MarcCain-Scott commented on issue #2404:
URL:
https://github.com/apache/apisix-ingress-controller/issues/2404#issuecomment-3241086353
Thank you for looking into this. Here is the only serverless plugin we have.
Basically it deserializes a JWT and enforces that on some routes the posted
data matches what is in the JWT. I don't see how this could be overwriting
anything but I really don't know much about Lua.
```
- name: serverless-pre-function
enable: true
config:
phase: rewrite
functions:
- |
return function()
-- ngx.log(ngx.INFO, "Start serverless function")
local method = ngx.req.get_method()
if method ~= "POST" and method ~= "PUT" then
return
end
local check_paths = {
"/Route1/Endpoint1",
"/Route1/Endpoint2",
"/Route2/Endpoint1",
"/Route2/Endpoint2",
"/Route3/Endpoint1"
}
local request_path = string.lower(ngx.var.uri)
local path_found = false
for _, path in ipairs(check_paths) do
if string.sub(request_path, 1, #path) == string.lower(path)
then
path_found = true
break
end
end
if not path_found then
return
end
local auth_header = ngx.var.http_Authorization
if not auth_header then
return
end
local token = string.match(auth_header, "Bearer%s+(.+)")
if not token then
return
end
local cjson = require("cjson")
-- Split the JWT token into its parts
ngx.re = require "ngx.re"
local parts = ngx.re.split(token, "\\.")
if #parts ~= 3 then
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
-- Decode the payload part of the JWT (base64url decoding)
local payload = ngx.decode_base64(parts[2])
if not payload then
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
-- Parse the JSON payload
local jwt_obj = cjson.decode(payload)
if not jwt_obj then
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
local mdkunr = jwt_obj.MdKunr
-- ngx.log(ngx.INFO, "MdKunr value: " .. mdkunr)
ngx.req.read_body()
local body_data = ngx.req.get_body_data()
if not body_data then
return
end
local body_json = cjson.decode(body_data)
if not body_json then
return
end
if body_json.MandantKundennummerId ~= nil then
if body_json.MandantKundennummerId == mdkunr then
return
end
end
if body_json.MandantKundennummer ~= nil then
if body_json.MandantKundennummer == mdkunr then
return
end
end
return ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
``ยด
I have this installed on a k3s cluster, maybe that is the difference. This
is how I installed k3s.
`curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.31.2+k3s1
INSTALL_K3S_EXEC="--disable traefik" sh -s -`
Not installing the ingress means we need to install the gateway api
separately.
`kubectl apply -f
https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml`
Then install Apisix with helm
```
helm repo add apisix https://charts.apiseven.com
helm repo update
helm upgrade --install apisix apisix/apisix --namespace default \
--set service.type=LoadBalancer \
--set apisix.ssl.enabled=true \
--set apisix.ssl.containerPort=443 \
--set timezone=Europe/Berlin \
--set apisix.prometheus.enabled=true \
--set dashboard.enabled=true \
--set ingress-controller.enabled=true \
--set ingress-controller.config.apisix.serviceNamespace=default \
--set config.enableHTTP2=true \
--set config.kubernetes.defaultIngressClass=true
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
