| -- |
| -- Licensed to the Apache Software Foundation (ASF) under one or more |
| -- contributor license agreements. See the NOTICE file distributed with |
| -- this work for additional information regarding copyright ownership. |
| -- The ASF licenses this file to You under the Apache License, Version 2.0 |
| -- (the "License"); you may not use this file except in compliance with |
| -- the License. You may obtain a copy of the License at |
| -- |
| -- http://www.apache.org/licenses/LICENSE-2.0 |
| -- |
| -- Unless required by applicable law or agreed to in writing, software |
| -- distributed under the License is distributed on an "AS IS" BASIS, |
| -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| -- See the License for the specific language governing permissions and |
| -- limitations under the License. |
| -- |
| local core = require("apisix.core") |
| local plugin_name = "request-validation" |
| local ngx = ngx |
| |
| local schema = { |
| type = "object", |
| properties = { |
| header_schema = {type = "object"}, |
| body_schema = {type = "object"}, |
| rejected_code = {type = "integer", minimum = 200, maximum = 599, default = 400}, |
| rejected_msg = {type = "string", minLength = 1, maxLength = 256} |
| }, |
| anyOf = { |
| {required = {"header_schema"}}, |
| {required = {"body_schema"}} |
| } |
| } |
| |
| |
| local _M = { |
| version = 0.1, |
| priority = 2800, |
| type = 'validation', |
| name = plugin_name, |
| schema = schema, |
| } |
| |
| |
| function _M.check_schema(conf) |
| local ok, err = core.schema.check(schema, conf) |
| if not ok then |
| return false, err |
| end |
| |
| if conf.body_schema then |
| ok, err = core.schema.valid(conf.body_schema) |
| if not ok then |
| return false, err |
| end |
| end |
| |
| if conf.header_schema then |
| ok, err = core.schema.valid(conf.header_schema) |
| if not ok then |
| return false, err |
| end |
| end |
| |
| return true, nil |
| end |
| |
| |
| function _M.rewrite(conf, ctx) |
| local headers = core.request.headers(ctx) |
| |
| if conf.header_schema then |
| local ok, err = core.schema.check(conf.header_schema, headers) |
| if not ok then |
| core.log.error("req schema validation failed", err) |
| return conf.rejected_code, conf.rejected_msg or err |
| end |
| end |
| |
| if conf.body_schema then |
| local req_body |
| local body, err = core.request.get_body() |
| if not body then |
| if err then |
| core.log.error("failed to get body: ", err) |
| end |
| return conf.rejected_code, conf.rejected_msg |
| end |
| |
| local body_is_json = true |
| if headers["content-type"] == "application/x-www-form-urlencoded" then |
| -- use 0 to avoid truncated result and keep the behavior as the |
| -- same as other platforms |
| req_body, err = ngx.decode_args(body, 0) |
| body_is_json = false |
| else -- JSON as default |
| req_body, err = core.json.decode(body) |
| end |
| |
| if not req_body then |
| core.log.error('failed to decode the req body: ', err) |
| return conf.rejected_code, conf.rejected_msg or err |
| end |
| |
| local ok, err = core.schema.check(conf.body_schema, req_body) |
| if not ok then |
| core.log.error("req schema validation failed: ", err) |
| return conf.rejected_code, conf.rejected_msg or err |
| end |
| |
| if body_is_json then |
| -- ensure the JSON we check is the JSON we pass to the upstream, |
| -- see https://bishopfox.com/blog/json-interoperability-vulnerabilities |
| req_body = core.json.encode(req_body) |
| ngx.req.set_body_data(req_body) |
| end |
| end |
| end |
| |
| return _M |