Merge pull request #1457 from tkan145/batcher-policy-app_id

[3scale_batcher] Update regrex to match app_id with special characters
3scale · Apr 18, 2024 · 5beda44 · 5beda44
2 parents bc2922c + 7d54dfd
commit 5beda44
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Fixed
+
+- Fixed 3scale Batcher policy unable to handle `app_id`/`access_token` contains special characters [PR #1457](https://github.com/3scale/APIcast/pull/1457) [THREESCALE-10934](https://issues.redhat.com/browse/THREESCALE-10934)
+
 ## [3.15.0] 2024-04-04
 
 ### Fixed

diff --git a/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua b/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua
@@ -40,9 +40,9 @@ end
 
 local regexes_report_key = {
   [[service_id:(?<service_id>[\w-]+),user_key:(?<user_key>[\S-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\w-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\S-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),metric:(?<metric>[\S-]+)]],
 }
 
 function _M.key_for_cached_auth(transaction)

diff --git a/spec/policy/3scale_batcher/keys_helper_spec.lua b/spec/policy/3scale_batcher/keys_helper_spec.lua
@@ -1,6 +1,18 @@
 local keys_helper = require 'apicast.policy.3scale_batcher.keys_helper'
 local Usage = require 'apicast.usage'
 local Transaction = require 'apicast.policy.3scale_batcher.transaction'
+local JWT = require('resty.jwt')
+local rsa = require('fixtures.rsa')
+
+local access_token = setmetatable({
+  header = { typ = 'JWT', alg = 'RS256', kid = 'somekid' },
+  payload = {
+    iss = 'http://example.com/issuer',
+    sub = 'some',
+    aud = 'one',
+    exp = ngx.now() + 3600,
+  },
+}, { __tostring = function(jwt) return JWT:sign(rsa.private, jwt) end })
 
 describe('Keys Helper', function()
   describe('.key_for_cached_auth', function()
@@ -35,10 +47,10 @@ describe('Keys Helper', function()
       local report = keys_helper.report_from_key_batched_report(key)
       assert.same({ service_id = 's1', app_id = 'ai', app_key = 'ak', metric = 'm1' }, report)
 
-      -- special chars
-      key = 'service_id:s1,app_id:ai,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
+      -- app_key and app_id contain special chars
+      key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
       report = keys_helper.report_from_key_batched_report(key)
-      assert.same({ service_id = 's1', app_id = 'ai', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
+      assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
     end)
 
     it('returns a valid metric in case of special chars', function()
@@ -82,17 +94,22 @@ describe('Keys Helper', function()
     end)
 
     it('returns a report given a key of a batched report with access token', function()
-      local key = 'service_id:s1,access_token:at,metric:m1'
+      local key = 'service_id:s1,access_token:'..tostring(access_token)..',metric:m1'
 
       local report = keys_helper.report_from_key_batched_report(key)
-      assert.same({ service_id = 's1', access_token = 'at', metric = 'm1' }, report)
+      assert.same({ service_id = 's1', access_token = tostring(access_token), metric = 'm1' }, report)
     end)
 
     it('returns a report given a key of a batched report with app ID only', function()
       local key = 'service_id:s1,app_id:ai,metric:m1'
 
       local report = keys_helper.report_from_key_batched_report(key)
       assert.same({ service_id = 's1', app_id = 'ai', metric = 'm1'}, report)
+
+      -- special chars
+      key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,metric:m1'
+      report = keys_helper.report_from_key_batched_report(key)
+      assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', metric = 'm1'}, report)
     end)
 
     it('returns an error when key has no credentials', function()