bzp2010 commented on issue #2404: URL: https://github.com/apache/apisix-ingress-controller/issues/2404#issuecomment-3242352201
@MarcCain-Scott Obviously, your code overwrites `ngx.re`. > ngx.re = require "ngx.re" The `ngx` is a global variable; you do not need to require it to use it. It is particularly important to note that overwriting ngx should absolutely be avoided unless you are certain you know what you are doing. You only need to import it when you want to access these specific APIs. <img width="1063" height="187" alt="Image" src="https://github.com/user-attachments/assets/16f2da48-189e-4c13-893a-f1711bce6762"; /> And you should definitely store it in a local variable. ```lua local re_split = require(“ngx.re”).split --✔️ ngx.re = require(“ngx.re”) --❌ ``` In most cases, simply accessing that API directly will suffice. <img width="978" height="266" alt="Image" src="https://github.com/user-attachments/assets/f62dbe9a-1027-454d-878a-da3eaa27a2b6"; /> --- Simply modify your code. Most of the logic has been replaced with code copied from the `jwt-auth` plugin. ```diff diff --git a/apisix/plugins/example-plugin.lua b/apisix/plugins/example-plugin.lua index cddeef7c..21e70249 100644 --- a/apisix/plugins/example-plugin.lua +++ b/apisix/plugins/example-plugin.lua @@ -1,8 +1,9 @@ -return function() +return function(conf, ctx) -- ngx.log(ngx.INFO, "Start serverless function") - local method = ngx.req.get_method() + local core = require("apisix.core") + local method = core.request.get_method() if method ~= "POST" and method ~= "PUT" then - return + return --TODO? end local check_paths = { "/Route1/Endpoint1", @@ -11,63 +12,61 @@ return function() "/Route2/Endpoint2", "/Route3/Endpoint1" } - local request_path = string.lower(ngx.var.uri) + local request_path = string.lower(ctx.var.uri or "/") local path_found = false for _, path in ipairs(check_paths) do - if string.sub(request_path, 1, #path) == string.lower(path) then + if path == string.lower(path) then path_found = true - break + break --TODO? end end if not path_found then - return + return --TODO? end - local auth_header = ngx.var.http_Authorization + local auth_header = ctx.var.http_authorization if not auth_header then - return + return --TODO? end - local token = string.match(auth_header, "Bearer%s+(.+)") - if not token then - return + local m, err = ngx.re.match(auth_header, "(?i:bearer)\\s(.+)") + if err then + return --TODO? Simply returning a response will not block the request or halt the current request processing. + -- You must explicitly call core.response.exit() end - local cjson = require("cjson") - -- Split the JWT token into its parts - ngx.re = require "ngx.re" - local parts = ngx.re.split(token, "\\.") - if #parts ~= 3 then - return ngx.exit(ngx.HTTP_UNAUTHORIZED) + if not m or not m[1] then + return --TODO? end - -- Decode the payload part of the JWT (base64url decoding) - local payload = ngx.decode_base64(parts[2]) - if not payload then - return ngx.exit(ngx.HTTP_UNAUTHORIZED) - end - -- Parse the JSON payload - local jwt_obj = cjson.decode(payload) - if not jwt_obj then - return ngx.exit(ngx.HTTP_UNAUTHORIZED) + local token = m[1] + + -- handle bearer JWT + local jwt = require("resty.jwt") + + -- !!!The JWT is not validated; it is only parsed!!! + -- You need to use other plugins to verify it or explicitly know what won't happen. + local jwt_obj = jwt:load_jwt(token) + if not jwt_obj.payload then + return --TODO? end - local mdkunr = jwt_obj.MdKunr - -- ngx.log(ngx.INFO, "MdKunr value: " .. mdkunr) - ngx.req.read_body() - local body_data = ngx.req.get_body_data() + local mdkunr = jwt_obj.payload and jwt_obj.payload.MdKunr + + -- handle request body + local body_data = core.request.get_body() if not body_data then - return + return --TODO? end - local body_json = cjson.decode(body_data) + local body_json = core.json.decode(body_data) if not body_json then - return + return --TODO? end if body_json.MandantKundennummerId ~= nil then if body_json.MandantKundennummerId == mdkunr then - return + return --TODO? end end if body_json.MandantKundennummer ~= nil then if body_json.MandantKundennummer == mdkunr then - return + return --TODO? end end - return ngx.exit(ngx.HTTP_UNAUTHORIZED) + return core.response.exit(ngx.HTTP_UNAUTHORIZED) -- for example end ``` APISIX offers a wide variety of plugins that cover nearly all common scenarios. **Remember, APISIX's existing code is your best teacher.** Everything is open-source and licensed under the Apache License 2.0, allowing you to use it freely. Copy and combine them to meet your specific needs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
