apisix/plugins/request-validation.lua - apisix - Git at Google

 --
 -- Licensed to the Apache Software Foundation (ASF) under one or more
 -- contributor license agreements.  See the NOTICE file distributed with
 -- this work for additional information regarding copyright ownership.
 -- The ASF licenses this file to You under the Apache License, Version 2.0
 -- (the "License"); you may not use this file except in compliance with
 -- the License.  You may obtain a copy of the License at
 --
 --     http://www.apache.org/licenses/LICENSE-2.0
 --
 -- Unless required by applicable law or agreed to in writing, software
 -- distributed under the License is distributed on an "AS IS" BASIS,
 -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -- See the License for the specific language governing permissions and
 -- limitations under the License.
 --
 local core          = require("apisix.core")
 local plugin_name   = "request-validation"
 local ngx           = ngx

 local schema = {
     type = "object",
     properties = {
         header_schema = {type = "object"},
         body_schema = {type = "object"},
         rejected_code = {type = "integer", minimum = 200, maximum = 599, default = 400},
         rejected_msg = {type = "string", minLength = 1, maxLength = 256}
     },
     anyOf = {
         {required = {"header_schema"}},
         {required = {"body_schema"}}
     }
 }


 local _M = {
     version = 0.1,
     priority = 2800,
     type = 'validation',
     name = plugin_name,
     schema = schema,
 }


 function _M.check_schema(conf)
     local ok, err = core.schema.check(schema, conf)
     if not ok then
         return false, err
     end

     if conf.body_schema then
         ok, err = core.schema.valid(conf.body_schema)
         if not ok then
             return false, err
         end
     end

     if conf.header_schema then
         ok, err = core.schema.valid(conf.header_schema)
         if not ok then
             return false, err
         end
     end

     return true, nil
 end


 function _M.rewrite(conf, ctx)
     local headers = core.request.headers(ctx)

     if conf.header_schema then
         local ok, err = core.schema.check(conf.header_schema, headers)
         if not ok then
             core.log.error("req schema validation failed", err)
             return conf.rejected_code, conf.rejected_msg or err
         end
     end

     if conf.body_schema then
         local req_body
         local body, err = core.request.get_body()
         if not body then
             if err then
                 core.log.error("failed to get body: ", err)
             end
             return conf.rejected_code, conf.rejected_msg
         end

         local body_is_json = true
         if headers["content-type"] == "application/x-www-form-urlencoded" then
             -- use 0 to avoid truncated result and keep the behavior as the
             -- same as other platforms
             req_body, err = ngx.decode_args(body, 0)
             body_is_json = false
         else -- JSON as default
             req_body, err = core.json.decode(body)
         end

         if not req_body then
             core.log.error('failed to decode the req body: ', err)
             return conf.rejected_code, conf.rejected_msg or err
         end

         local ok, err = core.schema.check(conf.body_schema, req_body)
         if not ok then
             core.log.error("req schema validation failed: ", err)
             return conf.rejected_code, conf.rejected_msg or err
         end

         if body_is_json then
             -- ensure the JSON we check is the JSON we pass to the upstream,
             -- see https://bishopfox.com/blog/json-interoperability-vulnerabilities
             req_body = core.json.encode(req_body)
             ngx.req.set_body_data(req_body)
         end
     end
 end

 return _M
	--
	-- Licensed to the Apache Software Foundation (ASF) under one or more
	-- contributor license agreements. See the NOTICE file distributed with
	-- this work for additional information regarding copyright ownership.
	-- The ASF licenses this file to You under the Apache License, Version 2.0
	-- (the "License"); you may not use this file except in compliance with
	-- the License. You may obtain a copy of the License at
	--
	-- http://www.apache.org/licenses/LICENSE-2.0
	--
	-- Unless required by applicable law or agreed to in writing, software
	-- distributed under the License is distributed on an "AS IS" BASIS,
	-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	-- See the License for the specific language governing permissions and
	-- limitations under the License.
	--
	local core = require("apisix.core")
	local plugin_name = "request-validation"
	local ngx = ngx

	local schema = {
	type = "object",
	properties = {
	header_schema = {type = "object"},
	body_schema = {type = "object"},
	rejected_code = {type = "integer", minimum = 200, maximum = 599, default = 400},
	rejected_msg = {type = "string", minLength = 1, maxLength = 256}
	},
	anyOf = {
	{required = {"header_schema"}},
	{required = {"body_schema"}}
	}
	}


	local _M = {
	version = 0.1,
	priority = 2800,
	type = 'validation',
	name = plugin_name,
	schema = schema,
	}


	function _M.check_schema(conf)
	local ok, err = core.schema.check(schema, conf)
	if not ok then
	return false, err
	end

	if conf.body_schema then
	ok, err = core.schema.valid(conf.body_schema)
	if not ok then
	return false, err
	end
	end

	if conf.header_schema then
	ok, err = core.schema.valid(conf.header_schema)
	if not ok then
	return false, err
	end
	end

	return true, nil
	end


	function _M.rewrite(conf, ctx)
	local headers = core.request.headers(ctx)

	if conf.header_schema then
	local ok, err = core.schema.check(conf.header_schema, headers)
	if not ok then
	core.log.error("req schema validation failed", err)
	return conf.rejected_code, conf.rejected_msg or err
	end
	end

	if conf.body_schema then
	local req_body
	local body, err = core.request.get_body()
	if not body then
	if err then
	core.log.error("failed to get body: ", err)
	end
	return conf.rejected_code, conf.rejected_msg
	end

	local body_is_json = true
	if headers["content-type"] == "application/x-www-form-urlencoded" then
	-- use 0 to avoid truncated result and keep the behavior as the
	-- same as other platforms
	req_body, err = ngx.decode_args(body, 0)
	body_is_json = false
	else -- JSON as default
	req_body, err = core.json.decode(body)
	end

	if not req_body then
	core.log.error('failed to decode the req body: ', err)
	return conf.rejected_code, conf.rejected_msg or err
	end

	local ok, err = core.schema.check(conf.body_schema, req_body)
	if not ok then
	core.log.error("req schema validation failed: ", err)
	return conf.rejected_code, conf.rejected_msg or err
	end

	if body_is_json then
	-- ensure the JSON we check is the JSON we pass to the upstream,
	-- see https://bishopfox.com/blog/json-interoperability-vulnerabilities
	req_body = core.json.encode(req_body)
	ngx.req.set_body_data(req_body)
	end
	end
	end

	return _M