This is an automated email from the ASF dual-hosted git repository.
tokers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 8282046 feat(client-control): set client_max_body_size dynamically
(#4423)
8282046 is described below
commit 8282046bd894ec185e2b92d94126c9c3235c5d2a
Author: 罗泽轩 <[email protected]>
AuthorDate: Wed Jun 16 17:25:50 2021 +0800
feat(client-control): set client_max_body_size dynamically (#4423)
Signed-off-by: spacewander <[email protected]>
---
apisix/cli/ngx_tpl.lua | 4 +
apisix/cli/ops.lua | 6 +
apisix/plugins/client-control.lua | 75 ++++++++
apisix/upstream.lua | 2 +-
conf/config-default.yaml | 1 +
docs/en/latest/config.json | 3 +-
.../{ext-plugin-pre-req.md => client-control.md} | 34 ++--
docs/en/latest/plugins/ext-plugin-pre-req.md | 2 +-
t/APISIX.pm | 9 +
t/admin/plugins.t | 2 +-
t/core/config.t | 2 +-
t/debug/debug-mode.t | 1 +
t/lib/server.lua | 1 +
t/plugin/client-control.t | 191 +++++++++++++++++++++
14 files changed, 313 insertions(+), 20 deletions(-)
diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua
index 6d48056..42dfaeb 100644
--- a/apisix/cli/ngx_tpl.lua
+++ b/apisix/cli/ngx_tpl.lua
@@ -216,6 +216,10 @@ http {
log_format main escape={* http.access_log_format_escape *} '{*
http.access_log_format *}';
uninitialized_variable_warn off;
+ {% if use_apisix_openresty then %}
+ apisix_delay_client_max_body_check on;
+ {% end %}
+
access_log {* http.access_log *} main buffer=16384 flush=3;
{% end %}
open_file_cache max=1000 inactive=60;
diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index 552e821..300b380 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -393,6 +393,11 @@ Please modify "admin_key" in conf/config.yaml .
with_module_status = false
end
+ local use_apisix_openresty = true
+ if or_info and not or_info:find("apisix-nginx-module", 1, true) then
+ use_apisix_openresty = false
+ end
+
local enabled_plugins = {}
for i, name in ipairs(yaml_conf.plugins) do
enabled_plugins[name] = true
@@ -490,6 +495,7 @@ Please modify "admin_key" in conf/config.yaml .
os_name = util.trim(util.execute_cmd("uname")),
apisix_lua_home = env.apisix_home,
with_module_status = with_module_status,
+ use_apisix_openresty = use_apisix_openresty,
error_log = {level = "warn"},
enabled_plugins = enabled_plugins,
dubbo_upstream_multiplex_count = dubbo_upstream_multiplex_count,
diff --git a/apisix/plugins/client-control.lua
b/apisix/plugins/client-control.lua
new file mode 100644
index 0000000..6e87d26
--- /dev/null
+++ b/apisix/plugins/client-control.lua
@@ -0,0 +1,75 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local require = require
+local core = require("apisix.core")
+local _, apisix_ngx_client = pcall(require, "resty.apisix.client")
+local tonumber = tonumber
+
+
+local schema = {
+ type = "object",
+ properties = {
+ max_body_size = {
+ type = "integer",
+ minimum = 0,
+ },
+ },
+}
+
+
+local plugin_name = "client-control"
+
+
+local _M = {
+ version = 0.1,
+ priority = 22000,
+ name = plugin_name,
+ schema = schema,
+}
+
+
+function _M.check_schema(conf)
+ return core.schema.check(schema, conf)
+end
+
+
+function _M.rewrite(conf, ctx)
+ if not apisix_ngx_client then
+ core.log.error("need to build APISIX-OpenResty to support client
restriction")
+ return 503
+ end
+
+ if conf.max_body_size then
+ local len = tonumber(core.request.header(ctx, "Content-Length"))
+ if len then
+ -- if length is given in the header, check it immediately
+ if conf.max_body_size ~= 0 and len > conf.max_body_size then
+ return 413
+ end
+ end
+
+ -- then check it when reading the body
+ local ok, err =
apisix_ngx_client.set_client_max_body_size(conf.max_body_size)
+ if not ok then
+ core.log.error("failed to set client max body size: ", err)
+ return 503
+ end
+ end
+end
+
+
+return _M
diff --git a/apisix/upstream.lua b/apisix/upstream.lua
index 11b6b60..4262af3 100644
--- a/apisix/upstream.lua
+++ b/apisix/upstream.lua
@@ -35,7 +35,7 @@ if ok then
set_upstream_tls_client_param = apisix_ngx_upstream.set_cert_and_key
else
set_upstream_tls_client_param = function ()
- return nil, "need to build APISIX-Openresty to support upstream mTLS"
+ return nil, "need to build APISIX-OpenResty to support upstream mTLS"
end
end
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index 01b50bb..3065646 100644
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -242,6 +242,7 @@ graphql:
#cmd: ["ls", "-l"]
plugins: # plugin list (sorted by priority)
+ - client-control # priority: 22000
- ext-plugin-pre-req # priority: 12000
- zipkin # priority: 11011
- request-id # priority: 11010
diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json
index 39ff50c..8057eae 100644
--- a/docs/en/latest/config.json
+++ b/docs/en/latest/config.json
@@ -89,7 +89,8 @@
"plugins/proxy-mirror",
"plugins/api-breaker",
"plugins/traffic-split",
- "plugins/request-id"
+ "plugins/request-id",
+ "plugins/client-control"
]
},
{
diff --git a/docs/en/latest/plugins/ext-plugin-pre-req.md
b/docs/en/latest/plugins/client-control.md
similarity index 75%
copy from docs/en/latest/plugins/ext-plugin-pre-req.md
copy to docs/en/latest/plugins/client-control.md
index e5a6fb7..5f1c493 100644
--- a/docs/en/latest/plugins/ext-plugin-pre-req.md
+++ b/docs/en/latest/plugins/client-control.md
@@ -1,5 +1,5 @@
---
-title: ext-plugin-pre-req
+title: client-control
---
<!--
@@ -31,18 +31,16 @@ title: ext-plugin-pre-req
## Name
-The `ext-plugin-pre-req` runs specific external plugins in the plugin runner,
before
-executing any builtin Lua plugins.
+The `client-control` plugin dynamically controls the behavior of Nginx to
+handle the client request.
-To know what is the plugin runner, see [external
plugin](../external-plugin.md) section.
-
-The result of external plugins execution will affect the behavior of the
current request.
+This plugin requires APISIX to run on
[APISIX-OpenResty](../how-to-build.md#6-build-openresty-for-apisix).
## Attributes
| Name | Type | Requirement | Default | Valid
| Description
|
| --------- | ------------- | ----------- | ---------- |
------------------------------------------------------------------------ |
---------------------------------------------------------------------------------------------------------------------------------------------------
|
-| conf | array | optional | | [{"name":
"ext-plugin-A", "value": "{\"enable\":\"feature\"}"}] | The plugins list
which will be executed at the plugin runner with their configuration |
+| max_body_size | integer | optional | | >= 0 |
dynamically set the `client_max_body_size` directive |
## How To Enable
@@ -53,10 +51,9 @@ curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H
'X-API-KEY: edd1c9f03433
{
"uri": "/index.html",
"plugins": {
- "ext-plugin-pre-req": {
- "conf" : [
- {"name": "ext-plugin-A", "value": "{\"enable\":\"feature\"}"}
- ]
+ "client-control": {
+ "max_body_size" : 1
+ }
},
"upstream": {
"type": "roundrobin",
@@ -72,12 +69,19 @@ curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H
'X-API-KEY: edd1c9f03433
Use curl to access:
```shell
-curl -i http://127.0.0.1:9080/index.html
+curl -i http://127.0.0.1:9080/index.html -d '123'
+
+HTTP/1.1 413 Request Entity Too Large
+...
+<html>
+<head><title>413 Request Entity Too Large</title></head>
+<body>
+<center><h1>413 Request Entity Too Large</h1></center>
+<hr><center>openresty</center>
+</body>
+</html>
```
-You will see the configured plugin runner will be hit and plugin `ext-plugin-A`
-is executed at that side.
-
## Disable Plugin
When you want to disable this plugin, it is very simple,
diff --git a/docs/en/latest/plugins/ext-plugin-pre-req.md
b/docs/en/latest/plugins/ext-plugin-pre-req.md
index e5a6fb7..dd5a0cd 100644
--- a/docs/en/latest/plugins/ext-plugin-pre-req.md
+++ b/docs/en/latest/plugins/ext-plugin-pre-req.md
@@ -32,7 +32,7 @@ title: ext-plugin-pre-req
## Name
The `ext-plugin-pre-req` runs specific external plugins in the plugin runner,
before
-executing any builtin Lua plugins.
+executing most of the builtin Lua plugins.
To know what is the plugin runner, see [external
plugin](../external-plugin.md) section.
diff --git a/t/APISIX.pm b/t/APISIX.pm
index 200dd86..c09f6cf 100644
--- a/t/APISIX.pm
+++ b/t/APISIX.pm
@@ -208,6 +208,13 @@ my $grpc_location = <<_EOC_;
}
_EOC_
+my $a6_ngx_directives = "";
+if ($version =~ m/\/apisix-nginx-module/) {
+ $a6_ngx_directives = <<_EOC_;
+ apisix_delay_client_max_body_check on;
+_EOC_
+}
+
add_block_preprocessor(sub {
my ($block) = @_;
my $wait_etcd_sync = $block->wait_etcd_sync // 0.1;
@@ -527,6 +534,8 @@ _EOC_
}
}
+ $a6_ngx_directives
+
server {
listen 1983 ssl;
ssl_certificate cert/apisix.crt;
diff --git a/t/admin/plugins.t b/t/admin/plugins.t
index 8db28ff..61553a3 100644
--- a/t/admin/plugins.t
+++ b/t/admin/plugins.t
@@ -40,7 +40,7 @@ __DATA__
--- request
GET /apisix/admin/plugins/list
--- response_body_like eval
-qr/\["ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","wolf-rbac","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","server-info","traffic-split","redirect","response-rewrite","grpc-transcode","prometheus
[...]
+qr/\["client-control","ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","wolf-rbac","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","server-info","traffic-split","redirect","response-rewrite","grpc-trans
[...]
--- no_error_log
[error]
diff --git a/t/core/config.t b/t/core/config.t
index d5cc0f4..2ffd45c 100644
--- a/t/core/config.t
+++ b/t/core/config.t
@@ -38,7 +38,7 @@ __DATA__
GET /t
--- response_body
etcd host: http://127.0.0.1:2379
-first plugin: "ext-plugin-pre-req"
+first plugin: "client-control"
diff --git a/t/debug/debug-mode.t b/t/debug/debug-mode.t
index f7f201a..08e776b 100644
--- a/t/debug/debug-mode.t
+++ b/t/debug/debug-mode.t
@@ -44,6 +44,7 @@ GET /t
--- response_body
done
--- error_log
+loaded plugin and sort by priority: 22000 name: client-control
loaded plugin and sort by priority: 12000 name: ext-plugin-pre-req
loaded plugin and sort by priority: 11011 name: zipkin
loaded plugin and sort by priority: 11010 name: request-id
diff --git a/t/lib/server.lua b/t/lib/server.lua
index 149ed4b..e762104 100644
--- a/t/lib/server.lua
+++ b/t/lib/server.lua
@@ -31,6 +31,7 @@ end
function _M.hello()
+ ngx.req.read_body()
local s = "hello world"
ngx.header['Content-Length'] = #s + 1
ngx.say(s)
diff --git a/t/plugin/client-control.t b/t/plugin/client-control.t
new file mode 100644
index 0000000..02f74f6
--- /dev/null
+++ b/t/plugin/client-control.t
@@ -0,0 +1,191 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX;
+
+my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
+my $version = eval { `$nginx_binary -V 2>&1` };
+
+if ($version !~ m/\/apisix-nginx-module/) {
+ plan(skip_all => "apisix-nginx-module not installed");
+} else {
+ plan('no_plan');
+}
+
+repeat_each(1);
+log_level('info');
+no_root_location();
+no_shuffle();
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
+ $block->set_value("no_error_log", "[error]");
+ }
+});
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: sanity
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local json = require("toolkit.json")
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "plugins": {
+ "client-control": {
+ "max_body_size": 5
+ }
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 2: hit, failed
+--- request
+POST /hello
+123456
+--- error_code: 413
+
+
+
+=== TEST 3: hit, failed with chunked
+--- more_headers
+Transfer-Encoding: chunked
+--- request eval
+qq{POST /hello
+6\r
+Hello \r
+0\r
+\r
+}
+--- error_code: 413
+--- error_log
+client intended to send too large chunked body
+
+
+
+=== TEST 4: hit
+--- request
+POST /hello
+12345
+
+
+
+=== TEST 5: bad body size
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local json = require("toolkit.json")
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "plugins": {
+ "client-control": {
+ "max_body_size": -1
+ }
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.print(body)
+ }
+}
+--- request
+GET /t
+--- error_code: 400
+--- response_body
+{"error_msg":"failed to check the configuration of plugin client-control err:
property \"max_body_size\" validation failed: expected -1 to be greater than 0"}
+
+
+
+=== TEST 6: 0 means no limit
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local json = require("toolkit.json")
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "plugins": {
+ "client-control": {
+ "max_body_size": 0
+ }
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 7: hit
+--- request
+POST /hello
+1
