fix(request.header): core.request.header return string instead of table (#11127)

ronething · web-flow · commit e36db170f7e7 · 2024-04-08T16:23:13.000+08:00
diff --git a/apisix/core/request.lua b/apisix/core/request.lua
@@ -107,7 +107,9 @@ function _M.header(ctx, name)
     if not ctx then
         ctx = ngx.ctx.api_ctx
     end
-    return _headers(ctx)[name]
+
+    local value = _headers(ctx)[name]
+    return type(value) == "table" and value[1] or value
 end
 
 local function modify_header(ctx, header_name, header_value, override)
diff --git a/apisix/plugins/real-ip.lua b/apisix/plugins/real-ip.lua
@@ -90,7 +90,9 @@ end
 local function get_addr(conf, ctx)
     if conf.source == "http_x_forwarded_for" then
         -- use the last address from X-Forwarded-For header
-        local addrs = core.request.header(ctx, "X-Forwarded-For")
+        -- after core.request.header function changed
+        -- we need to get original header value by using core.request.headers
+        local addrs = core.request.headers(ctx)["X-Forwarded-For"]
         if not addrs then
             return nil
         end
diff --git a/apisix/plugins/ua-restriction.lua b/apisix/plugins/ua-restriction.lua
@@ -150,7 +150,9 @@ end
 
 
 function _M.access(conf, ctx)
-    local user_agent = core.request.header(ctx, "User-Agent")
+    -- after core.request.header function changed
+    -- we need to get original header value by using core.request.headers
+    local user_agent = core.request.headers(ctx)["User-Agent"]
 
     if not user_agent then
         if conf.bypass_missing then
diff --git a/t/core/request.t b/t/core/request.t
@@ -454,10 +454,10 @@ $s
             local h = core.request.header(ctx, "test_header")
             ngx.say(h)
             core.request.add_header(ctx, "test_header", "t2")
-            local h2 = core.request.header(ctx, "test_header")
+            local h2 = core.request.headers(ctx)["test_header"]
             ngx.say(json.encode(h2))
             core.request.add_header(ctx, "test_header", "t3")
-            local h3 = core.request.header(ctx, "test_header")
+            local h3 = core.request.headers(ctx)["test_header"]
             ngx.say(json.encode(h3))
         }
     }
diff --git a/t/plugin/hmac-auth.t b/t/plugin/hmac-auth.t
@@ -382,7 +382,67 @@ passed
 
 
 
-=== TEST 15: add consumer with 0 clock skew
+=== TEST 15: verify: ok (multiple duplicates X-HMAC-SIGNATURE header)
+--- config
+location /t {
+    content_by_lua_block {
+        local ngx_time = ngx.time
+        local ngx_http_time = ngx.http_time
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+        local hmac = require("resty.hmac")
+        local ngx_encode_base64 = ngx.encode_base64
+
+        local secret_key = "my-secret-key"
+        local timestamp = ngx_time()
+        local gmt = ngx_http_time(timestamp)
+        local access_key = "my-access-key"
+        local custom_header_a = "asld$%dfasf"
+        local custom_header_b = "23879fmsldfk"
+
+        local signing_string = {
+            "GET",
+            "/hello",
+            "",
+            access_key,
+            gmt,
+            "x-custom-header-a:" .. custom_header_a,
+            "x-custom-header-b:" .. custom_header_b
+        }
+        signing_string = core.table.concat(signing_string, "\n") .. "\n"
+        core.log.info("signing_string:", signing_string)
+
+        local signature = hmac:new(secret_key, hmac.ALGOS.SHA256):final(signing_string)
+        core.log.info("signature:", ngx_encode_base64(signature))
+        local headers = {}
+        local encoded_signature = ngx_encode_base64(signature)
+        headers["X-HMAC-SIGNATURE"] = {encoded_signature, "another-signature"}
+        headers["X-HMAC-ALGORITHM"] = "hmac-sha256"
+        headers["Date"] = gmt
+        headers["X-HMAC-ACCESS-KEY"] = access_key
+        headers["X-HMAC-SIGNED-HEADERS"] = "x-custom-header-a;x-custom-header-b"
+        headers["x-custom-header-a"] = custom_header_a
+        headers["x-custom-header-b"] = custom_header_b
+
+        local code, body = t.test('/hello',
+            ngx.HTTP_GET,
+            "",
+            nil,
+            headers
+        )
+
+        ngx.status = code
+        ngx.say(body)
+    }
+}
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 16: add consumer with 0 clock skew
 --- config
     location /t {
         content_by_lua_block {
@@ -413,11 +473,12 @@ passed
 
 
 
-=== TEST 16: verify: invalid signature
+=== TEST 17: verify: invalid signature
 --- request
 GET /hello
 --- more_headers
 X-HMAC-SIGNATURE: asdf
+X-HMAC-SIGNATURE: asdf
 X-HMAC-ALGORITHM: hmac-sha256
 Date: Thu, 24 Sep 2020 06:39:52 GMT
 X-HMAC-ACCESS-KEY: my-access-key3
@@ -431,7 +492,7 @@ client request can't be validated: Invalid signature
 
 
 
-=== TEST 17: add consumer with 1 clock skew
+=== TEST 18: add consumer with 1 clock skew
 --- config
     location /t {
         content_by_lua_block {
@@ -463,7 +524,7 @@ passed
 
 
 
-=== TEST 18: verify: Invalid GMT format time
+=== TEST 19: verify: Invalid GMT format time
 --- config
 location /t {
     content_by_lua_block {
@@ -520,7 +581,7 @@ client request can't be validated: Clock skew exceeded
 
 
 
-=== TEST 19: verify: put ok
+=== TEST 20: verify: put ok
 --- config
 location /t {
     content_by_lua_block {
@@ -583,7 +644,7 @@ passed
 
 
 
-=== TEST 20: verify: put ok (pass auth data by header `Authorization`)
+=== TEST 21: verify: put ok (pass auth data by header `Authorization`)
 --- config
 location /t {
     content_by_lua_block {
@@ -645,7 +706,7 @@ passed
 
 
 
-=== TEST 21: hit route without auth info
+=== TEST 22: hit route without auth info
 --- request
 GET /hello
 --- error_code: 401
@@ -658,7 +719,7 @@ client request can't be validated: access key or signature missing
 
 
 
-=== TEST 22: add consumer with signed_headers
+=== TEST 23: add consumer with signed_headers
 --- config
     location /t {
         content_by_lua_block {
@@ -690,7 +751,7 @@ passed
 
 
 
-=== TEST 23: verify with invalid signed header
+=== TEST 24: verify with invalid signed header
 --- config
 location /t {
     content_by_lua_block {
@@ -745,7 +806,7 @@ client request can't be validated: Invalid signed header x-custom-header-c
 
 
 
-=== TEST 24: verify ok with signed headers
+=== TEST 25: verify ok with signed headers
 --- config
 location /t {
     content_by_lua_block {
@@ -800,7 +861,7 @@ passed
 
 
 
-=== TEST 25: add consumer with plugin hmac-auth - empty configuration
+=== TEST 26: add consumer with plugin hmac-auth - empty configuration
 --- config
     location /t {
         content_by_lua_block {

Original file line number	Diff line number	Diff line change
`@@ -454,10 +454,10 @@ $s`
`454`	`454`	`local h = core.request.header(ctx, "test_header")`
`455`	`455`	`ngx.say(h)`
`456`	`456`	`core.request.add_header(ctx, "test_header", "t2")`
`457`		`- local h2 = core.request.header(ctx, "test_header")`
	`457`	`+ local h2 = core.request.headers(ctx)["test_header"]`
`458`	`458`	`ngx.say(json.encode(h2))`
`459`	`459`	`core.request.add_header(ctx, "test_header", "t3")`
`460`		`- local h3 = core.request.header(ctx, "test_header")`
	`460`	`+ local h3 = core.request.headers(ctx)["test_header"]`
`461`	`461`	`ngx.say(json.encode(h3))`
`462`	`462`	`}`
`463`	`463`	`}`