Update extensions & release 1.0.0-rc (#281)

2026-02-24 20:50:51 +08:00 · 2023-04-09 14:16:10 +08:00
parent f5edac0c58
commit 069b636c10
38 changed files with 721 additions and 128 deletions
--- a/plugins/wasm-cpp/extensions/basic_auth/BUILD
+++ b/plugins/wasm-cpp/extensions/basic_auth/BUILD
@@ -1,3 +1,17 @@
+# Copyright (c) 2022 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 load("@proxy_wasm_cpp_sdk//bazel/wasm:wasm.bzl", "wasm_cc_binary")
 load("//bazel:wasm.bzl", "declare_wasm_image_targets")

@@ -31,7 +45,7 @@ cc_library(
    visibility = ["//visibility:public"],
    alwayslink = 1,
    deps = [
-        "//common:rule_util",
+        "//common:rule_util_nullvm",
        "//common:json_util",
        "//common:crypto_util",
        "@com_google_absl//absl/strings",
--- a/plugins/wasm-cpp/extensions/basic_auth/plugin.cc
+++ b/plugins/wasm-cpp/extensions/basic_auth/plugin.cc
@@ -308,8 +308,7 @@ bool PluginRootContext::onConfigure(size_t size) {
  // Parse configuration JSON string.
  if (size > 0 && !configure(size)) {
    LOG_WARN("configuration has errors initialization will not continue.");
-    setInvalidConfig();
-    return true;
+    return false;
  }
  return true;
 }
--- a/plugins/wasm-cpp/extensions/basic_auth/plugin_test.cc
+++ b/plugins/wasm-cpp/extensions/basic_auth/plugin_test.cc
@@ -909,7 +909,8 @@ TEST_F(BasicAuthTest, GlobalDeny) {
 }

 TEST_F(BasicAuthTest, GlobalWithConsumerDeny) {
-  std::string configuration = R"(
+  {
+    std::string configuration = R"(
 {
  "consumers" : [
    {"credential" : "ok:test", "name" : "consumer_ok"},
@@ -932,36 +933,171 @@ TEST_F(BasicAuthTest, GlobalWithConsumerDeny) {
    }
  ]
 })";
-  BufferBase buffer;
-  buffer.set({configuration.data(), configuration.size()});
+    BufferBase buffer;
+    buffer.set({configuration.data(), configuration.size()});

-  EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
-      .WillOnce([&buffer](WasmBufferType) { return &buffer; });
-  EXPECT_TRUE(root_context_->configure(configuration.size()));
+    EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+        .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+    EXPECT_TRUE(root_context_->configure(configuration.size()));

-  cred_ = "wrong-cred";
-  route_name_ = "config";
-  authorization_header_ = "Basic " + Base64::encode(cred_.data(), cred_.size());
-  EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
-                                                testing::_, testing::_));
-  EXPECT_EQ(context_->onRequestHeaders(0, false),
-            FilterHeadersStatus::StopIteration);
+    cred_ = "wrong-cred";
+    route_name_ = "not match";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::Continue);

-  authority_ = "www.example.com";
-  cred_ = "admin2:admin2";
-  authorization_header_ = "Basic " + Base64::encode(cred_.data(), cred_.size());
-  EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
-                                                testing::_, testing::_));
-  EXPECT_EQ(context_->onRequestHeaders(0, false),
-            FilterHeadersStatus::StopIteration);
+    cred_ = "wrong-cred";
+    route_name_ = "config";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);

-  route_name_ = "config";
-  cred_ = "admin4:admin4";
-  authorization_header_ = "Basic " + Base64::encode(cred_.data(), cred_.size());
-  EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
-                                                testing::_, testing::_));
-  EXPECT_EQ(context_->onRequestHeaders(0, false),
-            FilterHeadersStatus::StopIteration);
+    authority_ = "www.example.com";
+    cred_ = "admin2:admin2";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+
+    route_name_ = "config";
+    cred_ = "admin4:admin4";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+  }
+  {
+    std::string configuration = R"(
+{
+  "global_auth": true,
+  "consumers" : [
+    {"credential" : "ok:test", "name" : "consumer_ok"},
+    {"credential" : "admin2:admin2", "name" : "consumer2"},
+    {"credential" : "admin:admin", "name" : "consumer"}
+  ],
+  "_rules_" : [
+    {
+      "_match_route_" : ["test", "config"], 
+      "consumers" : [
+        {"credential" : "admin3:admin3", "name" : "consumer3"},
+        {"credential" : "YWRtaW41OmFkbWluNQ==", "name" : "consumer5"} 
+      ]
+    }, 
+    {
+      "_match_domain_" : ["test.com", "*.example.com"],
+      "consumers" : [
+        {"credential" : "admin4:admin4", "name" : "consumer4"}
+      ]
+    }
+  ]
+})";
+    BufferBase buffer;
+    buffer.set({configuration.data(), configuration.size()});
+
+    EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+        .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+    EXPECT_TRUE(root_context_->configure(configuration.size()));
+
+    cred_ = "wrong-cred";
+    route_name_ = "not match";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+
+    cred_ = "wrong-cred";
+    route_name_ = "config";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+
+    authority_ = "www.example.com";
+    cred_ = "admin2:admin2";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+
+    route_name_ = "config";
+    cred_ = "admin4:admin4";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+  }
+}
+
+TEST_F(BasicAuthTest, OnConfigureNoRulesAuth) {
+  // enable global auth
+  {
+    std::string configuration = R"(
+{
+  "consumers" : [
+    {"credential" : "getuser1:123456", "name" : "consumer1"}
+  ]
+})";
+    BufferBase buffer;
+    buffer.set({configuration.data(), configuration.size()});
+
+    EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+        .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+    EXPECT_TRUE(root_context_->configure(configuration.size()));
+    cred_ = "admin:admin";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_CALL(*mock_context_, sendLocalResponse(401, testing::_, testing::_,
+                                                  testing::_, testing::_));
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::StopIteration);
+    cred_ = "getuser1:123456";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::Continue);
+  }
+  // disable global auth
+  {
+    std::string configuration = R"(
+{
+  "consumers" : [
+    {"credential" : "getuser1:123456", "name" : "consumer1"}
+  ],
+  "global_auth": false
+})";
+    BufferBase buffer;
+    buffer.set({configuration.data(), configuration.size()});
+
+    EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+        .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+    EXPECT_TRUE(root_context_->configure(configuration.size()));
+    cred_ = "admin:admin";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::Continue);
+    cred_ = "getuser1:123456";
+    authorization_header_ =
+        "Basic " + Base64::encode(cred_.data(), cred_.size());
+    EXPECT_EQ(context_->onRequestHeaders(0, false),
+              FilterHeadersStatus::Continue);
+  }
 }

 }  // namespace basic_auth