membphis commented on a change in pull request #2239: URL: https://github.com/apache/apisix/pull/2239#discussion_r489913483
########## File path: apisix/plugins/hmac-auth.lua ########## @@ -182,13 +201,25 @@ local function generate_signature(ctx, secret_key, params) canonical_query_string = core.table.concat(query_tab, "&") end - local req_body = core.request.get_body() - req_body = req_body or "" + local canonical_headers = "" + + core.log.info("all headers: ", core.json.encode(core.request.headers(), true)) Review comment: `core.request.headers(ctx)` we should pass the `ctx` for better performance ########## File path: apisix/plugins/hmac-auth.lua ########## @@ -182,13 +201,25 @@ local function generate_signature(ctx, secret_key, params) canonical_query_string = core.table.concat(query_tab, "&") end - local req_body = core.request.get_body() - req_body = req_body or "" + local canonical_headers = "" + + core.log.info("all headers: ", core.json.encode(core.request.headers(), true)) + + for _, h in pairs(params.signed_headers) do + canonical_headers = canonical_headers .. (core.request.header(ctx, h) or "") + core.log.info("canonical_headers:", canonical_headers, + " header:", core.json.encode(h), Review comment: bad indentation ########## File path: apisix/plugins/hmac-auth.lua ########## @@ -182,13 +201,25 @@ local function generate_signature(ctx, secret_key, params) canonical_query_string = core.table.concat(query_tab, "&") end - local req_body = core.request.get_body() - req_body = req_body or "" + local canonical_headers = "" + + core.log.info("all headers: ", core.json.encode(core.request.headers(), true)) + + for _, h in pairs(params.signed_headers) do + canonical_headers = canonical_headers .. (core.request.header(ctx, h) or "") Review comment: `canonical_headers` can be an array object, then we can use `table.insert` and `table.concat` way, which is better performance ########## File path: apisix/plugins/hmac-auth.lua ########## @@ -182,13 +201,25 @@ local function generate_signature(ctx, secret_key, params) canonical_query_string = core.table.concat(query_tab, "&") end - local req_body = core.request.get_body() - req_body = req_body or "" + local canonical_headers = "" + + core.log.info("all headers: ", core.json.encode(core.request.headers(), true)) + + for _, h in pairs(params.signed_headers) do Review comment: I think we should use `ipairs` here ########## File path: apisix/plugins/hmac-auth.lua ########## @@ -264,18 +310,22 @@ local function get_params(ctx) local auth_data = ngx_re.split(auth_string, "#") core.log.info("auth_string: ", auth_string, " #auth_data: ", #auth_data, " auth_data: ", core.json.delay_encode(auth_data)) - if #auth_data == 5 and auth_data[1] == "hmac-auth-v1" then + if #auth_data == 6 and auth_data[1] == "hmac-auth-v2" then ak = auth_data[2] signature = auth_data[3] algorithm = auth_data[4] timestamp = auth_data[5] + signed_headers = auth_data[6] end end params.access_key = ak params.algorithm = algorithm params.signature = signature params.timestamp = timestamp or 0 + params.signed_headers = ngx_re.split(signed_headers or "", ";") Review comment: if the `signed_headers` is `nil`, I think `params.signed_headers` is `nil`. it is an optional field. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org