Copilot commented on code in PR #13240: URL: https://github.com/apache/apisix/pull/13240#discussion_r3099146994
########## docs/en/latest/plugins/basic-auth.md: ########## @@ -32,41 +32,40 @@ description: The basic-auth Plugin adds basic access authentication for Consumer <link rel="canonical" href="https://docs.api7.ai/hub/basic-auth"; /> </head> +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + ## Description The `basic-auth` Plugin adds [basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) for [Consumers](../terminology/consumer.md) to authenticate themselves before being able to access Upstream resources. -When a Consumer is successfully authenticated, APISIX adds additional headers, such as `X-Consumer-Username`, `X-Credential-Indentifier`, and other Consumer custom headers if configured, to the request, before proxying it to the Upstream service. The Upstream service will be able to differentiate between consumers and implement additional logics as needed. If any of these values is not available, the corresponding header will not be added. +When a Consumer is successfully authenticated, APISIX adds additional headers, such as `X-Consumer-Username`, `X-Credential-Identifier`, and other Consumer custom headers if configured, to the request, before proxying it to the Upstream service. The Upstream service will be able to differentiate between consumers and implement additional logics as needed. If any of these values is not available, the corresponding header will not be added. ## Attributes For Consumer/Credentials: -| Name | Type | Required | Description | -|----------|--------|----------|------------------------------------------------------------------------------------------------------------------------| -| username | string | True | Unique basic auth username for a consumer. | -| password | string | True | Basic auth password for the consumer. | - -NOTE: `encrypt_fields = {"password"}` is also defined in the schema, which means that the field will be stored encrypted in etcd. See [encrypted storage fields](../plugin-develop.md#encrypted-storage-fields). +| Name | Type | Required | Default | Valid values | Description | +|------|------|----------|---------|--------------|-------------| +| username | string | True | | | Unique basic auth username for a Consumer. | +| password | string | True | | | Basic auth password for the Consumer. The password is encrypted with AES before being stored in etcd. You can also store it in an environment variable and reference it using the `env://` prefix, or in a secret manager such as HashiCorp Vault's KV secrets engine, and reference it using the `secret://` prefix. | For Route: -| Name | Type | Required | Default | Description | -|------------------|---------|----------|---------|------------------------------------------------------------------------| -| hide_credentials | boolean | False | false | If true, do not pass the authorization request header to Upstream services. | -| anonymous_consumer | boolean | False | false | Anonymous Consumer name. If configured, allow anonymous users to bypass the authentication. | -| realm | string | False | basic | The realm to include in the `WWW-Authenticate` header when authentication fails. | +| Name | Type | Required | Default | Valid values | Description | +|------|------|----------|---------|--------------|-------------| +| hide_credentials | boolean | False | false | | If true, do not pass the authorization request header to Upstream services. | +| anonymous_consumer | string | False | | | Anonymous Consumer name. If configured, allow anonymous users to bypass the authentication. | +| realm | string | False | basic | | Realm in the [`WWW-Authenticate`](https://datatracker.ietf.org/doc/html/rfc7235#section-4.1) response header returned with a `401 Unauthorized` response due to authentication failure. Available in Apache APISIX version 3.15.0 and later. | ## Examples The examples below demonstrate how you can work with the `basic-auth` Plugin for different scenarios. :::note -You can fetch the `admin_key` from `config.yaml` and save to an environment variable with the following command: - ```bash -admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +admin_key=$(yq '.deployment.admin.admin_key[0].key' /usr/local/apisix/conf/config.yaml | sed 's/"//g') Review Comment: The `admin_key` extraction command uses an absolute config path (`/usr/local/apisix/conf/config.yaml`), which is inconsistent with the rest of the docs (most examples use `conf/config.yaml`, e.g., docs/en/latest/admin-api.md:129). Consider reverting to the relative path or explicitly noting that the config path depends on the installation/container layout. ```suggestion admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') ``` ########## docs/zh/latest/plugins/basic-auth.md: ########## @@ -325,6 +835,17 @@ curl -i "http://127.0.0.1:9080/anything"; -u johndoe:john-key 以下示例演示了如何在 `Consumer-Custom-Id` 标头中将消费者自定义 ID 附加到经过身份验证的请求,该 ID 可用于根据需要实现其他逻辑。 Review Comment: 这里描述的是 `Consumer-Custom-Id` 标头,但下方示例响应(以及文件后文)使用的是 `X-Consumer-Custom-Id`。建议统一为同一个标头名称(优先使用示例响应中出现的实际标头名),避免读者误解。 ```suggestion 以下示例演示了如何在 `X-Consumer-Custom-Id` 标头中将消费者自定义 ID 附加到经过身份验证的请求,该 ID 可用于根据需要实现其他逻辑。 ``` ########## docs/en/latest/plugins/basic-auth.md: ########## @@ -327,6 +835,17 @@ Note that the credentials are no longer visible to the Upstream service. The following example demonstrates how you can attach a Consumer custom ID to authenticated request in the `Consumer-Custom-Id` header, which can be used to implement additional logics as needed. Review Comment: This section refers to the `Consumer-Custom-Id` header, but the example response below (and later text in this file) uses `X-Consumer-Custom-Id`. To avoid confusion, make the header name consistent (prefer the actual header name shown in the response). ```suggestion The following example demonstrates how you can attach a Consumer custom ID to authenticated request in the `X-Consumer-Custom-Id` header, which can be used to implement additional logics as needed. ``` ########## docs/zh/latest/plugins/basic-auth.md: ########## @@ -32,47 +32,59 @@ description: basic-auth 插件为消费者添加了基本访问身份验证, <link rel="canonical" href="https://docs.api7.ai/hub/basic-auth"; /> </head> +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + ## 描述 -`basic-auth` 插件为 [消费者](../terminology/consumer.md) 添加了 [基本访问身份验证](https://en.wikipedia.org/wiki/Basic_access_authentication),以便消费者在访问上游资源之前进行身份验证。 +`basic-auth` 插件为[消费者](../terminology/consumer.md)添加了[基本访问身份验证](https://en.wikipedia.org/wiki/Basic_access_authentication),以便消费者在访问上游资源之前进行身份验证。 -当消费者成功通过身份验证后,APISIX 会在将请求代理到上游服务之前向请求添加其他标头,例如 `X-Consumer-Username`、`X-Credential-Indentifier` 和其他消费者自定义标头(如果已配置)。上游服务将能够区分消费者并根据需要实现其他逻辑。如果这些值中的任何一个不可用,则不会添加相应的标头。 +当消费者成功通过身份验证后,APISIX 会在将请求代理到上游服务之前向请求添加其他标头,例如 `X-Consumer-Username`、`X-Credential-Identifier` 和其他消费者自定义标头(如果已配置)。上游服务将能够区分消费者并根据需要实现其他逻辑。如果这些值中的任何一个不可用,则不会添加相应的标头。 ## 属性 Consumer/Credentials 端: -| 名称 | 类型 | 必选项 | 描述 | -| -------- | ------ | -----| ----------------------------------------------------------------------------------------------- | -| username | string | 是 | Consumer 的用户名并且该用户名是唯一,如果多个 Consumer 使用了相同的 `username`,将会出现请求匹配异常。| -| password | string | 是 | 用户的密码。该字段支持使用 [APISIX Secret](../terminology/secret.md) 资源,将值保存在 Secret Manager 中。 | - -注意:schema 中还定义了 `encrypt_fields = {"password"}`,这意味着该字段将会被加密存储在 etcd 中。具体参考 [加密存储字段](../plugin-develop.md#加密存储字段)。 +| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 | +|------|------|--------|--------|--------|------| +| username | string | 是 | | | 消费者的唯一基本认证用户名。 | +| password | string | 是 | | | 消费者的基本认证密码。密码在存储到 etcd 之前会使用 AES 加密。您也可以将其存储在环境变量中并使用 `env://` 前缀引用,或存储在 HashiCorp Vault 等密钥管理器中并使用 `secret://` 前缀引用。 | Route 端: -| 名称 | 类型 | 必选项 | 默认值 | 描述 | -| ---------------- | ------- | ------ | ------ | --------------------------------------------------------------- | -| hide_credentials | boolean | 否 | false | 该参数设置为 `true` 时,则不会将 Authorization 请求头传递给 Upstream。| -| anonymous_consumer | boolean | 否 | false | 匿名消费者名称。如果已配置,则允许匿名用户绕过身份验证。 | -| realm | string | 否 | basic |在身份验证失败时,应包含在 `WWW-Authenticate` 标头中的域。| +| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 | +|------|------|--------|--------|--------|------| +| hide_credentials | boolean | 否 | false | | 若为 `true`,则不将 Authorization 请求标头传递给上游服务。 | +| anonymous_consumer | string | 否 | | | 匿名消费者名称。如果已配置,则允许匿名用户绕过身份验证。 | +| realm | string | 否 | basic | | 在身份验证失败时,`401 Unauthorized` 响应中 [`WWW-Authenticate`](https://datatracker.ietf.org/doc/html/rfc7235#section-4.1) 标头的域值。该参数在 Apache APISIX 3.15.0 及以上版本中可用。 | ## 示例 以下示例演示了如何在不同场景中使用 `basic-auth` 插件。 :::note -您可以这样从 `config.yaml` 中获取 `admin_key` 并存入环境变量: - ```bash -admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +admin_key=$(yq '.deployment.admin.admin_key[0].key' /usr/local/apisix/conf/config.yaml | sed 's/"//g') Review Comment: `admin_key` 获取命令使用了绝对路径(`/usr/local/apisix/conf/config.yaml`),这与仓库中其他文档示例普遍使用的 `conf/config.yaml` 不一致(例如 docs/zh/latest/admin-api.md:132)。建议改回相对路径,或在此处说明不同安装方式下配置文件路径可能不同。 ```suggestion admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
