ReachableCEO
54cc5f7308
- Implements Apache APISIX packaging for Cloudron platform. - Includes Dockerfile, CloudronManifest.json, and start.sh. - Configured to use Cloudron's etcd addon. 🤖 Generated with Gemini CLI Co-Authored-By: Gemini <noreply@google.com>
179 lines
6.3 KiB
Perl
179 lines
6.3 KiB
Perl
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
use t::APISIX 'no_plan';
|
|
|
|
add_block_preprocessor(sub {
|
|
my ($block) = @_;
|
|
|
|
if (!$block->request) {
|
|
$block->set_value("request", "GET /t");
|
|
}
|
|
|
|
if (!$block->error_log && !$block->no_error_log) {
|
|
$block->set_value("no_error_log", "[error]\n[alert]");
|
|
}
|
|
});
|
|
|
|
run_tests;
|
|
|
|
__DATA__
|
|
|
|
=== TEST 1: access_denied_redirect_uri works with request denied in token_endpoint
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"plugins": {
|
|
"authz-keycloak": {
|
|
"token_endpoint": "http://127.0.0.1:8080/realms/University/protocol/openid-connect/token",
|
|
"access_denied_redirect_uri": "http://127.0.0.1/test",
|
|
"permissions": ["course_resource#delete"],
|
|
"client_id": "course_management",
|
|
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
|
|
"timeout": 3000
|
|
}
|
|
},
|
|
"upstream": {
|
|
"nodes": {
|
|
"127.0.0.1:1982": 1
|
|
},
|
|
"type": "roundrobin"
|
|
},
|
|
"uri": "/hello1"
|
|
}]]
|
|
)
|
|
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
end
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- response_body
|
|
passed
|
|
|
|
|
|
|
|
=== TEST 2: hit
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local json_decode = require("toolkit.json").decode
|
|
local http = require "resty.http"
|
|
local httpc = http.new()
|
|
local uri = "http://127.0.0.1:8080/realms/University/protocol/openid-connect/token"
|
|
local res, err = httpc:request_uri(uri, {
|
|
method = "POST",
|
|
body = "grant_type=password&client_id=course_management&client_secret=d1ec69e9-55d2-4109-a3ea-befa071579d5&username=student@gmail.com&password=123456",
|
|
headers = {
|
|
["Content-Type"] = "application/x-www-form-urlencoded"
|
|
}
|
|
})
|
|
|
|
if res.status == 200 then
|
|
local body = json_decode(res.body)
|
|
local accessToken = body["access_token"]
|
|
uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello1"
|
|
local res, err = httpc:request_uri(uri, {
|
|
method = "GET",
|
|
headers = {
|
|
["Authorization"] = "Bearer " .. accessToken,
|
|
}
|
|
})
|
|
|
|
ngx.status = res.status
|
|
ngx.header["Location"] = res.headers["Location"]
|
|
end
|
|
}
|
|
}
|
|
--- error_code: 307
|
|
--- response_headers
|
|
Location: http://127.0.0.1/test
|
|
|
|
|
|
|
|
=== TEST 3: data encryption for client_secret
|
|
--- yaml_config
|
|
apisix:
|
|
data_encryption:
|
|
enable_encrypt_fields: true
|
|
keyring:
|
|
- edd1c9f0985e76a2
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local json = require("toolkit.json")
|
|
local t = require("lib.test_admin").test
|
|
|
|
local code, body = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"plugins": {
|
|
"authz-keycloak": {
|
|
"token_endpoint": "https://127.0.0.1:8443/realms/University/protocol/openid-connect/token",
|
|
"permissions": ["course_resource#view"],
|
|
"client_id": "course_management",
|
|
"client_secret": "d1ec69e9-55d2-4109-a3ea-befa071579d5",
|
|
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
|
|
"timeout": 3000,
|
|
"ssl_verify": false,
|
|
"password_grant_token_generation_incoming_uri": "/api/token"
|
|
}
|
|
},
|
|
"upstream": {
|
|
"nodes": {
|
|
"127.0.0.1:1982": 1
|
|
},
|
|
"type": "roundrobin"
|
|
},
|
|
"uri": "/api/token"
|
|
}]]
|
|
)
|
|
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
ngx.say(body)
|
|
return
|
|
end
|
|
ngx.sleep(0.1)
|
|
|
|
-- get plugin conf from admin api, password is decrypted
|
|
local code, message, res = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_GET
|
|
)
|
|
res = json.decode(res)
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
ngx.say(message)
|
|
return
|
|
end
|
|
|
|
ngx.say(res.value.plugins["authz-keycloak"].client_secret)
|
|
|
|
-- get plugin conf from etcd, password is encrypted
|
|
local etcd = require("apisix.core.etcd")
|
|
local res = assert(etcd.get('/routes/1'))
|
|
ngx.say(res.body.node.value.plugins["authz-keycloak"].client_secret)
|
|
}
|
|
}
|
|
--- response_body
|
|
d1ec69e9-55d2-4109-a3ea-befa071579d5
|
|
Fz1juZEEvh9PPXOmWFdMMJkREt3ZSzEVWcUZPxNP6achk3fosEvn37oN0qH4YgKB
|