_cache(consumers)
+        core.table.clear(consumer_ids)
+
+        for _, consumer in ipairs(consumers.nodes) do
+            core.log.info("consumer node: ", core.json.delay_encode(consumer))
+            consumer_ids[consumer.auth_conf.appid] = consumer
+        end
+
+        return consumer_ids
+    end
+
+end -- do
+
+local token_version = 'V1'
+local function create_rbac_token(appid, wolf_token)
+    return token_version .. "#" .. appid .. "#" .. wolf_token
+end
+
+local function parse_rbac_token(rbac_token)
+    local res, err = ngx_re.split(rbac_token, "#", nil, nil, 3)
+    if not res then
+        return { err = err}
+    end
+
+    if #res ~= 3 or res[1] ~= token_version then
+        return { err = 'invalid rbac token: version'}
+    end
+    local appid = res[2]
+    local wolf_token = res[3]
+
+    return {appid = appid, wolf_token = wolf_token}
+end
+
+local function new_headers()
+    local t = {}
+    local lt = {}
+    local _mt = {
+        __index = function(t, k)
+            return rawget(lt, string.lower(k))
+        end,
+        __newindex = function(t, k, v)
+            rawset(t, k, v)
+            rawset(lt, string.lower(k), v)
+        end,
+     }
+    return setmetatable(t, _mt)
+end
+
+-- timeout in ms
+local function http_req(method, uri, body, myheaders, timeout)
+    if myheaders == nil then myheaders = new_headers() end
+
+    local httpc = http.new()
+    if timeout then
+        httpc:set_timeout(timeout)
+    end
+
+    local params = {method = method, headers = myheaders, body = body, 
ssl_verify = false}
+    local res, err = httpc:request_uri(uri, params)
+    if err then
+        core.log.error("FAIL REQUEST [ ",core.json.delay_encode(
+            {method = method, uri = uri, body = body, headers = myheaders}),
+            " ] failed! res is nil, err:", err)
+        return nil, err
+    end
+
+    return res
+end
+
+local function http_get(uri, myheaders, timeout)
+    return http_req("GET", uri, nil, myheaders, timeout)
+end
+
+local function http_post(uri, body, myheaders, timeout)
+    return http_req("POST", uri, body, myheaders, timeout)
+end
+
+local function http_put(uri,  body, myheaders, timeout)
+    return http_req("PUT", uri, body, myheaders, timeout)
+end
+
+function _M.check_schema(conf)
+    core.log.info("input conf: ", core.json.delay_encode(conf))
+
+    local ok, err = core.schema.check(schema, conf)
+    if not ok then
+        return false, err
+    end
+
+    return true
+end
+
+
+local function fetch_rbac_token(ctx)
+    if ctx.var.arg_rbac_token then
+        return ngx.unescape_uri(ctx.var.arg_rbac_token)
+    end
+
+    if ctx.var.http_authorization then
+        return ctx.var.http_authorization
+    end
+
+    if ctx.var.http_x_rbac_token then
+        return ctx.var.http_x_rbac_token
+    end
+
+    return ctx.var['cookie_x-rbac-token']
+end
+
+local function loadjson(str)
+    local ok, jso = pcall(function() return json.decode(str) end)
 
 Review comment:
   please pay attention to `json` and `json.safe`, it is a little different. 
https://github.com/apache/incubator-apisix/blob/master/lua/apisix/core/json.lua#L28
   
   `local data, err = require("cjson.safe").decode(str)`
   so we do not need a `pcall` here.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to