Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

response-rewrite rewrite the response from apisix #2703

Closed
liuxiran opened this issue Nov 11, 2020 · 7 comments
Closed

response-rewrite rewrite the response from apisix #2703

liuxiran opened this issue Nov 11, 2020 · 7 comments
Labels
checking check first if this issue occurred

Comments

@liuxiran
Copy link
Contributor

Issue description

Environment

  • apisix version (cmd: apisix version): latest master branch
  • OS: Fedora32

Minimal test code / Steps to reproduce the issue

  1. Create a route, enable key-auth and response-rewrite plugins
$ curl http://127.0.0.1:9080/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X POST -d '{"uri": "/get","methods": ["GET"],"upstream": {"type": "roundrobin","nodes": {"httpbin.org:443": 1}},"plugins": {"proxy-rewrite": {"uri": "\/get","scheme": "https"},"key-auth": {},"response-rewrite": {"status_code": 200,"body": "{\"code\": 200, \"msg\": \"success\"}"}}}'
  1. Create a consumer, enable key-auth plugin with key:auth-one
$ curl http://127.0.0.1:9080/apisix/admin/consumers/2  -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT  -d '{"username": "jack","plugins": {"key-auth": {"key": "auth-one"}}}'
  1. Access the route /get with the right key
$ curl http://127.0.0.1:9080/get -H 'apikey:auth-one'
{"code": 200, "msg": "success"}
  1. Access the route /get without the key
$ curl http://127.0.0.1:9080/get
{"code": 200, "msg": "success"}

What's the expected result?

When perform step4, the request did not pass the authentication, and it should not be sent to upstream service, the expected result would be {"message":"Missing API key found in request"} returned by apisix.

@idbeta
Copy link
Contributor

idbeta commented Nov 11, 2020

I think it’s because of the priority of the plugins, response-rewrite is executed last.

@imjoey
Copy link
Member

imjoey commented Nov 11, 2020

@liuxiran @idbeta In this situation, we could interrupt the execution of the current request. Maybe calling ngx.exit(ngx.HTTP_UNAUTHORIZED) with a customize error message is a good choice.

@imjoey
Copy link
Member

imjoey commented Nov 11, 2020

I have the same issue. Here is the error log:

2020/11/11 16:12:42 [error] 79187#10158440: *778 attempt to set status 401 via ngx.exit after sending out the response status 200, client: 127.0.0.1, server: , request: "GET /get HTTP/1.1", host: "127.0.0.1:9080"

@juzhiyuan juzhiyuan added the checking check first if this issue occurred label Nov 11, 2020
@Miss-you
Copy link
Member

ngx.exit will interrupt the execution of the current request and return status code to Nginx.

image

However, if you execute ngx.exit during the access phase, it only interrupts the request processing phase, and the response phase will still process it, i.e. if you configure the response-rerite plugin, it will force overwriting of your response information (e.g. rsp code).

@imjoey
Copy link
Member

imjoey commented Nov 12, 2020

ngx.exit will interrupt the execution of the current request and return status code to Nginx.

image

However, if you execute ngx.exit during the access phase, it only interrupts the request processing phase, and the response phase will still process it, i.e. if you configure the response-rerite plugin, it will force overwriting of your response information (e.g. rsp code).

@Miss-you your explanation is lifesaving. Much appreciated.

@liuxiran
Copy link
Contributor Author

ngx.exit will interrupt the execution of the current request and return status code to Nginx.

image

However, if you execute ngx.exit during the access phase, it only interrupts the request processing phase, and the response phase will still process it, i.e. if you configure the response-rerite plugin, it will force overwriting of your response information (e.g. rsp code).

Thanks for your instructions @Miss-you , we will try to feedback to the issue you mentioned after further digestion.

So the above problem I think is not a bug, it may considered as an enhancement that response rewrite only rewrite the response comes from upstream.

@liuxiran liuxiran changed the title bug: response-rewrite rewrite the response from apisix response-rewrite rewrite the response from apisix Nov 12, 2020
@Miss-you
Copy link
Member

done
#2721

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
checking check first if this issue occurred
Projects
None yet
Development

No branches or pull requests

5 participants