[GitHub] [apisix] juzhiyuan commented on a change in pull request #5727: feat: add CSRF plugin

2021-12-30 Thread GitBox 


juzhiyuan commented on a change in pull request #5727:
URL: https://github.com/apache/apisix/pull/5727#discussion_r776939023



##
File path: docs/zh/latest/plugins/csrf.md
##
@@ -65,7 +65,13 @@ curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 
'X-API-KEY: edd1c9f034335
 
 这条路由已经开启保护,当你使用 GET 之外的方法访问,请求会被拦截并返回 401 状态码。
 
-2. 使用 `GET` 请求 `/hello`,在响应中会有一个携带了加密 `token` 的 `Cookie`。Token 字段的名字为插件配置中的 
`name` 值,如果没有配置的话默认值为 `apisix_csrf_token`。
+2. 使用 `GET` 请求 `/hello`,在响应中会有一个携带了加密 `token` 的 `Cookie`。Token 字段的名字为插件配置中的 
`name` 值,如果没有配置的话默认值为 `apisix-csrf-token`。

Review comment:
   ```suggestion
   2. 使用 `GET` 请求 `/hello`,在响应中会有一个携带了加密 `token` 的 `Cookie`。Token 字段的名字为插件配置中的 
`name` 值,如果没有配置该值,那么默认值为 `apisix-csrf-token`。
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] juzhiyuan commented on a change in pull request #5727: feat: add CSRF plugin

2021-12-07 Thread GitBox 


juzhiyuan commented on a change in pull request #5727:
URL: https://github.com/apache/apisix/pull/5727#discussion_r763978097



##
File path: apisix/plugins/csrf.lua
##
@@ -0,0 +1,150 @@
+local core= require("apisix.core")
+local ngx = ngx
+local plugin_name = "csrf"
+local ngx_encode_base64 = ngx.encode_base64
+local ngx_decode_base64 = ngx.decode_base64
+local ck = require "resty.cookie"
+local math = math
+
+local lrucache = core.lrucache.new({
+type = "plugin",
+})
+
+local schema = {
+   type = "object",
+   properties = {
+   key = {
+   description = "use to generate csrf token",
+   type = "string",
+   },
+   expires = {
+   description = "expires time for csrf token",
+   type = "integer",
+   default = 7200
+   },
+name = {

Review comment:
   Format your codes?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org