Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/hmac nonconstant digest compare #703

Closed
wants to merge 45 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
8954a1e
Adding a function to count the entities in a table
subnetmarco Oct 13, 2015
806ae78
Disabling access log for status endpoint
subnetmarco Oct 14, 2015
787b99e
Merge pull request #623 from Mashape/fix/status-logs
subnetmarco Oct 14, 2015
d26c761
Customizable DNS settings
subnetmarco Oct 15, 2015
3114ef7
Merge pull request #625 from Mashape/feat/custom-dns
subnetmarco Oct 15, 2015
731e203
fix(alf_serializer) always ensure mimeType is a string
thibaultcha Oct 15, 2015
956f94d
perf(alf_serializer) globals optimizations
thibaultcha Oct 15, 2015
eef305a
Merge pull request #626 from Mashape/fix/alf-serializer
thibaultcha Oct 15, 2015
c0ab86d
OAuth 2.0 tests to check for upstream headers
subnetmarco Oct 15, 2015
a0fc23f
Merge pull request #627 from Mashape/tests/oauth2
subnetmarco Oct 15, 2015
aa54b58
Updating dependencies
subnetmarco Oct 15, 2015
709f4b9
Merge pull request #628 from Mashape/enhancement/updating-dependencies
subnetmarco Oct 15, 2015
b912125
Merge pull request #632 from Mashape/dao/count
subnetmarco Oct 15, 2015
57b9e30
feat(cli) config validation and defaults utility
thibaultcha Oct 7, 2015
d26e179
feat(cli) use new config and dao loaders
thibaultcha Oct 7, 2015
92a37c8
Adding "total" field in API responses
subnetmarco Oct 15, 2015
21d77a5
Adding database stats into status endpoint
subnetmarco Oct 16, 2015
9f2e83a
Merge pull request #635 from Mashape/chore/api-totals
subnetmarco Oct 16, 2015
94747d8
Updating changelog for 0.6.x
subnetmarco Oct 16, 2015
15addbf
Refactoring the count function in DAO and API
subnetmarco Oct 16, 2015
d0edd94
Merge pull request #636 from Mashape/refactor/count
thibaultcha Oct 16, 2015
370f124
feat(config) commented configuration file
thibaultcha Oct 8, 2015
121a949
feat(config) add options for keyspace replication strategy
thibaultcha Sep 30, 2015
ccac50b
refactor(config) remove unnecessary dao config nesting
thibaultcha Oct 5, 2015
15e6205
feat(config) implement `enum` check for properties
thibaultcha Oct 16, 2015
303e235
feat(config) update `kong config` to new config file format
thibaultcha Oct 16, 2015
12d8171
Merge pull request #633 from Mashape/feat/commented-config
thibaultcha Oct 16, 2015
b97eef2
fix(readme): update community resources
Oct 16, 2015
fcfdc4d
Merge pull request #637 from Mashape/readme-patch
Oct 16, 2015
daa8632
Merge branch 'sinzone-patch-1' into next
thibaultcha Oct 19, 2015
99d584d
docs(readme)
sonicaghi Oct 19, 2015
50382d4
fix(config/rockspec) add missing files and remove dnsmasq_port property
thibaultcha Oct 20, 2015
f2f84fd
Merge pull request #645 from Mashape/fix/config
thibaultcha Oct 20, 2015
34fd7d8
Merge branch 'sinzone-patch-1' into next
thibaultcha Oct 20, 2015
00e5e2b
Merge branch 'master' into next
thibaultcha Oct 21, 2015
fb22f93
chore(ci) bump Cassandra version
thibaultcha Oct 21, 2015
77fd7e1
Merge pull request #649 from Mashape/chore/bump-cassandra
thibaultcha Oct 21, 2015
5163571
Merge remote-tracking branch 'mybuilder/fix-oauth2-https-check' into …
thibaultcha Oct 21, 2015
635daf0
Merge branch 'hotfix/hmac-date' into next
thibaultcha Oct 21, 2015
2bf4def
Merge branch 'release/0.5.2' into next
thibaultcha Oct 22, 2015
7595850
Merge branch 'hotfix/path-search' into next
thibaultcha Oct 22, 2015
6df7bbd
docs(ldoc) better documentation for public Lua API
thibaultcha Oct 27, 2015
e029020
Merge pull request #657 from Mashape/docs/comments
thibaultcha Oct 27, 2015
7d5420d
fix: remove erroneous inspect statement
thibaultcha Oct 27, 2015
cccee8d
non constant digest comparision, wip
Oct 28, 2015
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ language: erlang

env:
global:
- CASSANDRA_VERSION=2.1.10
- CASSANDRA_VERSION=2.1.11
matrix:
- LUA=lua5.1

Expand Down
15 changes: 15 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,20 @@
## [Unreleased][unreleased]

### Added

- Added a `total` field in API responses, that counts the total number of entities in the table. [#635](https://github.com/Mashape/kong/pull/635)
- You can now specify a custom DNS resolver address that Kong will use when resolving hostnames. [#625](https://github.com/Mashape/kong/pull/635)

### Changed

- Removed the `dnsmasq_port` property, and introduced `dns_resolver` that also allows to specify a custom DNS server. [#625](https://github.com/Mashape/kong/pull/635)
- The `/status` endpoint now includes `database` statistics, while the previous stats have been moved to a `server` field. [#635](https://github.com/Mashape/kong/pull/635)
- Disabled access logs for `/status` endpoint

### Fixed

- In the API, the `next` link is not being displayed anymore if there are no more entities to return. [#635](https://github.com/Mashape/kong/pull/635)

## [0.5.2] - 2015/10/21

A few fixes requested by the community!
Expand Down
21 changes: 0 additions & 21 deletions config.ld

This file was deleted.

11 changes: 7 additions & 4 deletions kong-0.5.2-1.rockspec
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ dependencies = {

"uuid ~> 0.2-1",
"luatz ~> 0.3-1",
"yaml ~> 1.1.1-1",
"lapis ~> 1.1.0-1",
"yaml ~> 1.1.2-1",
"lapis ~> 1.3.0-1",
"stringy ~> 0.4-1",
"lua-cassandra ~> 0.3.6-0",
"multipart ~> 0.2-1",
Expand All @@ -27,8 +27,8 @@ dependencies = {
"lbase64 ~> 20120820-1",
"lua-resty-iputils ~> 0.2.0-1",

"luasocket ~> 2.0.2-5",
"lrexlib-pcre ~> 2.7.2-1",
"luasocket ~> 2.0.2-6",
"lrexlib-pcre ~> 2.8.0-1",
"lua-llthreads2 ~> 0.1.3-1",
"luacrypto >= 0.3.2-1"
}
Expand Down Expand Up @@ -70,6 +70,9 @@ build = {
["kong.tools.migrations"] = "kong/tools/migrations.lua",
["kong.tools.http_client"] = "kong/tools/http_client.lua",
["kong.tools.database_cache"] = "kong/tools/database_cache.lua",
["kong.tools.config_defaults"] = "kong/tools/config_defaults.lua",
["kong.tools.config_loader"] = "kong/tools/config_loader.lua",
["kong.tools.dao_loader"] = "kong/tools/dao_loader.lua",

["kong.resolver.handler"] = "kong/resolver/handler.lua",
["kong.resolver.access"] = "kong/resolver/access.lua",
Expand Down
199 changes: 137 additions & 62 deletions kong.yml
Original file line number Diff line number Diff line change
@@ -1,70 +1,144 @@
## Available plugins on this server
plugins_available:
- ssl
- jwt
- acl
- cors
- oauth2
- tcp-log
- udp-log
- file-log
- http-log
- key-auth
- hmac-auth
- basic-auth
- ip-restriction
- mashape-analytics
- request-transformer
- response-transformer
- request-size-limiting
- rate-limiting
- response-ratelimiting

## The Kong working directory
## (Make sure you have read and write permissions)
nginx_working_dir: /usr/local/kong/

## Port configuration
proxy_port: 8000
proxy_ssl_port: 8443
admin_api_port: 8001

## Secondary port configuration
dnsmasq_port: 8053

## Specify the DAO to use
database: cassandra

## Databases configuration
databases_available:
cassandra:
properties:
contact_points:
- "localhost:9042"
timeout: 1000
keyspace: kong
keepalive: 60000 # in milliseconds
# ssl: false
# ssl_verify: false
# ssl_certificate: "/path/to/cluster-ca-certificate.pem"
# user: cassandra
# password: cassandra

## Cassandra cache configuration
database_cache_expiration: 5 # in seconds

## SSL Settings
## (Uncomment the two properties below to set your own certificate)
######
## Kong configuration file. All commented values are default values.
## Uncomment and update a value to configure Kong to your needs.
##
## Lines starting with `##` are comments.
## Lines starting with `#` are properties that can be updated.
## Beware of YAML formatting for nested properties.

######
## Plugins that this node needs to execute.
## By default, Kong will try to execute all installed plugins on every request.
## If you are sure to only use a few plugins, uncomment and update this property to contain
## only those.
## Custom plugins also need to be added to this list.
# plugins_available:
# - ssl
# - jwt
# - ...

######
## The Kong working directory. Equivalent to nginx's prefix path.
## This is where this running nginx instance will keep server files including logs.
## Make sure it has the appropriate permissions.
# nginx_working_dir: /usr/local/kong/

######
## Port which Kong proxies HTTP requests through, consumers will make requests against this port
## so make sure it is publicly available.
# proxy_port: 8000

######
## Same as proxy_port, but for HTTPS requests.
# proxy_ssl_port: 8443

######
## Specify how Kong performs DNS resolution (in the `dns_resolvers_available` property) you want to use.
## Options are: "dnsmasq" (You will need dnsmasq to be installed) or "server".
# dns_resolver: dnsmasq

######
## DNS resolvers configuration. Specify a DNS server or the port on which you want
## dnsmasq to run.
# dns_resolvers_available:
# server:
# address: "8.8.8.8:53"
# dnsmasq:
# port: 8053

######
## Port on which the admin API will listen to. The admin API is a private API which lets you
## manage your Kong infrastructure. It needs to be secured appropriatly.
# admin_api_port: 8001

######
## Specify which database to use from the databases_available property.
# database: cassandra

######
## Databases configuration.
# databases_available:
# cassandra:
######
## Contact points to your Cassandra cluster.
# contact_points:
# - "localhost:9042"

# timeout: 1000

# keyspace: kong

######
## Time (in milliseconds) for which sockets will be keep alive.
## for being eventually re-used before being closed.
# keepalive: 60000

######
## Keyspace options. Set those before running Kong or any migration.
## Those settings will be used to create a keyspace with the desired options
## when first running the migrations.
## See http://docs.datastax.com/en/cql/3.1/cql/cql_reference/create_keyspace_r.html

######
## The name of the replica placement strategy class for the new keyspace.
## Can be "SimpleStrategy" or "NetworkTopologyStrategy".
# replication_strategy: SimpleStrategy

######
## For SimpleStrategy only.
## The number of replicas of data on multiple nodes.
# replication_factor: 1

######
## For NetworkTopologyStrategy only.
## The number of replicas of data on multiple nodes in each data center.
# data_centers:
# dc1: 2
# dc2: 3

######
## If true, will enable client-to-node encryption.
# ssl: false

######
## If true, will verify the SSL certificate in use.
## `ssl_certificate` must be provided.
# ssl_verify: false

######
## **Absolute path** to the certificate authority file for your cluster.
# ssl_certificate: "/path/to/cluster-ca-certificate.pem"

######
## If the cluster as authentication enabled, provide a user and a password here.
# user: cassandra
# password: cassandra

######
## Time (in seconds) for which entities from the database (APIs, plugins configurations...)
## are cached by Kong. Increase this value if you want to lower the number of requests made
## to your database.
# database_cache_expiration: 5

######
## SSL certificates to use.
# ssl_cert_path: /path/to/certificate.pem
# ssl_key_path: /path/to/certificate.key

## Sends anonymous error reports
send_anonymous_reports: true
######
## Sending anonymous error reports helps Kong developers to understand how it performs.
# send_anonymous_reports: true

## In-memory cache size (MB)
memory_cache_size: 128
######
## Size (in MB) of the Lua cache. This value may not be smaller than 32MB.
# memory_cache_size: 128

## Nginx configuration
######
## The nginx configuration file which allows Kong to run.
## The placeholders will be computed and this property will be written as a file
## by Kong at `<nginx_working_dir>/nginx.conf` during startup.
## This file can tweaked to some extent, but many directives are necessary for Kong to work.
## /!\ BE CAREFUL
nginx: |
worker_processes auto;
error_log logs/error.log error;
Expand Down Expand Up @@ -207,6 +281,7 @@ nginx: |

location /nginx_status {
internal;
access_log off;
stub_status;
}

Expand Down
30 changes: 22 additions & 8 deletions kong/api/crud_helpers.lua
Original file line number Diff line number Diff line change
Expand Up @@ -51,22 +51,36 @@ function _M.paginated_set(self, dao_collection)
return app_helpers.yield_error(err)
end

local total, err = dao_collection:count_by_keys(self.params)
if err then
return app_helpers.yield_error(err)
end

local next_url
if data.next_page then
next_url = self:build_url(self.req.parsed_url.path, {
port = self.req.parsed_url.port,
query = ngx.encode_args({
offset = ngx.encode_base64(data.next_page),
size = size
})
})
-- Parse next URL, if there are no elements then don't append it
local next_total, err = dao_collection:count_by_keys(self.params, data.next_page)
if err then
return app_helpers.yield_error(err)
end

if next_total > 0 then
next_url = self:build_url(self.req.parsed_url.path, {
port = self.req.parsed_url.port,
query = ngx.encode_args({
offset = ngx.encode_base64(data.next_page),
size = size
})
})
end

data.next_page = nil
end

-- This check is required otherwise the response is going to be a
-- JSON Object and not a JSON array. The reason is because an empty Lua array `{}`
-- will not be translated as an empty array by cjson, but as an empty object.
local result = #data == 0 and "{\"data\":[]}" or {data=data, ["next"]=next_url}
local result = #data == 0 and "{\"data\":[],\"total\":0}" or {data=data, ["next"]=next_url, total=total}

return responses.send_HTTP_OK(result, type(result) ~= "table")
end
Expand Down
16 changes: 15 additions & 1 deletion kong/api/routes/kong.lua
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,21 @@ return {
GET = function(self, dao, helpers)
local res = ngx.location.capture("/nginx_status")
if res.status == 200 then
return helpers.responses.send_HTTP_OK(route_helpers.parse_status(res.body))

local status_response = {
server = route_helpers.parse_status(res.body),
database = {}
}

for k, v in pairs(dao.daos) do
local count, err = v:count_by_keys()
if err then
return helpers.responses.send_HTTP_INTERNAL_SERVER_ERROR(err)
end
status_response.database[k] = count
end

return helpers.responses.send_HTTP_OK(status_response)
else
return helpers.responses.send_HTTP_INTERNAL_SERVER_ERROR(res.body)
end
Expand Down
Loading