Google Git
Sign in
apache / apisix / refs/tags/2.13.0 / . / t / wasm / forward-auth.t
blob: 2648610272eae9ed1c4297218dc3ef4a93147fd5 [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX;
my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
my $version = eval { `$nginx_binary -V 2>&1` };
if ($version !~ m/\/apisix-nginx-module/) {
plan(skip_all => "apisix-nginx-module not installed");
} else {
plan('no_plan');
}
repeat_each(1);
no_long_string();
no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
my $extra_yaml_config = <<_EOC_;
wasm:
plugins:
- name: wasm-forward-auth
priority: 7997
file: t/wasm/forward-auth.go.wasm
_EOC_
$block->set_value("extra_yaml_config", $extra_yaml_config);
});
run_tests();
__DATA__
=== TEST 1: setup route with plugin
--- config
location /t {
content_by_lua_block {
local data = {
{
url = "/apisix/admin/upstreams/u1",
data = [[{
"nodes": {
"127.0.0.1:1984": 1
},
"type": "roundrobin"
}]],
},
{
url = "/apisix/admin/routes/auth",
data = [[{
"plugins": {
"serverless-pre-function": {
"phase": "rewrite",
"functions": [
"return function(conf, ctx)
local core = require(\"apisix.core\");
if core.request.header(ctx, \"Authorization\") == \"111\" then
core.response.exit(200);
end
end",
"return function(conf, ctx)
local core = require(\"apisix.core\");
if core.request.header(ctx, \"Authorization\") == \"222\" then
core.response.set_header(\"X-User-ID\", \"i-am-an-user\");
core.response.exit(200);
end
end",]] .. [[
"return function(conf, ctx)
local core = require(\"apisix.core\");
if core.request.header(ctx, \"Authorization\") == \"333\" then
core.response.set_header(\"X-User-ID\", \"i-am-an-user\");
core.response.exit(401);
end
end",
"return function(conf, ctx)
local core = require(\"apisix.core\");
if core.request.header(ctx, \"Authorization\") == \"444\" then
local auth_headers = {
'X-Forwarded-Proto',
'X-Forwarded-Method',
'X-Forwarded-Host',
'X-Forwarded-Uri',
'X-Forwarded-For',
}
for _, k in ipairs(auth_headers) do
core.log.warn('get header ', string.lower(k), ': ', core.request.header(ctx, k))
end
core.response.exit(403);
end
end"
]
}
},
"uri": "/auth"
}]],
},
{
url = "/apisix/admin/routes/echo",
data = [[{
"plugins": {
"serverless-pre-function": {
"phase": "rewrite",
"functions": [
"return function (conf, ctx)
local core = require(\"apisix.core\");
core.response.exit(200, core.request.headers(ctx));
end"
]
}
},
"uri": "/echo"
}]],
},
{
url = "/apisix/admin/routes/1",
data = [[{
"plugins": {
"wasm-forward-auth": {
"conf": "{
\"uri\": \"http://127.0.0.1:1984/auth\",
\"request_headers\": [\"Authorization\"],
\"client_headers\": [\"X-User-ID\"],
\"upstream_headers\": [\"X-User-ID\"]
}"
},
"proxy-rewrite": {
"uri": "/echo"
}
},
"upstream_id": "u1",
"uri": "/hello"
}]],
},
{
url = "/apisix/admin/routes/2",
data = [[{
"plugins": {
"wasm-forward-auth": {
"conf": "{
\"uri\": \"http://127.0.0.1:1984/auth\",
\"request_headers\": [\"Authorization\"]
}"
},
"proxy-rewrite": {
"uri": "/echo"
}
},
"upstream_id": "u1",
"uri": "/empty"
}]],
},
}
local t = require("lib.test_admin").test
for _, data in ipairs(data) do
local code, body = t(data.url, ngx.HTTP_PUT, data.data)
ngx.say(body)
end
}
}
--- response_body eval
"passed\n" x 5
=== TEST 2: hit route (test request_headers)
--- request
GET /hello
--- more_headers
Authorization: 111
--- response_body_like eval
qr/\"authorization\":\"111\"/
=== TEST 3: hit route (test upstream_headers)
--- request
GET /hello
--- more_headers
Authorization: 222
--- response_body_like eval
qr/\"x-user-id\":\"i-am-an-user\"/
=== TEST 4: hit route (test client_headers)
--- request
GET /hello
--- more_headers
Authorization: 333
--- error_code: 403
--- response_headers
x-user-id: i-am-an-user
=== TEST 5: hit route (check APISIX generated headers and ignore client headers)
--- request
GET /hello
--- more_headers
Authorization: 444
X-Forwarded-Host: apisix.apache.org
--- error_code: 403
--- grep_error_log eval
qr/get header \S+: \S+/
--- grep_error_log_out
get header x-forwarded-proto: http,
get header x-forwarded-method: GET,
get header x-forwarded-host: localhost,
get header x-forwarded-uri: /hello,
get header x-forwarded-for: 127.0.0.1,
=== TEST 6: hit route (not send upstream headers)
--- request
GET /empty
--- more_headers
Authorization: 222
--- response_body_unlike eval
qr/\"x-user-id\":\"i-am-an-user\"/
=== TEST 7: hit route (not send client headers)
--- request
GET /empty
--- more_headers
Authorization: 333
--- error_code: 403
--- response_headers
!x-user-id