starsz commented on code in PR #11095:
URL: https://github.com/apache/apisix/pull/11095#discussion_r1542497230
##########
apisix/plugins/jwe-decrypt.lua:
##########
@@ -71,15 +72,26 @@ function _M.check_schema(conf, schema_type)
return false, err
end
- -- restrict the length of secret, we use A256GCM for encryption,
- -- so the length should be 32 chars only
- if conf.is_base64_encoded then
- if #base64.decode_base64url(conf.secret) ~= 32 then
- return false, "the secret length after base64 decode should
be 32 chars"
- end
- else
- if #conf.secret ~= 32 then
- return false, "the secret length should be 32 chars"
+ local local_conf, err = core.config.local_conf(true)
+ if not local_conf then
+ return false, "failed to load the configuration file: " .. err
+ end
+
+ local encrypted = core.table.try_read_attr(local_conf, "apisix",
"data_encryption",
+ "enable_encrypt_fields") and (core.config.type == "etcd")
Review Comment:
Why do we need to add this ?
I think the `check_schema` is run before the fields encrypted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
