feat: ext auth forward_auth endpoint_mode enhancement #1180
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc @jaggerwang |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1180 +/- ##
==========================================
+ Coverage 35.91% 35.95% +0.04%
==========================================
Files 69 69
Lines 11576 9483 -2093
==========================================
- Hits 4157 3410 -747
+ Misses 7104 5757 -1347
- Partials 315 316 +1 |
|
ApiSix的forward-auth插件也做了对应支持,会向认证服务传原始Uri、Method、Host等信息 
|
CH3CHO
reviewed
Aug 7, 2024
| @@ -45,7 +45,7 @@ type HttpService struct { | |||
|
|
|||
| type AuthorizationRequest struct { | |||
| // allowedHeaders In addition to the user’s supplied matchers, | |||
| // Host, Method, Path, Content-Length, and Authorization are automatically included to the list. | |||
| // Authorization are automatically included to the list | |||
There was a problem hiding this comment.
默认只带上游的Authorization头过去( endpoint_mode 为 forward_auth 时,会把原始请求的请求路径设置到 X-Original-Uri ,原始请求的HTTP Method设置到 X-Original-Method ),我补充下后面这部分到注释里吧
|
可以获取到了,谢谢! |
|
镜像已更新,地址不变:higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ext-auth:1.0.0 |
|
@jaggerwang 你这边可以换成官方的镜像地址了 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ⅰ. Describe what this PR did
因为envoy和forward_auth两种endpoint_mode,envoy这种endpoint_mode目前是能拿到原始的requestMethod和requestPath,但forward_auth这种endpoint_mode暂不支持,考虑到鉴权大部分都会涉及requestMethod和requestPath,endpoint_mode为forward_auth时添加了X-Original-Method和X-Original-URI两个请求头
示例如下:
X-Original-Method: POST
X-Original-Uri: /path/to/resource?query=param
Ⅱ. Does this pull request fix one issue?
#1152
Ⅲ. Why don't you add test cases (unit test/integration test)?
Ⅳ. Describe how to verify it
1)原始请求为POST
认证服务收到的请求头中X-Original-Method为POST,X-Original-Uri为/foo?apikey=9a342114-ba8a-11ec-b1bf-00163e1250b5
2)原始请求为PUT
认证服务收到的请求头中X-Original-Method为PUT,X-Original-Uri为/foo?apikey=9a342114-ba8a-11ec-b1bf-00163e1250b5
Ⅴ. Special notes for reviews