[GitHub] [incubator-apisix] KowloonZh opened a new pull request #1029: feat: add basic-auth plugin
KowloonZh opened a new pull request #1029: feat: add basic-auth plugin URL: https://github.com/apache/incubator-apisix/pull/1029 Signed-off-by: zhangjiulong NOTE: Please read the Contributing.md guidelines before submitting your patch: https://github.com/apache/incubator-apisix/blob/master/Contributing.md#how-to-add-a-new-feature-or-change-an-existing-one ### Summary Add basic-auth plugin for apisix ### Full changelog * [API for users to dynamically add and query basic authorization information] * [Verify basic authrization during the access phase] * ... ### Issues resolved This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363635066
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
Review comment:
I think the properties should be
```
username = {type = "string"},
password = {type = "string"}
```
otherwise how to set user and password using admin API?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363630772
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
Review comment:
`rapidjson` was dropped in Apache APISIX, so we can remove those comments.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363641339
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,224 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
+end
+
+-- 2. get user info from etcd
+local res = authorizations_etcd:get(username)
+if res == nil then
+return 401, { message = "failed to find authorization from etcd" }
+end
+
+-- 3. check user exists
+if not res.value or not res.value.id then
+return 401, { message = "user is not found" }
+end
+
+local value = res.value
+
+-- 4. check the password is correct
+if value.password ~= password then
+return 401, { message = "password is error" }
+end
+
+
+core.log.info("hit basic-auth access")
+end
+
+
+local function set_auth()
+local body_table = {}
+-- read_body can not use in log_by_lua
+if ngx.re.find(ngx.req.get_headers()["Content-Type"] or "",
"application/json") then
+ngx.req.read_body()
+
+local body_data = ngx.req.get_body_data()
+if body_data ~= nil then
+body_table = json.decode(body_data)
+end
+
+else
+body_table = ngx.req.get_post_args()
+end
+
+local username = body_table["username"]
+local password = body_table["password"]
+
+if not username or not password then
+core.response.exit(200, "username,password is required")
+end
+
+local key = gen_key(username)
+
+local res, err = core.etcd.set(key, { username = username, password =
password })
+if not res then
+core.response.exit(500, err)
+end
+
Review comment:
plugin don't know the exist of etcd, which should be deal with admin API and
core.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363640273
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
+end
+
+-- 2. get user info from etcd
+local res = authorizations_etcd:get(username)
+if res == nil then
+return 401, { message = "failed to find authorization from etcd" }
+end
+
+-- 3. check user exists
+if not res.value or not res.value.id then
+return 401, { message = "user is not found" }
+end
+
+local value = res.value
+core.log.info("etcd value: ", core.json.delay_encode(value))
+
+-- 4. check the password is correct
+if value.password ~= password then
+return 401, { message = "password is error" }
+end
+
+
+core.log.info("hit basic-auth access")
+end
+
+
+local function set_auth()
+local body_table = {}
+-- read_body can not use in log_by_lua
+if ngx.re.find(ngx.req.get_headers()["Content-Type"] or "",
"application/json") then
+ngx.req.read_body()
+
+local body_data = ngx.req.get_body_data()
+if body_data ~= nil then
+body_table = json.decode(body_data)
+end
+
+else
+body_table = ngx.req.get_post_args()
+end
+
+local username = body_table["username"]
+local password = body_table["password"]
+
+if not username or not password then
+core.response.exit(200, "username,password is required")
+end
+
+local key = gen_key(username)
+
+local res, err = core.etcd.set(key, { username = username, password =
password })
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+local function get_auth()
+local request_table = ngx.req.get_uri_args() or {}
+
+if not request_table["username"] then
+core.response.exit(200, "username is required")
+end
+
+local username = request_table["username"]
+
+local key = gen_key(username)
+
+local res, err = core.etcd.get(key)
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+-- curl 'http://127.0.0.1:9080/apisix/plugin/basic-auth/set' -H
"Content-Type:application/json" -d '{"username":"foo","password":"bar"}'
+
+function _M.api()
+return {
+{
+methods = { "GET" },
+uri =
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363636622
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
Review comment:
Apache APISIX will not run this plugin if not enabled, so we can remove this
check.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363631623
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
Review comment:
the priority of auth plugin is begin from 2500, for example
https://github.com/apache/incubator-apisix/blob/master/lua/apisix/plugins/jwt-auth.lua#L44
and
https://github.com/apache/incubator-apisix/blob/master/lua/apisix/plugins/key-auth.lua#L33
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363630195
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
Review comment:
please add ASF header like
https://github.com/apache/incubator-apisix/blob/master/lua/apisix.lua#L1
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363642299
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,224 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
+end
+
+-- 2. get user info from etcd
+local res = authorizations_etcd:get(username)
+if res == nil then
+return 401, { message = "failed to find authorization from etcd" }
+end
+
+-- 3. check user exists
+if not res.value or not res.value.id then
+return 401, { message = "user is not found" }
+end
+
+local value = res.value
+
+-- 4. check the password is correct
+if value.password ~= password then
+return 401, { message = "password is error" }
+end
+
+
+core.log.info("hit basic-auth access")
+end
+
+
+local function set_auth()
Review comment:
this function is useless too.
The admin API can do it's job, and don't need to write code in the plugin
side.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363639806
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
+end
+
+-- 2. get user info from etcd
+local res = authorizations_etcd:get(username)
+if res == nil then
+return 401, { message = "failed to find authorization from etcd" }
+end
+
+-- 3. check user exists
+if not res.value or not res.value.id then
+return 401, { message = "user is not found" }
+end
+
+local value = res.value
+core.log.info("etcd value: ", core.json.delay_encode(value))
+
+-- 4. check the password is correct
+if value.password ~= password then
+return 401, { message = "password is error" }
+end
+
+
+core.log.info("hit basic-auth access")
+end
+
+
+local function set_auth()
+local body_table = {}
+-- read_body can not use in log_by_lua
+if ngx.re.find(ngx.req.get_headers()["Content-Type"] or "",
"application/json") then
+ngx.req.read_body()
+
+local body_data = ngx.req.get_body_data()
+if body_data ~= nil then
+body_table = json.decode(body_data)
+end
+
+else
+body_table = ngx.req.get_post_args()
+end
+
+local username = body_table["username"]
+local password = body_table["password"]
+
+if not username or not password then
+core.response.exit(200, "username,password is required")
+end
+
+local key = gen_key(username)
+
+local res, err = core.etcd.set(key, { username = username, password =
password })
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+local function get_auth()
+local request_table = ngx.req.get_uri_args() or {}
+
+if not request_table["username"] then
+core.response.exit(200, "username is required")
+end
+
+local username = request_table["username"]
+
+local key = gen_key(username)
+
+local res, err = core.etcd.get(key)
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+-- curl 'http://127.0.0.1:9080/apisix/plugin/basic-auth/set' -H
"Content-Type:application/json" -d '{"username":"foo","password":"bar"}'
+
+function _M.api()
+return {
+{
+methods = { "GET" },
+uri =
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363637753
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
Review comment:
recommand use `local auth_header = core.request.header(ctx, "Authorization")`
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363640469
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,225 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
+end
+
+-- 2. get user info from etcd
+local res = authorizations_etcd:get(username)
+if res == nil then
+return 401, { message = "failed to find authorization from etcd" }
+end
+
+-- 3. check user exists
+if not res.value or not res.value.id then
+return 401, { message = "user is not found" }
+end
+
+local value = res.value
+core.log.info("etcd value: ", core.json.delay_encode(value))
+
+-- 4. check the password is correct
+if value.password ~= password then
+return 401, { message = "password is error" }
+end
+
+
+core.log.info("hit basic-auth access")
+end
+
+
+local function set_auth()
+local body_table = {}
+-- read_body can not use in log_by_lua
+if ngx.re.find(ngx.req.get_headers()["Content-Type"] or "",
"application/json") then
+ngx.req.read_body()
+
+local body_data = ngx.req.get_body_data()
+if body_data ~= nil then
+body_table = json.decode(body_data)
+end
+
+else
+body_table = ngx.req.get_post_args()
+end
+
+local username = body_table["username"]
+local password = body_table["password"]
+
+if not username or not password then
+core.response.exit(200, "username,password is required")
+end
+
+local key = gen_key(username)
+
+local res, err = core.etcd.set(key, { username = username, password =
password })
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+local function get_auth()
+local request_table = ngx.req.get_uri_args() or {}
+
+if not request_table["username"] then
+core.response.exit(200, "username is required")
+end
+
+local username = request_table["username"]
+
+local key = gen_key(username)
+
+local res, err = core.etcd.get(key)
+if not res then
+core.response.exit(500, err)
+end
+
+core.response.exit(res.status, res.body)
+end
+
+-- curl 'http://127.0.0.1:9080/apisix/plugin/basic-auth/set' -H
"Content-Type:application/json" -d '{"username":"foo","password":"bar"}'
+
+function _M.api()
+return {
+{
+methods = { "GET" },
+uri =
[GitHub] [incubator-apisix] moonming commented on issue #1029: feat: add basic-auth plugin
moonming commented on issue #1029: feat: add basic-auth plugin URL: https://github.com/apache/incubator-apisix/pull/1029#issuecomment-571500623 you can take a look admin API in test cases: https://github.com/apache/incubator-apisix/blob/master/t/plugin/key-auth.t#L71 and https://github.com/apache/incubator-apisix/blob/master/t/plugin/key-auth.t#L114 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix-dashboard] juzhiyuan commented on issue #116: upstream page displays table error
juzhiyuan commented on issue #116: upstream page displays table error URL: https://github.com/apache/incubator-apisix-dashboard/issues/116#issuecomment-571505959 Thanks for your issues found :) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] membphis opened a new pull request #1030: bugfix: use current folder as working space for developer.
membphis opened a new pull request #1030: bugfix: use current folder as working space for developer. URL: https://github.com/apache/incubator-apisix/pull/1030 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] agile6v opened a new pull request #1031: doc: fixed typos
agile6v opened a new pull request #1031: doc: fixed typos URL: https://github.com/apache/incubator-apisix/pull/1031 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r363721623
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,224 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
Review comment:
`type = 'auth',` is required for auth plugin.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming merged pull request #1030: bugfix: use current folder as working space only for developer.
moonming merged pull request #1030: bugfix: use current folder as working space only for developer. URL: https://github.com/apache/incubator-apisix/pull/1030 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[incubator-apisix] branch master updated: bugfix: use current folder as working space for developer. (#1030)
This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git
The following commit(s) were added to refs/heads/master by this push:
new ab86830 bugfix: use current folder as working space for developer.
(#1030)
ab86830 is described below
commit ab86830f0f909e9dcb68a4eeed7a8ff15f8e08ff
Author: YuanSheng Wang
AuthorDate: Tue Jan 7 20:18:25 2020 +0800
bugfix: use current folder as working space for developer. (#1030)
---
bin/apisix | 26 +-
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/bin/apisix b/bin/apisix
index b9de45b..5fae3ed 100755
--- a/bin/apisix
+++ b/bin/apisix
@@ -17,7 +17,7 @@
-- limitations under the License.
--
-local script_path = debug.getinfo(1).source:sub(2)
+local script_path = arg[0]
local function trim(s)
return (s:gsub("^%s*(.-)%s*$", "%1"))
@@ -38,18 +38,18 @@ end
excute_cmd("install -d -m 777 /tmp/apisix_cores/")
local apisix_home = "/usr/local/apisix"
-if script_path:sub(1, 17) == '/usr/local/apisix' or script_path:sub(1, 4) ==
'/bin' then
-package.cpath = "/usr/local/apisix/deps/lib64/lua/5.1/?.so;"
-.. "/usr/local/apisix/deps/lib/lua/5.1/?.so;"
-.. package.cpath
-
-package.path = "/usr/local/apisix/deps/share/lua/5.1/apisix/lua/?.lua;"
-.. "/usr/local/apisix/deps/share/lua/5.1/?.lua;"
-.. "/usr/share/lua/5.1/apisix/lua/?.lua;"
-.. "/usr/local/share/lua/5.1/apisix/lua/?.lua;"
-.. package.path
-
-else
+package.cpath = "/usr/local/apisix/deps/lib64/lua/5.1/?.so;"
+.. "/usr/local/apisix/deps/lib/lua/5.1/?.so;"
+.. package.cpath
+
+package.path = "/usr/local/apisix/deps/share/lua/5.1/apisix/lua/?.lua;"
+.. "/usr/local/apisix/deps/share/lua/5.1/?.lua;"
+.. "/usr/share/lua/5.1/apisix/lua/?.lua;"
+.. "/usr/local/share/lua/5.1/apisix/lua/?.lua;"
+.. package.path
+
+-- only for developer, use current folder as working space
+if script_path:sub(1, 2) == './' then
apisix_home = pwd
package.cpath = pwd .. "/deps/lib64/lua/5.1/?.so;"
.. package.cpath
[incubator-apisix] branch master updated: doc: fixed typos (#1031)
This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 40d9351 doc: fixed typos (#1031)
40d9351 is described below
commit 40d9351ed8fa672fc242562511ffaf5efda1dacf
Author: agile6v
AuthorDate: Tue Jan 7 20:17:47 2020 +0800
doc: fixed typos (#1031)
---
Makefile | 2 +-
doc/README.md | 2 +-
doc/admin-api.md | 10 +-
doc/architecture-design-cn.md | 2 +-
lua/apisix/plugins/prometheus/exporter.lua | 2 +-
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/Makefile b/Makefile
index acd6189..bd60e0c 100644
--- a/Makefile
+++ b/Makefile
@@ -56,7 +56,7 @@ else
endif
-### utils:Installation tools
+### utils:Installation tools
.PHONY: utils
utils:
ifeq ("$(wildcard utils/lj-releng)", "")
diff --git a/doc/README.md b/doc/README.md
index e6b9a30..1b73bfe 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -49,7 +49,7 @@ Plugins
* [proxy-rewrite](plugins/proxy-rewrite.md): Rewrite upstream request
information.
* [prometheus](plugins/prometheus.md): Expose metrics related to APISIX and
proxied upstream services in Prometheus exposition format, which can be scraped
by a Prometheus Server.
* [OpenTracing](plugins/zipkin.md): Supports Zikpin and Apache SkyWalking.
-* [grpc-transcode](plugins/grpc-transcoding.md): REST <--> gRPC transcoding。
+* [grpc-transcode](plugins/grpc-transcoding.md): REST <--> gRPC transcoding.
* [serverless](plugins/serverless.md):Allows to dynamically run Lua code at
*different* phase in APISIX.
* [ip-restriction](plugins/ip-restriction.md): IP whitelist/blacklist.
* openid-connect
diff --git a/doc/admin-api.md b/doc/admin-api.md
index af2060a..bdc2a3a 100644
--- a/doc/admin-api.md
+++ b/doc/admin-api.md
@@ -50,7 +50,7 @@ Table of contents
|Parameter |Required |Type |Description|Example|
|-|-||---||
|desc |False |Auxiliary |Identifies route names, usage scenarios, and
more.|customer |
-|uri |True |Match Rules|In addition to full matching such as
`/foo/bar`、`/foo/gloo`, using different
[Router](architecture-design-cn.md#router) allows more advanced matching, see
[Router](architecture-design-cn.md#router) for more.|"/hello"|
+|uri |True |Match Rules|In addition to full matching such as
`/foo/bar`、`/foo/gloo`, using different [Router](architecture-design.md#router)
allows more advanced matching, see [Router](architecture-design.md#router) for
more.|"/hello"|
|host |False |Match Rules|Currently requesting a domain name, such as
`foo.com`; pan-domain names such as `*.foo.com` are also supported.|"foo.com"|
|hosts|False |Match Rules|The `host` in the form of a list means that
multiple different hosts are allowed, and match any one of them.|{"foo.com",
"*.bar.com"}|
|remote_addr|False |Match Rules|The client requests an IP address:
`192.168.1.101`, `192.168.1.102`, and CIDR format support `192.168.1.0/24`. In
particular, APISIX also fully supports IPv6 address matching: `::1`, `fe80::1`,
`fe80::1/64`, etc.|"192.168.1.0/24"|
@@ -59,10 +59,10 @@ Table of contents
|priority |False |Match Rules|If different routes contain the same `uri`,
determine which route is matched first based on the attribute` priority`, the
default value is 0.|priority = 10|
|vars |False |Match Rules (only `radixtree` route is supported)|A list
of one or more `{var, operator, val}` elements, like this: `{{var, operator,
val}, {var, operator, val}, ...}`. For example: `{"arg_name", "==", "json"}`
means that the current request parameter `name` is `json`. The `var` here is
consistent with the internal variable name of Nginx, so you can also use
`request_uri`, `host`, etc. For the operator part, the currently supported
operators are `==`, `~=`,`>`, `<`, [...]
|filter_func|False|Match Rules|User-defined filtering function. You can use it
to achieve matching requirements for special scenarios. This function accepts
an input parameter named `vars` by default, which you can use to get Nginx
variables.|function(vars) return vars["arg_name"] == "json" end|
-|plugins |False |Plugin|See [Plugin](architecture-design-cn.md#plugin) for
more ||
-|upstream |False |Upstream|Enabled Upstream configuration, see
[Upstream](architecture-design-cn.md#upstream) for more||
-|upstream_id|False |Upstream|Enabled upstream id, see
[Upstream](architecture-design-cn.md#upstream) for more ||
-|service_id|False |Service|Binded Service configuration, see
[Service](architecture-design-cn.md#service) for more ||
+|plugins |False |Plugin|See [Plugin](architecture-design.md#plugin) for more
||
+|upstream |False |Upstream|Enabled Upstream configuration, see
[Upstream](architecture
[GitHub] [incubator-apisix] moonming merged pull request #1031: doc: fixed typos
moonming merged pull request #1031: doc: fixed typos URL: https://github.com/apache/incubator-apisix/pull/1031 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] moonming commented on issue #1031: doc: fixed typos
moonming commented on issue #1031: doc: fixed typos URL: https://github.com/apache/incubator-apisix/pull/1031#issuecomment-571563524 merged. thx This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [incubator-apisix] moonming commented on a change in pull request #1029: feat: add basic-auth plugin
moonming commented on a change in pull request #1029: feat: add basic-auth
plugin
URL: https://github.com/apache/incubator-apisix/pull/1029#discussion_r364045523
##
File path: lua/apisix/plugins/basic-auth.lua
##
@@ -0,0 +1,224 @@
+local core = require("apisix.core")
+local ngx = ngx
+local ngx_re = require("ngx.re")
+local json = require("apisix.core.json")
+
+local authorizations_etcd
+
+local lrucache = core.lrucache.new({
+ttl = 300, count = 512
+})
+
+-- You can follow this document to write schema:
+-- https://github.com/Tencent/rapidjson/blob/master/bin/draft-04/schema
+-- rapidjson not supported `format` in draft-04 yet
+local schema = {
+type = "object",
+properties = {
+enable = { type = "boolean", default = true, enum = { true, false } },
+},
+}
+
+local plugin_name = "basic-auth"
+
+local function gen_key(username)
+local key = "/authorizations/" .. username
+return key
+end
+
+local _M = {
+version = 0.1,
+priority = 1802,
+name = plugin_name,
+schema = schema,
+}
+
+function _M.check_schema(conf)
+local ok, err = core.schema.check(schema, conf)
+
+if not ok then
+return false, err
+end
+
+return true
+end
+
+local function extract_auth_header(authorization)
+
+local function do_extract(auth)
+local obj = { username = "", password = "" }
+
+local m, err = ngx.re.match(auth, "Basic\\s(.+)")
+if err then
+-- error authorization
+return nil, err
+end
+
+local decoded = ngx.decode_base64(m[1])
+
+local res
+res, err = ngx_re.split(decoded, ":")
+if err then
+return nil, "split authorization err:" .. err
+end
+
+obj.username = ngx.re.gsub(res[1], "\\s+", "")
+obj.password = ngx.re.gsub(res[2], "\\s+", "")
+core.log.info("plugin access phase, authorization: ", obj.username, ":
", obj.password)
+
+return obj, nil
+end
+
+local matcher, err = lrucache(authorization, nil, do_extract,
authorization)
+
+if matcher then
+return matcher.username, matcher.password, err
+else
+return "", "", err
+end
+
+
+end
+
+function _M.access(conf, ctx)
+core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+-- 0. check the plugin is enabled
+if not conf.enable then
+return
+end
+
+
+-- 1. extract authorization from header
+local headers = ngx.req.get_headers()
+if not headers.Authorization then
+return 401, { message = "authorization is required" }
+end
+
+local username, password, err = extract_auth_header(headers.Authorization)
+if err then
+return 401, { message = err }
Review comment:
do we need to add response header `WWW-Authenticate` at the same time?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] membphis opened a new pull request #1032: CLI: only used original Lua package path.
membphis opened a new pull request #1032: CLI: only used original Lua package path. URL: https://github.com/apache/incubator-apisix/pull/1032 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[incubator-apisix] branch master updated: plugin(prometheus): added new field (#1028)
This is an automated email from the ASF dual-hosted git repository.
membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 21c06b3 plugin(prometheus): added new field (#1028)
21c06b3 is described below
commit 21c06b3cc43b62e45f8813f6dd22f24bae702ee1
Author: YuanSheng Wang
AuthorDate: Wed Jan 8 14:00:31 2020 +0800
plugin(prometheus): added new field (#1028)
feature: added `router_id` for http code metric.
feature: added `hostname` for nginx connection metric.
---
lua/apisix/plugins/prometheus/exporter.lua | 27 ---
t/plugin/prometheus.t | 113 -
2 files changed, 125 insertions(+), 15 deletions(-)
diff --git a/lua/apisix/plugins/prometheus/exporter.lua
b/lua/apisix/plugins/prometheus/exporter.lua
index 691d7a6..81ff31e 100644
--- a/lua/apisix/plugins/prometheus/exporter.lua
+++ b/lua/apisix/plugins/prometheus/exporter.lua
@@ -47,7 +47,7 @@ function _M.init()
-- per service
metrics.status = prometheus:counter("http_status",
"HTTP status codes per service in APISIX",
-{"code", "service", "node"})
+{"code", "route", "service", "node"})
metrics.latency = prometheus:histogram("http_latency",
"HTTP request latency per service in APISIX",
@@ -55,31 +55,34 @@ function _M.init()
metrics.bandwidth = prometheus:counter("bandwidth",
"Total bandwidth in bytes consumed per service in APISIX",
-{"type", "service", "node"})
+{"type", "route", "service", "node"})
end
function _M.log(conf, ctx)
local vars = ctx.var
-local service_name
-if ctx.matched_route and ctx.matched_route.value then
-service_name = ctx.matched_route.value.desc or
- ctx.matched_route.value.id
+local route_id = ""
+local balancer_ip = ctx.balancer_ip
+local service_id
+
+local matched_route = ctx.matched_route and ctx.matched_route.value
+if matched_route then
+service_id = matched_route.service_id or ""
+route_id = matched_route.id
else
-service_name = vars.host
+service_id = vars.host
end
-local balancer_ip = ctx.balancer_ip
-metrics.status:inc(1, vars.status, service_name, balancer_ip)
+metrics.status:inc(1, vars.status, route_id, service_id, balancer_ip)
local latency = (ngx.now() - ngx.req.start_time()) * 1000
-metrics.latency:observe(latency, "request", service_name, balancer_ip)
+metrics.latency:observe(latency, "request", service_id, balancer_ip)
-metrics.bandwidth:inc(vars.request_length, "ingress", service_name,
+metrics.bandwidth:inc(vars.request_length, "ingress", route_id, service_id,
balancer_ip)
-metrics.bandwidth:inc(vars.bytes_sent, "egress", service_name,
+metrics.bandwidth:inc(vars.bytes_sent, "egress", route_id, service_id,
balancer_ip)
end
diff --git a/t/plugin/prometheus.t b/t/plugin/prometheus.t
index 06d9cae..18fa3ed 100644
--- a/t/plugin/prometheus.t
+++ b/t/plugin/prometheus.t
@@ -151,7 +151,7 @@ apisix_etcd_reachable 1
--- request
GET /apisix/prometheus/metrics
--- response_body eval
-qr/apisix_bandwidth\{type="egress",service="1",node="127.0.0.1"\} \d+/
+qr/apisix_bandwidth\{type="egress",route="1",service="",node="127.0.0.1"\} \d+/
--- no_error_log
[error]
@@ -293,7 +293,7 @@ passed
--- request
GET /apisix/prometheus/metrics
--- response_body eval
-qr/apisix_bandwidth\{type="egress",service="1",node="127.0.0.1"\} \d+/
+qr/apisix_bandwidth\{type="egress",route="1",service="",node="127.0.0.1"\} \d+/
--- no_error_log
[error]
@@ -303,6 +303,113 @@
qr/apisix_bandwidth\{type="egress",service="1",node="127.0.0.1"\} \d+/
--- request
GET /apisix/prometheus/metrics
--- response_body eval
-qr/apisix_http_latency_count\{type="request",service="1",node="127.0.0.1"\}
\d+/
+qr/apisix_http_latency_count\{type="request",service="",node="127.0.0.1"\} \d+/
+--- no_error_log
+[error]
+
+
+
+=== TEST 15: create service
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/services/1',
+ngx.HTTP_PUT,
+[[{
+"plugins": {
+"prometheus": {}
+},
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+}
+}]]
+)
+
+if code >= 300 then
+ngx.status = code
+end
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[err
[GitHub] [incubator-apisix] membphis merged pull request #1028: plugin(prometheus): added new field
membphis merged pull request #1028: plugin(prometheus): added new field URL: https://github.com/apache/incubator-apisix/pull/1028 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
