support for multiple security policies
diff --git a/api-gateway-config/scripts/lua/management/apis.lua b/api-gateway-config/scripts/lua/management/apis.lua
index e6a3295..7cf9ac9 100644
--- a/api-gateway-config/scripts/lua/management/apis.lua
+++ b/api-gateway-config/scripts/lua/management/apis.lua
@@ -240,12 +240,14 @@
end
end
if security then
- local validScopes = {tenant=true, api=true, resource=true}
- if (security.type == nil or security.scope == nil) then
- return false, { statusCode = 400, message = "Missing field in security object. Need \"type\" and \"scope\"." }
- elseif validScopes[security.scope] == nil then
- return false, { statusCode = 400, message = "Invalid scope in security object. Valid: \"tenant\", \"api\", \"resource\"." }
- end
+ for k, sec in ipairs(security) do
+ local validScopes = {tenant=true, api=true, resource=true}
+ if (sec.type == nil or sec.scope == nil) then
+ return false, { statusCode = 400, message = "Missing field in security object. Need \"type\" and \"scope\"." }
+ elseif validScopes[sec.scope] == nil then
+ return false, { statusCode = 400, message = "Invalid scope in security object. Valid: \"tenant\", \"api\", \"resource\"." }
+ end
+ end
end
end
diff --git a/api-gateway-config/scripts/lua/routing.lua b/api-gateway-config/scripts/lua/routing.lua
index e9d90a4..b326dd4 100644
--- a/api-gateway-config/scripts/lua/routing.lua
+++ b/api-gateway-config/scripts/lua/routing.lua
@@ -52,8 +52,10 @@
if string.upper(verb) == ngx.req.get_method() then
-- Check if auth is required
local apiKey
- if (opFields.security and opFields.security.type ~= nil and string.lower(opFields.security.type) == 'apikey') then
- apiKey = security.process(opFields.security)
+ if (opFields.security) then
+ for k, sec in ipairs(opFields.security) do
+ validated = security.process(sec)
+ end
end
-- Parse backend url
local u = url.parse(opFields.backendUrl)
diff --git a/doc/policies.md b/doc/policies.md
index 6317547..eaf6d30 100644
--- a/doc/policies.md
+++ b/doc/policies.md
@@ -114,11 +114,12 @@
_header:_ _(optional)_ custom name of auth header (default is x-api-key)
```
-"security": {
+"security":[{
"type":"apiKey",
"scope":"api",
"header":"<MyCustomAuthHeader>"
}
+]
```
This will add security of an `apiKey`, at the API level, and uses the header call `myCustomAuthHeader`.
-NOTE: Security added at the Tenant level will affect all APIs and resources under that Tenant. Likewise, security added at the API level will affect all resources under that API.
\ No newline at end of file
+NOTE: Security added at the Tenant level will affect all APIs and resources under that Tenant. Likewise, security added at the API level will affect all resources under that API.