feat: add AK/SK(HMAC) auth plugin. #2192
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nic-chen
changed the title
membphis
requested changes
Sep 10, 2020
membphis
reviewed
Sep 10, 2020
membphis
requested changes
Sep 14, 2020
membphis
reviewed
Sep 14, 2020
moonming
reviewed
Sep 14, 2020
membphis
reviewed
Sep 14, 2020
Firstsawyou
reviewed
Sep 14, 2020
membphis
reviewed
Sep 14, 2020
membphis
reviewed
Sep 14, 2020
doc/zh-cn/plugins/hmac-auth.md
Outdated
|
|
||
| ### 签名生成公式 | ||
|
|
||
| 签名的计算公式为 `signature = HMAC-SHAx-HEX(secret_key, signning_string)`,从公式可以看出,想要获得签名需要得到 `secret_key` 和 `signning_string` 两个参数。其中 `secret_key` 为对应 consumer 所配置的, `signning_string` 的计算公式为: `signning_string = HTTP Method + HTTP URI + canonical_query_string + HTTP BODY + access_key + timestamp + secret_key` |
There was a problem hiding this comment.
Two questions:
- I think the HTTP body is optional.
- For the
signning_string, we should add a space when we concat different values, eg:HTTP METHOD+ " " +HTTP URI, it is more easier for understanding.
There was a problem hiding this comment.
adding HTTP body is safer, that a signature just can put or post a same body.
There was a problem hiding this comment.
I think the HTTP body is optional.
this way is better, the request body maybe large.
There was a problem hiding this comment.
There is another way to do both, that is, we can put the body hash in request header which could be put in the signning_string. what do you think ? @membphis
Firstsawyou
reviewed
Sep 14, 2020
moonming
reviewed
Sep 14, 2020
Firstsawyou
reviewed
Sep 14, 2020
Firstsawyou
reviewed
Sep 15, 2020
Firstsawyou
reviewed
Sep 15, 2020
Firstsawyou
reviewed
Sep 15, 2020
Firstsawyou
reviewed
Sep 15, 2020
Firstsawyou
reviewed
Sep 15, 2020
moonming
approved these changes
Sep 16, 2020
membphis
approved these changes
Sep 16, 2020
moonming
changed the title
This was referenced Sep 16, 2020
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
add AK/SK auth plugin
Pre-submission checklist: