Merge branch 'master' of github.com:apache/apisix into patch-1

.gitignore

@@ -56,6 +56,7 @@ uwsgi_temp
 proxy_temp
 fastcgi_temp
 client_body_temp
+utils/lj-releng
 utils/reindex
 *.etcd/
 t/lib/dubbo*/**/target/

.licenserc.yaml

@@ -55,6 +55,5 @@ header:
     - '.luacheckrc'
     # Exclude file contains certificate revocation information
     - 't/certs/ocsp/index.txt'
-    - 'utils/lj-releng'
 
   comment: on-failure

apisix/consumer.lua

@@ -163,6 +163,10 @@ function _M.plugin(plugin_name)
     return plugin_conf[plugin_name]
 end
 
+function _M.consumers_conf(plugin_name)
+    return _M.plugin(plugin_name)
+end
+
 
 -- attach chosen consumer to the ctx, used in auth plugin
 function _M.attach_consumer(ctx, consumer, conf)
@@ -208,6 +212,20 @@ function _M.consumers_kv(plugin_name, consumer_conf, key_attr)
     return consumers
 end
 
+
+function _M.find_consumer(plugin_name, key, key_value)
+    local consumer
+    local consumer_conf
+    consumer_conf = _M.plugin(plugin_name)
+    if not consumer_conf then
+        return nil, nil, "Missing related consumer"
+    end
+    local consumers = _M.consumers_kv(plugin_name, consumer_conf, key)
+    consumer = consumers[key_value]
+    return consumer, consumer_conf
+end
+
+
 local function check_consumer(consumer, key)
     local data_valid
     local err
@@ -251,5 +269,33 @@ function _M.init_worker()
     end
 end
 
+local function get_anonymous_consumer_from_local_cache(name)
+    local anon_consumer_raw = consumers:get(name)
+
+    if not anon_consumer_raw or not anon_consumer_raw.value or
+    not anon_consumer_raw.value.id or not anon_consumer_raw.modifiedIndex then
+        return nil, nil, "failed to get anonymous consumer " .. name
+    end
+
+    -- make structure of anon_consumer similar to that of consumer_mod.consumers_kv's response
+    local anon_consumer = anon_consumer_raw.value
+    anon_consumer.consumer_name = anon_consumer_raw.value.id
+    anon_consumer.modifiedIndex = anon_consumer_raw.modifiedIndex
+
+    local anon_consumer_conf = {
+        conf_version = anon_consumer_raw.modifiedIndex
+    }
+
+    return anon_consumer, anon_consumer_conf
+end
+
+
+function _M.get_anonymous_consumer(name)
+    local anon_consumer, anon_consumer_conf, err
+    anon_consumer, anon_consumer_conf, err = get_anonymous_consumer_from_local_cache(name)
+
+    return anon_consumer, anon_consumer_conf, err
+end
+
 
 return _M

apisix/plugin.lua

@@ -34,6 +34,9 @@ local type          = type
 local local_plugins = core.table.new(32, 0)
 local tostring      = tostring
 local error         = error
+-- make linter happy to avoid error: getting the Lua global "load"
+-- luacheck: globals load, ignore lua_load
+local lua_load          = load
 local is_http       = ngx.config.subsystem == "http"
 local local_plugins_hash    = core.table.new(0, 32)
 local stream_local_plugins  = core.table.new(32, 0)
@@ -49,6 +52,9 @@ local merged_stream_route = core.lrucache.new({
 local expr_lrucache = core.lrucache.new({
     ttl = 300, count = 512
 })
+local meta_pre_func_load_lrucache = core.lrucache.new({
+    ttl = 300, count = 512
+})
 local local_conf
 local check_plugin_metadata
 
@@ -906,10 +912,23 @@ local function check_single_plugin_schema(name, plugin_conf, schema_type, skip_d
                 .. name .. " err: " .. err
         end
 
-        if plugin_conf._meta and plugin_conf._meta.filter then
-            ok, err = expr.new(plugin_conf._meta.filter)
-            if not ok then
-                return nil, "failed to validate the 'vars' expression: " .. err
+        if plugin_conf._meta then
+            if plugin_conf._meta.filter then
+                ok, err = expr.new(plugin_conf._meta.filter)
+                if not ok then
+                    return nil, "failed to validate the 'vars' expression: " .. err
+                end
+            end
+
+            if plugin_conf._meta.pre_function then
+                local pre_function, err = meta_pre_func_load_lrucache(plugin_conf._meta.pre_function
+                                          , "",
+                                          lua_load,
+                                          plugin_conf._meta.pre_function, "meta pre_function")
+                if not pre_function then
+                    return nil, "failed to load _meta.pre_function in plugin " .. name .. ": "
+                                 .. err
+                end
             end
         end
     end
@@ -1130,6 +1149,17 @@ function _M.stream_plugin_checker(item, in_cp)
     return true
 end
 
+local function run_meta_pre_function(conf, api_ctx, name)
+    if conf._meta and conf._meta.pre_function then
+        local _, pre_function = pcall(meta_pre_func_load_lrucache(conf._meta.pre_function, "",
+                                lua_load,
+                                conf._meta.pre_function, "meta pre_function"))
+        local ok, err = pcall(pre_function, conf, api_ctx)
+        if not ok then
+            core.log.error("pre_function execution for plugin ", name, " failed: ", err)
+        end
+    end
+end
 
 function _M.run_plugin(phase, plugins, api_ctx)
     local plugin_run = false
@@ -1169,6 +1199,7 @@ function _M.run_plugin(phase, plugins, api_ctx)
                     goto CONTINUE
                 end
 
+                run_meta_pre_function(conf, api_ctx, plugins[i]["name"])
                 plugin_run = true
                 api_ctx._plugin_name = plugins[i]["name"]
                 local code, body = phase_func(conf, api_ctx)
@@ -1207,6 +1238,7 @@ function _M.run_plugin(phase, plugins, api_ctx)
         local conf = plugins[i + 1]
         if phase_func and meta_filter(api_ctx, plugins[i]["name"], conf) then
             plugin_run = true
+            run_meta_pre_function(conf, api_ctx, plugins[i]["name"])
             api_ctx._plugin_name = plugins[i]["name"]
             phase_func(conf, api_ctx)
             api_ctx._plugin_name = nil

apisix/plugins/basic-auth.lua

@@ -18,6 +18,7 @@ local core = require("apisix.core")
 local ngx = ngx
 local ngx_re = require("ngx.re")
 local consumer = require("apisix.consumer")
+local schema_def = require("apisix.schema_def")
 local auth_utils = require("apisix.utils.auth")
 
 local lrucache = core.lrucache.new({
@@ -33,6 +34,7 @@ local schema = {
             default = false,
         }
     },
+    anonymous_consumer = schema_def.anonymous_consumer_schema,
 }
 
 local consumer_schema = {
@@ -122,47 +124,59 @@ local function extract_auth_header(authorization)
 end
 
 
-function _M.rewrite(conf, ctx)
-    core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
-
-    -- 1. extract authorization from header
+local function find_consumer(ctx)
     local auth_header = core.request.header(ctx, "Authorization")
     if not auth_header then
         core.response.set_header("WWW-Authenticate", "Basic realm='.'")
-        return 401, { message = "Missing authorization in request" }
+        return nil, nil, "Missing authorization in request"
     end
 
     local username, password, err = extract_auth_header(auth_header)
     if err then
         if auth_utils.is_running_under_multi_auth(ctx) then
-            return 401, err
+            return nil, nil, err
         end
         core.log.warn(err)
-        return 401, { message = "Invalid authorization in request" }
+        return nil, nil, "Invalid authorization in request"
     end
 
-    -- 2. get user info from consumer plugin
-    local consumer_conf = consumer.plugin(plugin_name)
-    if not consumer_conf then
-        return 401, { message = "Missing related consumer" }
+    local cur_consumer, consumer_conf, err = consumer.find_consumer(plugin_name,
+                                             "username", username)
+    if not cur_consumer then
+        err = "failed to find user: " .. (err or "invalid user")
+        if auth_utils.is_running_under_multi_auth(ctx) then
+            return nil, nil, err
+        end
+        core.log.warn(err)
+        return nil, nil, "Invalid user authorization"
     end
 
-    local consumers = consumer.consumers_kv(plugin_name, consumer_conf, "username")
-
-    -- 3. check user exists
-    local cur_consumer = consumers[username]
-    if not cur_consumer then
-        return 401, { message = "Invalid user authorization" }
+    if cur_consumer.auth_conf.password ~= password then
+        return nil, nil, "Invalid user authorization"
     end
-    core.log.info("consumer: ", core.json.delay_encode(cur_consumer))
 
+    return cur_consumer, consumer_conf, err
+end
 
-    -- 4. check the password is correct
-    if cur_consumer.auth_conf.password ~= password then
-        return 401, { message = "Invalid user authorization" }
+
+function _M.rewrite(conf, ctx)
+    core.log.info("plugin access phase, conf: ", core.json.delay_encode(conf))
+
+    local cur_consumer, consumer_conf, err = find_consumer(ctx)
+    if not cur_consumer then
+        if not conf.anonymous_consumer then
+            return 401, { message = err }
+        end
+        cur_consumer, consumer_conf, err = consumer.get_anonymous_consumer(conf.anonymous_consumer)
+        if not cur_consumer then
+            err = "basic-auth failed to authenticate the request, code: 401. error: " .. err
+            core.log.error(err)
+            return 401, { message = "Invalid user authorization" }
+        end
     end
 
-    -- 5. hide `Authorization` request header if `hide_credentials` is `true`
+    core.log.info("consumer: ", core.json.delay_encode(cur_consumer))
+
     if conf.hide_credentials then
         core.request.set_header(ctx, "Authorization", nil)
     end

apisix/plugins/example-plugin.lua

@@ -107,6 +107,10 @@ function _M.access(conf, ctx)
     return
 end
 
+function _M.header_filter(conf, ctx)
+    core.log.warn("plugin header_filter phase, conf: ", core.json.encode(conf))
+end
+
 
 function _M.body_filter(conf, ctx)
     core.log.warn("plugin body_filter phase, eof: ", ngx.arg[2],
@@ -119,6 +123,10 @@ function _M.delayed_body_filter(conf, ctx)
                   ", conf: ", core.json.encode(conf))
 end
 
+function _M.log(conf, ctx)
+    core.log.warn("plugin log phase, conf: ", core.json.encode(conf))
+end
+
 
 local function hello()
     local args = ngx.req.get_uri_args()