From f6fda16d26f0a027cb034c8d0aa9ca5fca78a308 Mon Sep 17 00:00:00 2001 From: Daria Mayorova Date: Wed, 15 Mar 2017 09:44:39 +1100 Subject: [PATCH 1/5] [oauth] add a failing test for auth caching --- apicast/src/proxy.lua | 2 ++ t/009-apicast-caching.t | 59 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/apicast/src/proxy.lua b/apicast/src/proxy.lua index 45d5cb525..5bd8b6b4f 100644 --- a/apicast/src/proxy.lua +++ b/apicast/src/proxy.lua @@ -159,6 +159,7 @@ local function oauth_authrep(service) ngx.log(ngx.DEBUG, 'apicast cache hit key: ', cached_key) ngx.var.cached_key = cached_key else + ngx.log(ngx.INFO, 'apicast cache miss key: ', cached_key) local res = http.get("/threescale_oauth_authrep") if res.status ~= 200 then @@ -167,6 +168,7 @@ local function oauth_authrep(service) ngx.header.content_type = "application/json" error_authorization_failed(service) else + ngx.log(ngx.INFO, 'apicast cache write key: ', cached_key) access_tokens:set(ngx.var.cached_key,200) end diff --git a/t/009-apicast-caching.t b/t/009-apicast-caching.t index 7e3dfd663..8378ff8d1 100644 --- a/t/009-apicast-caching.t +++ b/t/009-apicast-caching.t @@ -160,3 +160,62 @@ apicast cache miss key: 1:one-key:usage%5Bhits%5D=1 apicast cache write key: 1:one-key:usage%5Bhits%5D=1 apicast cache miss key: 2:two-id:two-key:usage%5Bhits%5D=2 apicast cache write key: 2:two-id:two-key:usage%5Bhits%5D=2 + +=== TEST 7: call to backend is cached +First call is done synchronously and the second out of band. +--- http_config + include $TEST_NGINX_UPSTREAM_CONFIG; + lua_package_path "$TEST_NGINX_LUA_PATH"; + init_by_lua_block { + require('configuration_loader').mock({ + services = { + { + id = 42, + backend_version = 'oauth', + proxy = { + credentials_location = "query", + api_backend = "http://127.0.0.1:$TEST_NGINX_SERVER_PORT/api-backend/", + proxy_rules = { + { pattern = '/', http_method = 'GET', metric_system_name = 'hits', delta = 2 } + } + } + } + } + }) + } + lua_shared_dict api_keys 10m; +--- config + include $TEST_NGINX_APICAST_CONFIG; + + set $backend_endpoint 'http://127.0.0.1:$TEST_NGINX_SERVER_PORT'; + set $backend_authentication_type 'service_token'; + set $backend_authentication_value 'token-value'; + + location /transactions/oauth_authrep.xml { + content_by_lua_block { ngx.exit(200) } + } + + location /api-backend/ { + echo 'yay, api backend'; + } + + location ~ /test/(.+) { + proxy_pass $scheme://127.0.0.1:$server_port/$1$is_args$args; + proxy_set_header Host localhost; + } + + location = /t { + echo_subrequest GET /test/one -q access_token=value; + echo_subrequest GET /test/two -q access_token=value; + } +--- request +GET /t +--- response_body +yay, api backend +yay, api backend +--- error_code: 200 +--- grep_error_log eval: qr/apicast cache (?:hit|miss|write) key: [^,\s]+/ +--- grep_error_log_out +apicast cache miss key: 42:value:usage%5Bhits%5D=2 +apicast cache write key: 42:value:usage%5Bhits%5D=2 +apicast cache hit key: 42:value:usage%5Bhits%5D=2 From 622b3c3d3d8181cef4701f82a1aea743405e558c Mon Sep 17 00:00:00 2001 From: Daria Mayorova Date: Wed, 15 Mar 2017 09:46:15 +1100 Subject: [PATCH 2/5] [oauth] Fix auth caching for oauth mode --- apicast/src/proxy.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apicast/src/proxy.lua b/apicast/src/proxy.lua index 5bd8b6b4f..35cee26f7 100644 --- a/apicast/src/proxy.lua +++ b/apicast/src/proxy.lua @@ -169,7 +169,7 @@ local function oauth_authrep(service) error_authorization_failed(service) else ngx.log(ngx.INFO, 'apicast cache write key: ', cached_key) - access_tokens:set(ngx.var.cached_key,200) + access_tokens:set(cached_key,200) end ngx.var.cached_key = nil From 6b73162a9f9b976ea210f6c1e2ae1721595986fd Mon Sep 17 00:00:00 2001 From: Daria Mayorova Date: Wed, 15 Mar 2017 09:23:18 +0100 Subject: [PATCH 3/5] [authrep] remove duplicated code --- apicast/src/proxy.lua | 39 ++++++--------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/apicast/src/proxy.lua b/apicast/src/proxy.lua index 35cee26f7..750385049 100644 --- a/apicast/src/proxy.lua +++ b/apicast/src/proxy.lua @@ -150,33 +150,14 @@ local http = { end } -local function oauth_authrep(service) - local cached_key = ngx.var.cached_key .. ":" .. ngx.var.usage - local access_tokens = assert(ngx.shared.api_keys, 'missing shared dictionary: api_keys') - local is_known = access_tokens:get(cached_key) - - if is_known == 200 then - ngx.log(ngx.DEBUG, 'apicast cache hit key: ', cached_key) - ngx.var.cached_key = cached_key +function _M.authorize(backend_version, service) + local internal_location + if backend_version == 'oauth' then + internal_location = '/threescale_oauth_authrep' else - ngx.log(ngx.INFO, 'apicast cache miss key: ', cached_key) - local res = http.get("/threescale_oauth_authrep") - - if res.status ~= 200 then - access_tokens:delete(ngx.var.cached_key) - ngx.status = res.status - ngx.header.content_type = "application/json" - error_authorization_failed(service) - else - ngx.log(ngx.INFO, 'apicast cache write key: ', cached_key) - access_tokens:set(cached_key,200) - end - - ngx.var.cached_key = nil + internal_location = '/threescale_authrep' end -end -local function authrep(service) -- NYI: return to lower frame local cached_key = ngx.var.cached_key .. ":" .. ngx.var.usage local api_keys = ngx.shared.api_keys @@ -187,7 +168,7 @@ local function authrep(service) ngx.var.cached_key = cached_key else ngx.log(ngx.INFO, 'apicast cache miss key: ', cached_key) - local res = http.get("/threescale_authrep") + local res = http.get(internal_location) ngx.log(ngx.DEBUG, '[backend] response status: ', res.status, ' body: ', res.body) @@ -208,14 +189,6 @@ local function authrep(service) end end -function _M.authorize(backend_version, service) - if backend_version == 'oauth' then - oauth_authrep(service) - else - authrep(service) - end -end - function _M:set_service(host) host = host or ngx.var.host local service = self:find_service(host) From 77b4eb2296343e3b09780f7f8f01155d2742cea1 Mon Sep 17 00:00:00 2001 From: Daria Mayorova Date: Wed, 15 Mar 2017 10:03:31 +0100 Subject: [PATCH 4/5] [proxy] remove redundant arguments --- apicast/src/proxy.lua | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/apicast/src/proxy.lua b/apicast/src/proxy.lua index 750385049..f12166bc2 100644 --- a/apicast/src/proxy.lua +++ b/apicast/src/proxy.lua @@ -150,14 +150,9 @@ local http = { end } -function _M.authorize(backend_version, service) - local internal_location - if backend_version == 'oauth' then - internal_location = '/threescale_oauth_authrep' - else - internal_location = '/threescale_authrep' - end - +function _M.authorize(service) + local internal_location = (service.backend_version == 'oauth' and '/threescale_oauth_authrep') + or '/threescale_authrep' -- NYI: return to lower frame local cached_key = ngx.var.cached_key .. ":" .. ngx.var.usage local api_keys = ngx.shared.api_keys @@ -269,7 +264,6 @@ function _M:call(host) end function _M:access(service) - local backend_version = service.backend_version if ngx.status == 403 then ngx.say("Throttling due to too many requests") @@ -324,7 +318,7 @@ function _M:access(service) ngx.header["X-3scale-hostname"] = ngx.var.hostname end - self.authorize(backend_version, service) + self.authorize(service) end From 01dce6fb5b76925f1bd34ed94fca378ec0a8b062 Mon Sep 17 00:00:00 2001 From: Daria Mayorova Date: Wed, 15 Mar 2017 10:03:41 +0100 Subject: [PATCH 5/5] Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a920fb91c..d17e23249 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Fixed - Reloading of configuration with every request when cache is disabled [PR #287](https://github.com/3scale/apicast/pull/287) +- Auth caching is not used when OAuth method is used [PR #304](https://github.com/3scale/apicast/pull/304) ## [3.0.0-beta1] - 2017-03-03