KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
integration
KNELProductionContainers/CloudronPackages/APISIX/apisix-source/apisix/plugins/request-validation.lua
ReachableCEO 54cc5f7308 feat(apisix): add Cloudron package 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
2025-09-04 09:42:47 -05:00

121 lines
3.6 KiB
Lua
Raw Permalink Blame History

--
-- Licensed to the Apache Software Foundation (ASF) under one or more
-- contributor license agreements. See the NOTICE file distributed with
-- this work for additional information regarding copyright ownership.
-- The ASF licenses this file to You under the Apache License, Version 2.0
-- (the "License"); you may not use this file except in compliance with
-- the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
local core = require("apisix.core")
local plugin_name = "request-validation"
local ngx = ngx
local schema = {
type = "object",
properties = {
header_schema = {type = "object"},
body_schema = {type = "object"},
rejected_code = {type = "integer", minimum = 200, maximum = 599, default = 400},
rejected_msg = {type = "string", minLength = 1, maxLength = 256}
},
anyOf = {
{required = {"header_schema"}},
{required = {"body_schema"}}
}
}
local _M = {
version = 0.1,
priority = 2800,
type = 'validation',
name = plugin_name,
schema = schema,
}
function _M.check_schema(conf)
local ok, err = core.schema.check(schema, conf)
if not ok then
return false, err
end
if conf.body_schema then
ok, err = core.schema.valid(conf.body_schema)
if not ok then
return false, err
end
end
if conf.header_schema then
ok, err = core.schema.valid(conf.header_schema)
if not ok then
return false, err
end
end
return true, nil
end
function _M.rewrite(conf, ctx)
local headers = core.request.headers(ctx)
if conf.header_schema then
local ok, err = core.schema.check(conf.header_schema, headers)
if not ok then
core.log.error("req schema validation failed", err)
return conf.rejected_code, conf.rejected_msg or err
end
end
if conf.body_schema then
local req_body
local body, err = core.request.get_body()
if not body then
if err then
core.log.error("failed to get body: ", err)
end
return conf.rejected_code, conf.rejected_msg
end
local body_is_json = true
if headers["content-type"] == "application/x-www-form-urlencoded" then
-- use 0 to avoid truncated result and keep the behavior as the
-- same as other platforms
req_body, err = ngx.decode_args(body, 0)
body_is_json = false
else -- JSON as default
req_body, err = core.json.decode(body)
end
if not req_body then
core.log.error('failed to decode the req body: ', err)
return conf.rejected_code, conf.rejected_msg or err
end
local ok, err = core.schema.check(conf.body_schema, req_body)
if not ok then
core.log.error("req schema validation failed: ", err)
return conf.rejected_code, conf.rejected_msg or err
end
if body_is_json then
-- ensure the JSON we check is the JSON we pass to the upstream,
-- see https://bishopfox.com/blog/json-interoperability-vulnerabilities
req_body = core.json.encode(req_body)
ngx.req.set_body_data(req_body)
end
end
end
return _M
View Git Blame Copy Permalink