From c4aebf1f3e904195886c4f690cfda7193839a5df Mon Sep 17 00:00:00 2001 From: ProBrian Date: Tue, 3 Dec 2024 11:41:06 +0800 Subject: [PATCH 01/20] use ngx header to avoid get_headers --- kong/pdk/service/response.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kong/pdk/service/response.lua b/kong/pdk/service/response.lua index 5a6621abf54..8f5a829f727 100644 --- a/kong/pdk/service/response.lua +++ b/kong/pdk/service/response.lua @@ -265,7 +265,12 @@ local function new(pdk, major_version) error("name must be a string", 2) end - local header_value = response.get_headers()[name] + local header_value + if not ngx.ctx.buffered_headers then + header_value = ngx.header[name] + else + header_value = response.get_headers()[name] + end if type(header_value) == "table" then return header_value[1] end From e5626cdcc2c6d93d925970346f14535492e510c8 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Tue, 3 Dec 2024 15:37:21 +0800 Subject: [PATCH 02/20] use ngx header to avoid get_headers for kong.response --- kong/pdk/response.lua | 3 ++- kong/pdk/service/response.lua | 7 +------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/kong/pdk/response.lua b/kong/pdk/response.lua index 844d5c7d139..33564b16eab 100644 --- a/kong/pdk/response.lua +++ b/kong/pdk/response.lua @@ -244,7 +244,8 @@ local function new(self, major_version) error("header name must be a string", 2) end - local header_value = _RESPONSE.get_headers()[name] + local header_value = ngx.header[name] + -- local header_value = _RESPONSE.get_headers()[name] if type(header_value) == "table" then return header_value[1] end diff --git a/kong/pdk/service/response.lua b/kong/pdk/service/response.lua index 8f5a829f727..5a6621abf54 100644 --- a/kong/pdk/service/response.lua +++ b/kong/pdk/service/response.lua @@ -265,12 +265,7 @@ local function new(pdk, major_version) error("name must be a string", 2) end - local header_value - if not ngx.ctx.buffered_headers then - header_value = ngx.header[name] - else - header_value = response.get_headers()[name] - end + local header_value = response.get_headers()[name] if type(header_value) == "table" then return header_value[1] end From 7c9ea30d5e152673179e712e62adc14be8a4ebeb Mon Sep 17 00:00:00 2001 From: ProBrian Date: Tue, 3 Dec 2024 16:50:20 +0800 Subject: [PATCH 03/20] use ctx to get single header in basic auth plugin --- kong/plugins/basic-auth/access.lua | 11 +++--- kong/plugins/bchen-hello/handler.lua | 55 ++++++++++++++++++++++++++++ kong/plugins/bchen-hello/schema.lua | 22 +++++++++++ 3 files changed, 83 insertions(+), 5 deletions(-) create mode 100644 kong/plugins/bchen-hello/handler.lua create mode 100644 kong/plugins/bchen-hello/schema.lua diff --git a/kong/plugins/basic-auth/access.lua b/kong/plugins/basic-auth/access.lua index d989738d5cb..45570e23436 100644 --- a/kong/plugins/basic-auth/access.lua +++ b/kong/plugins/basic-auth/access.lua @@ -28,9 +28,9 @@ local _M = {} -- @param {table} conf Plugin config -- @return {string} public_key -- @return {string} private_key -local function retrieve_credentials(header_name, conf) +local function retrieve_credentials(header_name, conf, ctx) local username, password - local authorization_header = kong.request.get_header(header_name) + local authorization_header = kong.request.get_header(header_name, ctx) if authorization_header then local iterator, iter_err = re_gmatch(authorization_header, "\\s*[Bb]asic\\s*(.+)", "oj") @@ -158,21 +158,22 @@ end local function do_authentication(conf) local www_authenticate = "Basic realm=\"" .. conf.realm .. "\"" + local ctx = {} -- If both headers are missing, return 401 - if not (kong.request.get_header("authorization") or kong.request.get_header("proxy-authorization")) then + if not (kong.request.get_header("authorization", ctx) or kong.request.get_header("proxy-authorization", ctx)) then return false, unauthorized("Unauthorized", www_authenticate) end local credential - local given_username, given_password = retrieve_credentials("proxy-authorization", conf) + local given_username, given_password = retrieve_credentials("proxy-authorization", conf, ctx) if given_username and given_password then credential = load_credential_from_db(given_username) end -- Try with the authorization header if not credential then - given_username, given_password = retrieve_credentials("authorization", conf) + given_username, given_password = retrieve_credentials("authorization", conf, ctx) if given_username and given_password then credential = load_credential_from_db(given_username) else diff --git a/kong/plugins/bchen-hello/handler.lua b/kong/plugins/bchen-hello/handler.lua new file mode 100644 index 00000000000..35341c41c6b --- /dev/null +++ b/kong/plugins/bchen-hello/handler.lua @@ -0,0 +1,55 @@ +-- This software is copyright Kong Inc. and its licensors. +-- Use of the software is subject to the agreement between your organization +-- and Kong Inc. If there is no such agreement, use is governed by and +-- subject to the terms of the Kong Master Software License Agreement found +-- at https://konghq.com/enterprisesoftwarelicense/. +-- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] +local get_header = require("kong.tools.http").get_header + +local MyPluginHandler = { + PRIORITY = 1000, + VERSION = "0.0.1", +} + +function MyPluginHandler:access() + local start = os.clock() + -- ngx.ctx.get_headers_patch = 0 + -- ngx.ctx.get_headers_patch_first = 0 + for i=1,2 do + local headers = ngx.req.get_headers() + -- ngx.req.set_header("foo", tostring(i)) + -- ngx.log(ngx.WARN, "bchen access", ngx.req.get_headers()["Content-Type"]) + -- local v = headers["Content-Type"] + end + local elapsed = (os.clock() - start) + + -- ngx.log(ngx.WARN, "bchen access", string.format(" elapsed time: %.10f, patch hit %d, first_patch %d\n", elapsed, ngx.ctx.get_headers_patch, ngx.ctx.get_headers_patch_first)) + + -- ngx.request.set_header("foo", "bar") +end + +function MyPluginHandler:response(conf) + + -- local content_type = kong.response.get_header("Content-Type") + kong.response.set_header("X-BChen-Plugin", "response") + local headers = kong.response.get_headers() + local headers2 = kong.service.response.get_headers() + local fmt = string.format + local string_tools = require "kong.tools.string" + local replace_dashes_lower = string_tools.replace_dashes_lower + ngx.log(ngx.WARN, "single: ", "multi-foo-r".." : "..tostring(kong.response.get_header("multi-foo-r"))) + + for k, v in pairs(headers) do + ngx.log(ngx.WARN, "resp header: ", k.." : "..tostring(v)) + local var = fmt("upstream_http_%s", replace_dashes_lower(k)) + if ngx.var[var] then + ngx.log(ngx.WARN, "upstream header: ", k) + end + end + for k, v in pairs(headers2) do + ngx.log(ngx.WARN, "service header: ", k.." : "..tostring(v)) + end +end + + +return MyPluginHandler \ No newline at end of file diff --git a/kong/plugins/bchen-hello/schema.lua b/kong/plugins/bchen-hello/schema.lua new file mode 100644 index 00000000000..7e5451efc72 --- /dev/null +++ b/kong/plugins/bchen-hello/schema.lua @@ -0,0 +1,22 @@ +-- This software is copyright Kong Inc. and its licensors. +-- Use of the software is subject to the agreement between your organization +-- and Kong Inc. If there is no such agreement, use is governed by and +-- subject to the terms of the Kong Master Software License Agreement found +-- at https://konghq.com/enterprisesoftwarelicense/. +-- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] + +local PLUGIN_NAME = "bchen-hello" + +local schema = { + name = PLUGIN_NAME, + fields = { + { config = { + type = "record", + fields = { + }, + }, + }, + }, +} + +return schema From ca171505fc5fc606fd28ae403669b34b30f3b30f Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 09:48:37 +0800 Subject: [PATCH 04/20] use ctx to get single header in basic auth plugin fix get_header param --- kong/pdk/request.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index fbd55a74194..ddca10cf65b 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -619,14 +619,14 @@ local function new(self) -- kong.request.get_header("Host") -- "foo.com" -- kong.request.get_header("x-custom-header") -- "bla" -- kong.request.get_header("X-Another") -- "foo bar" - function _REQUEST.get_header(name) + function _REQUEST.get_header(name, ctx) check_phase(PHASES.request) if type(name) ~= "string" then error("header name must be a string", 2) end - return http_get_header(name) + return http_get_header(name, ctx) end From e0dc602456271df2fca133fe13ecc586b505725d Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 10:12:35 +0800 Subject: [PATCH 05/20] patch read_body to reduce duplicate read_body for the same request --- kong/globalpatches.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kong/globalpatches.lua b/kong/globalpatches.lua index 61ca747fd4d..5b0712e071d 100644 --- a/kong/globalpatches.lua +++ b/kong/globalpatches.lua @@ -127,6 +127,7 @@ return function(options) local get_uri_args = ngx.req.get_uri_args local get_post_args = ngx.req.get_post_args local decode_args = ngx.decode_args + local read_req_body = ngx.req.read_body local DEFAULT_MAX_REQ_HEADERS = 100 local DEFAULT_MAX_RESP_HEADERS = 100 @@ -232,6 +233,15 @@ return function(options) return decode_args_real(str, max_args or MAX_DECODE_ARGS, ...) end -- ] + + -- READ REQUEST BODY [ + _G.ngx.req.read_body = function() + -- for the same request, only one `read_body` call is needed + if not ngx.ctx.body_read then + read_req_body() + ngx.ctx.body_read = true + end + end end end From 78cb953cb42e5586d79021a6528b22d868f23131 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 11:28:24 +0800 Subject: [PATCH 06/20] replace no ctx request.get_header in request-transformer by ngx.var.http_content_type --- kong/plugins/request-transformer/access.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index 9b3216a233e..cdbd713a0ee 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -8,7 +8,7 @@ local table_insert = table.insert local get_uri_args = kong.request.get_query local set_uri_args = kong.service.request.set_query local clear_header = kong.service.request.clear_header -local get_header = kong.request.get_header +-- local get_header = kong.request.get_header local set_header = kong.service.request.set_header local get_headers = kong.request.get_headers local set_headers = kong.service.request.set_headers @@ -422,7 +422,9 @@ local function transform_multipart_body(conf, body, content_length, content_type end local function transform_body(conf, template_env) - local content_type_value = get_header(CONTENT_TYPE) + -- local content_type_value = get_header(CONTENT_TYPE) + -- content-type is a builtin single value header, use var to fetch is faster. + local content_type_value = ngx.var.http_content_type local content_type = get_content_type(content_type_value) if content_type == nil or #conf.rename.body < 1 and #conf.remove.body < 1 and #conf.replace.body < 1 and @@ -456,7 +458,9 @@ local function transform_method(conf) if conf.http_method then set_method(conf.http_method:upper()) if conf.http_method == "GET" or conf.http_method == "HEAD" or conf.http_method == "TRACE" then - local content_type_value = get_header(CONTENT_TYPE) + -- local content_type_value = get_header(CONTENT_TYPE) + -- content-type is a builtin single value header, use var to fetch is faster. + local content_type_value = ngx.var.http_content_type local content_type = get_content_type(content_type_value) if content_type == ENCODED then -- Also put the body into querystring From e46dffbc0826257bd5563257c154726db85a6f96 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 11:40:35 +0800 Subject: [PATCH 07/20] localise ngx.var in request-transformer --- kong/plugins/request-transformer/access.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index cdbd713a0ee..80006542e2d 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -9,6 +9,7 @@ local get_uri_args = kong.request.get_query local set_uri_args = kong.service.request.set_query local clear_header = kong.service.request.clear_header -- local get_header = kong.request.get_header +local var = ngx.var local set_header = kong.service.request.set_header local get_headers = kong.request.get_headers local set_headers = kong.service.request.set_headers @@ -424,7 +425,7 @@ end local function transform_body(conf, template_env) -- local content_type_value = get_header(CONTENT_TYPE) -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = ngx.var.http_content_type + local content_type_value = var.http_content_type local content_type = get_content_type(content_type_value) if content_type == nil or #conf.rename.body < 1 and #conf.remove.body < 1 and #conf.replace.body < 1 and @@ -460,7 +461,7 @@ local function transform_method(conf) if conf.http_method == "GET" or conf.http_method == "HEAD" or conf.http_method == "TRACE" then -- local content_type_value = get_header(CONTENT_TYPE) -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = ngx.var.http_content_type + local content_type_value = var.http_content_type local content_type = get_content_type(content_type_value) if content_type == ENCODED then -- Also put the body into querystring From ec8abf255c61f4e9e7d435de4909ba58fad0670b Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 13:59:24 +0800 Subject: [PATCH 08/20] use ctx for some var in request pdk --- kong/pdk/request.lua | 8 ++++---- kong/runloop/handler.lua | 5 +++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index ddca10cf65b..cdcf1475803 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -98,7 +98,7 @@ local function new(self) function _REQUEST.get_scheme() check_phase(PHASES.request) - return var.scheme + return ngx.ctx.scheme or var.scheme end @@ -116,7 +116,7 @@ local function new(self) function _REQUEST.get_host() check_phase(PHASES.request) - return var.host + return ngx.ctx.host or var.host end @@ -437,7 +437,7 @@ local function new(self) function _REQUEST.get_raw_path() check_phase(PHASES.request) - local uri = var.request_uri or "" + local uri = ngx.ctx.request_uri or var.request_uri or "" local s = find(uri, "?", 2, true) return s and sub(uri, 1, s - 1) or uri end @@ -456,7 +456,7 @@ local function new(self) -- kong.request.get_path_with_query() -- "/v1/movies?movie=foo" function _REQUEST.get_path_with_query() check_phase(PHASES.request) - return var.request_uri or "" + return ngx.ctx.request_uri or var.request_uri or "" end diff --git a/kong/runloop/handler.lua b/kong/runloop/handler.lua index 37efc7f8bb7..9d6573917d0 100644 --- a/kong/runloop/handler.lua +++ b/kong/runloop/handler.lua @@ -1166,7 +1166,8 @@ return { ctx.scheme = var.scheme ctx.request_uri = var.request_uri - + ctx.host = var.host + -- trace router local span = instrumentation.router() -- create the balancer span "in advance" so its ID is available @@ -1208,7 +1209,7 @@ return { req_dyn_hook_run_hook("timing", "workspace_id:got", ctx.workspace) end - local host = var.host + local host = ctx.host local port = ctx.host_port or tonumber(var.server_port, 10) local route = match_t.route From 9c7520a1513db578e134f6cec2e976a56abe3179 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 4 Dec 2024 15:06:23 +0800 Subject: [PATCH 09/20] use request.get_header with ctx in proper plugins --- kong/plugins/aws-lambda/request-util.lua | 3 ++- kong/plugins/cors/handler.lua | 26 +++++++++++---------- kong/plugins/grpc-web/handler.lua | 5 ++-- kong/plugins/hmac-auth/access.lua | 29 +++++++++++++----------- kong/plugins/ldap-auth/access.lua | 5 ++-- kong/plugins/oauth2/access.lua | 3 ++- 6 files changed, 40 insertions(+), 31 deletions(-) diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua index 9e761afc195..67dd1f7abd2 100644 --- a/kong/plugins/aws-lambda/request-util.lua +++ b/kong/plugins/aws-lambda/request-util.lua @@ -294,7 +294,8 @@ local function build_request_payload(conf) end if conf.forward_request_body then - local content_type = kong.request.get_header("content-type") + -- local content_type = kong.request.get_header("content-type") + local content_type = upstream_body.request_headers["Content-Type"] or ngx.var.content_type local body_raw = read_request_body(conf.skip_large_bodies) local body_args, err = kong.request.get_body() if err and err:match("content type") then diff --git a/kong/plugins/cors/handler.lua b/kong/plugins/cors/handler.lua index 3d62be38818..4f2a023b87f 100644 --- a/kong/plugins/cors/handler.lua +++ b/kong/plugins/cors/handler.lua @@ -61,7 +61,7 @@ local function add_vary_header(header_filter) end end -local function configure_origin(conf, header_filter) +local function configure_origin(conf, header_filter, ctx) local n_origins = conf.origins ~= nil and #conf.origins or 0 local set_header = kong.response.set_header @@ -89,7 +89,7 @@ local function configure_origin(conf, header_filter) end end - local req_origin = kong.request.get_header("origin") + local req_origin = kong.request.get_header("origin", ctx) if req_origin then local cached_domains = config_cache[conf] if not cached_domains then @@ -167,7 +167,7 @@ local function configure_origin(conf, header_filter) end -local function configure_credentials(conf, allow_all, header_filter) +local function configure_credentials(conf, allow_all, header_filter, ctx) local set_header = kong.response.set_header if not conf.credentials then @@ -181,7 +181,7 @@ local function configure_credentials(conf, allow_all, header_filter) -- Access-Control-Allow-Origin is '*', must change it because ACAC cannot -- be 'true' if ACAO is '*'. - local req_origin = kong.request.get_header("origin") + local req_origin = kong.request.get_header("origin", ctx) if req_origin then add_vary_header(header_filter) set_header("Access-Control-Allow-Origin", req_origin) @@ -191,9 +191,10 @@ end function CorsHandler:access(conf) + local ctx = {} if kong.request.get_method() ~= "OPTIONS" - or not kong.request.get_header("Origin") - or not kong.request.get_header("Access-Control-Request-Method") + or not kong.request.get_header("Origin", ctx) + or not kong.request.get_header("Access-Control-Request-Method", ctx) then return end @@ -207,8 +208,8 @@ function CorsHandler:access(conf) return end - local allow_all = configure_origin(conf, false) - configure_credentials(conf, allow_all, false) + local allow_all = configure_origin(conf, false, ctx) + configure_credentials(conf, allow_all, false, ctx) local set_header = kong.response.set_header @@ -216,7 +217,7 @@ function CorsHandler:access(conf) set_header("Access-Control-Allow-Headers", concat(conf.headers, ",")) else - local acrh = kong.request.get_header("Access-Control-Request-Headers") + local acrh = kong.request.get_header("Access-Control-Request-Headers", ctx) if acrh then set_header("Access-Control-Allow-Headers", acrh) else @@ -234,7 +235,7 @@ function CorsHandler:access(conf) end if conf.private_network and - kong.request.get_header("Access-Control-Request-Private-Network") == 'true' then + kong.request.get_header("Access-Control-Request-Private-Network", ctx) == 'true' then set_header("Access-Control-Allow-Private-Network", 'true') end @@ -247,8 +248,9 @@ function CorsHandler:header_filter(conf) return end - local allow_all = configure_origin(conf, true) - configure_credentials(conf, allow_all, true) + local ctx = {} + local allow_all = configure_origin(conf, true, ctx) + configure_credentials(conf, allow_all, true, ctx) if conf.exposed_headers and #conf.exposed_headers > 0 then kong.response.set_header("Access-Control-Expose-Headers", diff --git a/kong/plugins/grpc-web/handler.lua b/kong/plugins/grpc-web/handler.lua index 8159fb5c196..ce6ec660a41 100644 --- a/kong/plugins/grpc-web/handler.lua +++ b/kong/plugins/grpc-web/handler.lua @@ -12,7 +12,7 @@ local ngx_arg = ngx.arg local ngx_var = ngx.var local kong_request_get_path = kong.request.get_path -local kong_request_get_header = kong.request.get_header +-- local kong_request_get_header = kong.request.get_header local kong_request_get_method = kong.request.get_method local kong_request_get_raw_body = kong.request.get_raw_body local kong_response_exit = kong.response.exit @@ -51,7 +51,8 @@ function grpc_web:access(conf) end local dec, err = deco.new( - kong_request_get_header("Content-Type"), + -- kong_request_get_header("Content-Type"), + ngx.var.http_content_type, uri, conf.proto) if not dec then diff --git a/kong/plugins/hmac-auth/access.lua b/kong/plugins/hmac-auth/access.lua index e3a2828ddf6..e8acb4381d5 100644 --- a/kong/plugins/hmac-auth/access.lua +++ b/kong/plugins/hmac-auth/access.lua @@ -127,14 +127,14 @@ end -- plugin assumes the request parameters being used for creating -- signature by client are not changed by core or any other plugin -local function create_hash(request_uri, hmac_params) +local function create_hash(request_uri, hmac_params, ctx) local signing_string = "" local hmac_headers = hmac_params.hmac_headers local count = #hmac_headers for i = 1, count do local header = hmac_headers[i] - local header_value = kong.request.get_header(header) + local header_value = kong.request.get_header(header, ctx) if not header_value then if header == "@request-target" then @@ -166,8 +166,8 @@ local function create_hash(request_uri, hmac_params) end -local function validate_signature(hmac_params) - local signature_1 = create_hash(kong_request.get_path_with_query(), hmac_params) +local function validate_signature(hmac_params, ctx) + local signature_1 = create_hash(kong_request.get_path_with_query(), hmac_params, ctx) local signature_2 = decode_base64(hmac_params.signature) return signature_1 == signature_2 end @@ -199,8 +199,8 @@ local function load_credential(username) end -local function validate_clock_skew(date_header_name, allowed_clock_skew) - local date = kong_request.get_header(date_header_name) +local function validate_clock_skew(date_header_name, allowed_clock_skew, ctx) + local date = kong_request.get_header(date_header_name, ctx) if not date then return false end @@ -219,14 +219,14 @@ local function validate_clock_skew(date_header_name, allowed_clock_skew) end -local function validate_body() +local function validate_body(ctx) local body, err = kong_request.get_raw_body() if err then kong.log.debug(err) return false end - local digest_received = kong_request.get_header(DIGEST) + local digest_received = kong_request.get_header(DIGEST, ctx) if not digest_received then -- if there is no digest and no body, it is ok return body == "" @@ -281,8 +281,9 @@ end local function do_authentication(conf) - local authorization = kong_request.get_header(AUTHORIZATION) - local proxy_authorization = kong_request.get_header(PROXY_AUTHORIZATION) + local ctx = {} + local authorization = kong_request.get_header(AUTHORIZATION, ctx) + local proxy_authorization = kong_request.get_header(PROXY_AUTHORIZATION, ctx) local www_auth_content = conf.realm and fmt('hmac realm="%s"', conf.realm) or 'hmac' -- If both headers are missing, return 401 @@ -291,8 +292,8 @@ local function do_authentication(conf) end -- validate clock skew - if not (validate_clock_skew(X_DATE, conf.clock_skew) or - validate_clock_skew(DATE, conf.clock_skew)) then + if not (validate_clock_skew(X_DATE, conf.clock_skew, ctx) or + validate_clock_skew(DATE, conf.clock_skew, ctx)) then return false, unauthorized( "HMAC signature cannot be verified, a valid date or " .. "x-date header is required for HMAC Authentication", @@ -329,7 +330,9 @@ local function do_authentication(conf) hmac_params.secret = credential.secret - if not validate_signature(hmac_params) then + -- since there are `clear_header` call before, we reset ctx, to get fresh headers + ctx = {} + if not validate_signature(hmac_params, ctx) then return false, unauthorized(SIGNATURE_NOT_SAME, www_auth_content) end diff --git a/kong/plugins/ldap-auth/access.lua b/kong/plugins/ldap-auth/access.lua index a2b5db0817b..824aace960e 100644 --- a/kong/plugins/ldap-auth/access.lua +++ b/kong/plugins/ldap-auth/access.lua @@ -241,8 +241,9 @@ local function unauthorized(message, authorization_scheme) end local function do_authentication(conf) - local authorization_value = kong.request.get_header(AUTHORIZATION) - local proxy_authorization_value = kong.request.get_header(PROXY_AUTHORIZATION) + local ctx = {} + local authorization_value = kong.request.get_header(AUTHORIZATION, ctx) + local proxy_authorization_value = kong.request.get_header(PROXY_AUTHORIZATION, ctx) local scheme = conf.header_type if scheme == "ldap" then diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 04eecf657f2..8d2565a7a40 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -877,7 +877,8 @@ local function parse_access_token(conf) parameters[ACCESS_TOKEN] = nil kong.service.request.set_query(parameters) - local content_type = kong.request.get_header("content-type") + -- local content_type = kong.request.get_header("content-type") + local content_type = ngx.var.http_content_type local is_form_post = content_type and string_find(content_type, "application/x-www-form-urlencoded", 1, true) From f4ce86a188e10eb86dd2f73c1aca147b30d8c7ea Mon Sep 17 00:00:00 2001 From: ProBrian Date: Thu, 5 Dec 2024 16:30:12 +0800 Subject: [PATCH 10/20] use input param to reduce ctx read in get_body, and one more http_content_type replacement --- kong/pdk/request.lua | 3 +-- kong/pdk/service/response.lua | 14 ++++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index cdcf1475803..b538490bea6 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -820,8 +820,7 @@ local function new(self) -- body.age -- "42" function _REQUEST.get_body(mimetype, max_args, max_allowed_file_size) check_phase(before_content) - - local content_type = mimetype or _REQUEST.get_header(CONTENT_TYPE) + local content_type = mimetype or ngx.var.http_content_type if not content_type then return nil, "missing content type" end diff --git a/kong/pdk/service/response.lua b/kong/pdk/service/response.lua index 5a6621abf54..3161041c0e9 100644 --- a/kong/pdk/service/response.lua +++ b/kong/pdk/service/response.lua @@ -285,10 +285,11 @@ local function new(pdk, major_version) -- -- or `access` phase prior calling this function. -- -- local body = kong.service.response.get_raw_body() - function response.get_raw_body() + function response.get_raw_body(buffered_proxying) check_phase(header_body_log) local ctx = ngx.ctx - if not ctx.buffered_proxying then + local buffered = buffered_proxying or ctx.buffered_proxying + if not buffered then error("service body is only available with buffered proxying " .. "(see: kong.service.request.enable_buffering function)", 2) end @@ -313,7 +314,8 @@ local function new(pdk, major_version) -- local body = kong.service.response.get_body() function response.get_body(mimetype, max_args) check_phase(header_body_log) - if not ngx.ctx.buffered_proxying then + local bufferred_proxying = ngx.ctx.buffered_proxying + if not bufferred_proxying then error("service body is only available with buffered proxying " .. "(see: kong.service.request.enable_buffering function)", 2) end @@ -344,7 +346,7 @@ local function new(pdk, major_version) end end - local body = response.get_raw_body() + local body = response.get_raw_body(bufferred_proxying) local pargs, err = ngx.decode_args(body, max_args or MAX_POST_ARGS_DEFAULT) if not pargs then return nil, err, CONTENT_TYPE_POST @@ -353,7 +355,7 @@ local function new(pdk, major_version) return pargs, nil, CONTENT_TYPE_POST elseif find(content_type_lower, CONTENT_TYPE_JSON, 1, true) == 1 then - local body = response.get_raw_body() + local body = response.get_raw_body(bufferred_proxying) local json = cjson.decode_with_array_mt(body) if type(json) ~= "table" then return nil, "invalid json body", CONTENT_TYPE_JSON @@ -362,7 +364,7 @@ local function new(pdk, major_version) return json, nil, CONTENT_TYPE_JSON elseif find(content_type_lower, CONTENT_TYPE_FORM_DATA, 1, true) == 1 then - local body = response.get_raw_body() + local body = response.get_raw_body(bufferred_proxying) local parts = multipart(body, content_type) if not parts then From bcdc5381cc721e33c9a2dce93aa3ff4c6f83f428 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Thu, 5 Dec 2024 17:29:01 +0800 Subject: [PATCH 11/20] use single header get in service.request.set_body --- kong/pdk/service/request.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kong/pdk/service/request.lua b/kong/pdk/service/request.lua index f583d390fa1..2ee665c5462 100644 --- a/kong/pdk/service/request.lua +++ b/kong/pdk/service/request.lua @@ -653,7 +653,8 @@ local function new(self) error("mime must be a string", 2) end if not mime then - mime = ngx.req.get_headers()[CONTENT_TYPE] + -- mime = ngx.req.get_headers()[CONTENT_TYPE] + mime = ngx_var.http_content_type if not mime then return nil, "content type was neither explicitly given " .. "as an argument or received as a header" From 40f7218d86596a9392248d971de586cb21b98f5a Mon Sep 17 00:00:00 2001 From: ProBrian Date: Thu, 5 Dec 2024 20:59:28 +0800 Subject: [PATCH 12/20] fix aws plugin and get header test cases --- kong/plugins/aws-lambda/request-util.lua | 2 +- kong/plugins/bchen-hello/handler.lua | 55 ------------------------ kong/plugins/bchen-hello/schema.lua | 22 ---------- t/01-pdk/08-response/02-get_header.t | 4 +- 4 files changed, 3 insertions(+), 80 deletions(-) delete mode 100644 kong/plugins/bchen-hello/handler.lua delete mode 100644 kong/plugins/bchen-hello/schema.lua diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua index 67dd1f7abd2..053299efff2 100644 --- a/kong/plugins/aws-lambda/request-util.lua +++ b/kong/plugins/aws-lambda/request-util.lua @@ -295,7 +295,7 @@ local function build_request_payload(conf) if conf.forward_request_body then -- local content_type = kong.request.get_header("content-type") - local content_type = upstream_body.request_headers["Content-Type"] or ngx.var.content_type + local content_type = ngx.var.http_content_type local body_raw = read_request_body(conf.skip_large_bodies) local body_args, err = kong.request.get_body() if err and err:match("content type") then diff --git a/kong/plugins/bchen-hello/handler.lua b/kong/plugins/bchen-hello/handler.lua deleted file mode 100644 index 35341c41c6b..00000000000 --- a/kong/plugins/bchen-hello/handler.lua +++ /dev/null @@ -1,55 +0,0 @@ --- This software is copyright Kong Inc. and its licensors. --- Use of the software is subject to the agreement between your organization --- and Kong Inc. If there is no such agreement, use is governed by and --- subject to the terms of the Kong Master Software License Agreement found --- at https://konghq.com/enterprisesoftwarelicense/. --- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] -local get_header = require("kong.tools.http").get_header - -local MyPluginHandler = { - PRIORITY = 1000, - VERSION = "0.0.1", -} - -function MyPluginHandler:access() - local start = os.clock() - -- ngx.ctx.get_headers_patch = 0 - -- ngx.ctx.get_headers_patch_first = 0 - for i=1,2 do - local headers = ngx.req.get_headers() - -- ngx.req.set_header("foo", tostring(i)) - -- ngx.log(ngx.WARN, "bchen access", ngx.req.get_headers()["Content-Type"]) - -- local v = headers["Content-Type"] - end - local elapsed = (os.clock() - start) - - -- ngx.log(ngx.WARN, "bchen access", string.format(" elapsed time: %.10f, patch hit %d, first_patch %d\n", elapsed, ngx.ctx.get_headers_patch, ngx.ctx.get_headers_patch_first)) - - -- ngx.request.set_header("foo", "bar") -end - -function MyPluginHandler:response(conf) - - -- local content_type = kong.response.get_header("Content-Type") - kong.response.set_header("X-BChen-Plugin", "response") - local headers = kong.response.get_headers() - local headers2 = kong.service.response.get_headers() - local fmt = string.format - local string_tools = require "kong.tools.string" - local replace_dashes_lower = string_tools.replace_dashes_lower - ngx.log(ngx.WARN, "single: ", "multi-foo-r".." : "..tostring(kong.response.get_header("multi-foo-r"))) - - for k, v in pairs(headers) do - ngx.log(ngx.WARN, "resp header: ", k.." : "..tostring(v)) - local var = fmt("upstream_http_%s", replace_dashes_lower(k)) - if ngx.var[var] then - ngx.log(ngx.WARN, "upstream header: ", k) - end - end - for k, v in pairs(headers2) do - ngx.log(ngx.WARN, "service header: ", k.." : "..tostring(v)) - end -end - - -return MyPluginHandler \ No newline at end of file diff --git a/kong/plugins/bchen-hello/schema.lua b/kong/plugins/bchen-hello/schema.lua deleted file mode 100644 index 7e5451efc72..00000000000 --- a/kong/plugins/bchen-hello/schema.lua +++ /dev/null @@ -1,22 +0,0 @@ --- This software is copyright Kong Inc. and its licensors. --- Use of the software is subject to the agreement between your organization --- and Kong Inc. If there is no such agreement, use is governed by and --- subject to the terms of the Kong Master Software License Agreement found --- at https://konghq.com/enterprisesoftwarelicense/. --- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] - -local PLUGIN_NAME = "bchen-hello" - -local schema = { - name = PLUGIN_NAME, - fields = { - { config = { - type = "record", - fields = { - }, - }, - }, - }, -} - -return schema diff --git a/t/01-pdk/08-response/02-get_header.t b/t/01-pdk/08-response/02-get_header.t index fd565ec4d7a..378e1f9cdbe 100644 --- a/t/01-pdk/08-response/02-get_header.t +++ b/t/01-pdk/08-response/02-get_header.t @@ -116,7 +116,7 @@ X-Missing: nil -=== TEST 4: response.get_header() returns nil when response header does not fit in default max_headers +=== TEST 4: response.get_header() returns existing header will not by limited by get_headers() default max_headers configuration --- http_config eval: $t::Util::HttpConfig --- config location = /t { @@ -145,7 +145,7 @@ X-Missing: nil --- request GET /t --- response_body chop -accept header value: nil +accept header value: string --- no_error_log [error] From 71e2a6262dbb35f10b2d973830eec68ec260ec0a Mon Sep 17 00:00:00 2001 From: ProBrian Date: Fri, 13 Dec 2024 10:49:13 +0800 Subject: [PATCH 13/20] refine annotatios --- kong/pdk/response.lua | 1 - kong/pdk/service/request.lua | 1 - kong/plugins/aws-lambda/request-util.lua | 1 - kong/plugins/bchen-hello/handler.lua | 54 +++++++++++++++++++++ kong/plugins/bchen-hello/schema.lua | 22 +++++++++ kong/plugins/grpc-web/handler.lua | 2 - kong/plugins/hmac-auth/access.lua | 11 ++--- kong/plugins/oauth2/access.lua | 1 - kong/plugins/request-transformer/access.lua | 3 -- t/01-pdk/08-response/02-get_header.t | 2 +- 10 files changed, 82 insertions(+), 16 deletions(-) create mode 100644 kong/plugins/bchen-hello/handler.lua create mode 100644 kong/plugins/bchen-hello/schema.lua diff --git a/kong/pdk/response.lua b/kong/pdk/response.lua index 33564b16eab..bb6bee29fc6 100644 --- a/kong/pdk/response.lua +++ b/kong/pdk/response.lua @@ -245,7 +245,6 @@ local function new(self, major_version) end local header_value = ngx.header[name] - -- local header_value = _RESPONSE.get_headers()[name] if type(header_value) == "table" then return header_value[1] end diff --git a/kong/pdk/service/request.lua b/kong/pdk/service/request.lua index 2ee665c5462..9c01c237bc1 100644 --- a/kong/pdk/service/request.lua +++ b/kong/pdk/service/request.lua @@ -653,7 +653,6 @@ local function new(self) error("mime must be a string", 2) end if not mime then - -- mime = ngx.req.get_headers()[CONTENT_TYPE] mime = ngx_var.http_content_type if not mime then return nil, "content type was neither explicitly given " .. diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua index 053299efff2..fe59f786c98 100644 --- a/kong/plugins/aws-lambda/request-util.lua +++ b/kong/plugins/aws-lambda/request-util.lua @@ -294,7 +294,6 @@ local function build_request_payload(conf) end if conf.forward_request_body then - -- local content_type = kong.request.get_header("content-type") local content_type = ngx.var.http_content_type local body_raw = read_request_body(conf.skip_large_bodies) local body_args, err = kong.request.get_body() diff --git a/kong/plugins/bchen-hello/handler.lua b/kong/plugins/bchen-hello/handler.lua new file mode 100644 index 00000000000..96ac24892a9 --- /dev/null +++ b/kong/plugins/bchen-hello/handler.lua @@ -0,0 +1,54 @@ +-- This software is copyright Kong Inc. and its licensors. +-- Use of the software is subject to the agreement between your organization +-- and Kong Inc. If there is no such agreement, use is governed by and +-- subject to the terms of the Kong Master Software License Agreement found +-- at https://konghq.com/enterprisesoftwarelicense/. +-- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] +local get_header = require("kong.tools.http").get_header + +local MyPluginHandler = { + PRIORITY = 1000, + VERSION = "0.0.1", +} + +function MyPluginHandler:access() + -- ngx.ctx.get_headers_patch = 0 + local start = os.clock() + for i=1,10 do + local headers = ngx.req.get_headers() + -- ngx.req.set_header("foo", tostring(i)) + -- ngx.log(ngx.WARN, "bchen access", ngx.req.get_headers()["Content-Type"]) + -- local v = headers["Content-Type"] + end + local elapsed = (os.clock() - start) + + ngx.log(ngx.WARN, "bchen access", string.format(" elapsed time: %.10f, %d\n", elapsed, 1)) + + -- ngx.request.set_header("foo", "bar") +end + +function MyPluginHandler:response(conf) + + -- local content_type = kong.response.get_header("Content-Type") + kong.response.set_header("X-BChen-Plugin", "response") + local headers = kong.response.get_headers() + local headers2 = kong.service.response.get_headers() + local fmt = string.format + local string_tools = require "kong.tools.string" + local replace_dashes_lower = string_tools.replace_dashes_lower +-- ngx.log(ngx.WARN, "single: ", "multi-foo-r".." : "..tostring(kong.response.get_header("multi-foo-r"))) + +-- for k, v in pairs(headers) do +-- ngx.log(ngx.WARN, "resp header: ", k.." : "..tostring(v)) +-- local var = fmt("upstream_http_%s", replace_dashes_lower(k)) +-- if ngx.var[var] then +-- ngx.log(ngx.WARN, "upstream header: ", k) +-- end +-- end +-- for k, v in pairs(headers2) do +-- ngx.log(ngx.WARN, "service header: ", k.." : "..tostring(v)) +-- end +end + + +return MyPluginHandler diff --git a/kong/plugins/bchen-hello/schema.lua b/kong/plugins/bchen-hello/schema.lua new file mode 100644 index 00000000000..7e5451efc72 --- /dev/null +++ b/kong/plugins/bchen-hello/schema.lua @@ -0,0 +1,22 @@ +-- This software is copyright Kong Inc. and its licensors. +-- Use of the software is subject to the agreement between your organization +-- and Kong Inc. If there is no such agreement, use is governed by and +-- subject to the terms of the Kong Master Software License Agreement found +-- at https://konghq.com/enterprisesoftwarelicense/. +-- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] + +local PLUGIN_NAME = "bchen-hello" + +local schema = { + name = PLUGIN_NAME, + fields = { + { config = { + type = "record", + fields = { + }, + }, + }, + }, +} + +return schema diff --git a/kong/plugins/grpc-web/handler.lua b/kong/plugins/grpc-web/handler.lua index ce6ec660a41..437f92f119a 100644 --- a/kong/plugins/grpc-web/handler.lua +++ b/kong/plugins/grpc-web/handler.lua @@ -12,7 +12,6 @@ local ngx_arg = ngx.arg local ngx_var = ngx.var local kong_request_get_path = kong.request.get_path --- local kong_request_get_header = kong.request.get_header local kong_request_get_method = kong.request.get_method local kong_request_get_raw_body = kong.request.get_raw_body local kong_response_exit = kong.response.exit @@ -51,7 +50,6 @@ function grpc_web:access(conf) end local dec, err = deco.new( - -- kong_request_get_header("Content-Type"), ngx.var.http_content_type, uri, conf.proto) diff --git a/kong/plugins/hmac-auth/access.lua b/kong/plugins/hmac-auth/access.lua index e8acb4381d5..cd4acaedbbc 100644 --- a/kong/plugins/hmac-auth/access.lua +++ b/kong/plugins/hmac-auth/access.lua @@ -127,11 +127,12 @@ end -- plugin assumes the request parameters being used for creating -- signature by client are not changed by core or any other plugin -local function create_hash(request_uri, hmac_params, ctx) +local function create_hash(request_uri, hmac_params) local signing_string = "" local hmac_headers = hmac_params.hmac_headers local count = #hmac_headers + local ctx = {} for i = 1, count do local header = hmac_headers[i] local header_value = kong.request.get_header(header, ctx) @@ -166,8 +167,8 @@ local function create_hash(request_uri, hmac_params, ctx) end -local function validate_signature(hmac_params, ctx) - local signature_1 = create_hash(kong_request.get_path_with_query(), hmac_params, ctx) +local function validate_signature(hmac_params) + local signature_1 = create_hash(kong_request.get_path_with_query(), hmac_params) local signature_2 = decode_base64(hmac_params.signature) return signature_1 == signature_2 end @@ -330,9 +331,7 @@ local function do_authentication(conf) hmac_params.secret = credential.secret - -- since there are `clear_header` call before, we reset ctx, to get fresh headers - ctx = {} - if not validate_signature(hmac_params, ctx) then + if not validate_signature(hmac_params) then return false, unauthorized(SIGNATURE_NOT_SAME, www_auth_content) end diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 8d2565a7a40..8b1dcb5ea95 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -877,7 +877,6 @@ local function parse_access_token(conf) parameters[ACCESS_TOKEN] = nil kong.service.request.set_query(parameters) - -- local content_type = kong.request.get_header("content-type") local content_type = ngx.var.http_content_type local is_form_post = content_type and string_find(content_type, "application/x-www-form-urlencoded", 1, true) diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index 80006542e2d..dc47278ae1e 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -8,7 +8,6 @@ local table_insert = table.insert local get_uri_args = kong.request.get_query local set_uri_args = kong.service.request.set_query local clear_header = kong.service.request.clear_header --- local get_header = kong.request.get_header local var = ngx.var local set_header = kong.service.request.set_header local get_headers = kong.request.get_headers @@ -423,7 +422,6 @@ local function transform_multipart_body(conf, body, content_length, content_type end local function transform_body(conf, template_env) - -- local content_type_value = get_header(CONTENT_TYPE) -- content-type is a builtin single value header, use var to fetch is faster. local content_type_value = var.http_content_type local content_type = get_content_type(content_type_value) @@ -459,7 +457,6 @@ local function transform_method(conf) if conf.http_method then set_method(conf.http_method:upper()) if conf.http_method == "GET" or conf.http_method == "HEAD" or conf.http_method == "TRACE" then - -- local content_type_value = get_header(CONTENT_TYPE) -- content-type is a builtin single value header, use var to fetch is faster. local content_type_value = var.http_content_type local content_type = get_content_type(content_type_value) diff --git a/t/01-pdk/08-response/02-get_header.t b/t/01-pdk/08-response/02-get_header.t index 378e1f9cdbe..c6bec909981 100644 --- a/t/01-pdk/08-response/02-get_header.t +++ b/t/01-pdk/08-response/02-get_header.t @@ -116,7 +116,7 @@ X-Missing: nil -=== TEST 4: response.get_header() returns existing header will not by limited by get_headers() default max_headers configuration +=== TEST 4: response.get_header() returns existing header will not limited by get_headers() default max_headers configuration --- http_config eval: $t::Util::HttpConfig --- config location = /t { From d5c781bfdc2c9aac7d092b7ff7a919fa8257c4c0 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Fri, 13 Dec 2024 11:28:16 +0800 Subject: [PATCH 14/20] remove custom plugin for test --- kong/pdk/request.lua | 2 -- kong/plugins/bchen-hello/handler.lua | 54 ---------------------------- kong/plugins/bchen-hello/schema.lua | 22 ------------ 3 files changed, 78 deletions(-) delete mode 100644 kong/plugins/bchen-hello/handler.lua delete mode 100644 kong/plugins/bchen-hello/schema.lua diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index b538490bea6..c96449f8146 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -61,8 +61,6 @@ local function new(self) local MIN_PORT = 1 local MAX_PORT = 65535 - local CONTENT_TYPE = "Content-Type" - local CONTENT_TYPE_POST = "application/x-www-form-urlencoded" local CONTENT_TYPE_JSON = "application/json" local CONTENT_TYPE_FORM_DATA = "multipart/form-data" diff --git a/kong/plugins/bchen-hello/handler.lua b/kong/plugins/bchen-hello/handler.lua deleted file mode 100644 index 96ac24892a9..00000000000 --- a/kong/plugins/bchen-hello/handler.lua +++ /dev/null @@ -1,54 +0,0 @@ --- This software is copyright Kong Inc. and its licensors. --- Use of the software is subject to the agreement between your organization --- and Kong Inc. If there is no such agreement, use is governed by and --- subject to the terms of the Kong Master Software License Agreement found --- at https://konghq.com/enterprisesoftwarelicense/. --- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] -local get_header = require("kong.tools.http").get_header - -local MyPluginHandler = { - PRIORITY = 1000, - VERSION = "0.0.1", -} - -function MyPluginHandler:access() - -- ngx.ctx.get_headers_patch = 0 - local start = os.clock() - for i=1,10 do - local headers = ngx.req.get_headers() - -- ngx.req.set_header("foo", tostring(i)) - -- ngx.log(ngx.WARN, "bchen access", ngx.req.get_headers()["Content-Type"]) - -- local v = headers["Content-Type"] - end - local elapsed = (os.clock() - start) - - ngx.log(ngx.WARN, "bchen access", string.format(" elapsed time: %.10f, %d\n", elapsed, 1)) - - -- ngx.request.set_header("foo", "bar") -end - -function MyPluginHandler:response(conf) - - -- local content_type = kong.response.get_header("Content-Type") - kong.response.set_header("X-BChen-Plugin", "response") - local headers = kong.response.get_headers() - local headers2 = kong.service.response.get_headers() - local fmt = string.format - local string_tools = require "kong.tools.string" - local replace_dashes_lower = string_tools.replace_dashes_lower --- ngx.log(ngx.WARN, "single: ", "multi-foo-r".." : "..tostring(kong.response.get_header("multi-foo-r"))) - --- for k, v in pairs(headers) do --- ngx.log(ngx.WARN, "resp header: ", k.." : "..tostring(v)) --- local var = fmt("upstream_http_%s", replace_dashes_lower(k)) --- if ngx.var[var] then --- ngx.log(ngx.WARN, "upstream header: ", k) --- end --- end --- for k, v in pairs(headers2) do --- ngx.log(ngx.WARN, "service header: ", k.." : "..tostring(v)) --- end -end - - -return MyPluginHandler diff --git a/kong/plugins/bchen-hello/schema.lua b/kong/plugins/bchen-hello/schema.lua deleted file mode 100644 index 7e5451efc72..00000000000 --- a/kong/plugins/bchen-hello/schema.lua +++ /dev/null @@ -1,22 +0,0 @@ --- This software is copyright Kong Inc. and its licensors. --- Use of the software is subject to the agreement between your organization --- and Kong Inc. If there is no such agreement, use is governed by and --- subject to the terms of the Kong Master Software License Agreement found --- at https://konghq.com/enterprisesoftwarelicense/. --- [ END OF LICENSE 0867164ffc95e54f04670b5169c09574bdbd9bba ] - -local PLUGIN_NAME = "bchen-hello" - -local schema = { - name = PLUGIN_NAME, - fields = { - { config = { - type = "record", - fields = { - }, - }, - }, - }, -} - -return schema From a64667b1fb882432783e758752d5a3fc54d74228 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Mon, 16 Dec 2024 09:41:56 +0800 Subject: [PATCH 15/20] remove unused constant --- kong/plugins/request-transformer/access.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index dc47278ae1e..9ab374841f5 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -31,7 +31,6 @@ local template_cache = setmetatable( {}, { __mode = "k" }) local DEBUG = ngx.DEBUG local CONTENT_LENGTH = "content-length" -local CONTENT_TYPE = "content-type" local HOST = "host" local JSON, MULTI, ENCODED = "json", "multi_part", "form_encoded" local EMPTY = require("kong.tools.table").EMPTY From f140e0157b37438a217fa0a1592f681ddf4fa23c Mon Sep 17 00:00:00 2001 From: ProBrian Date: Tue, 21 Jan 2025 16:15:05 +0800 Subject: [PATCH 16/20] revert interface change --- kong/pdk/request.lua | 4 ++-- kong/pdk/service/response.lua | 15 +++++++-------- kong/plugins/basic-auth/access.lua | 12 ++++++------ kong/plugins/cors/handler.lua | 28 ++++++++++++++-------------- kong/plugins/hmac-auth/access.lua | 22 ++++++++++------------ kong/plugins/ldap-auth/access.lua | 5 ++--- 6 files changed, 41 insertions(+), 45 deletions(-) diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index c96449f8146..ffad72b4b4a 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -617,14 +617,14 @@ local function new(self) -- kong.request.get_header("Host") -- "foo.com" -- kong.request.get_header("x-custom-header") -- "bla" -- kong.request.get_header("X-Another") -- "foo bar" - function _REQUEST.get_header(name, ctx) + function _REQUEST.get_header(name) check_phase(PHASES.request) if type(name) ~= "string" then error("header name must be a string", 2) end - return http_get_header(name, ctx) + return http_get_header(name) end diff --git a/kong/pdk/service/response.lua b/kong/pdk/service/response.lua index 3161041c0e9..522d2cddeee 100644 --- a/kong/pdk/service/response.lua +++ b/kong/pdk/service/response.lua @@ -285,11 +285,10 @@ local function new(pdk, major_version) -- -- or `access` phase prior calling this function. -- -- local body = kong.service.response.get_raw_body() - function response.get_raw_body(buffered_proxying) + function response.get_raw_body() check_phase(header_body_log) local ctx = ngx.ctx - local buffered = buffered_proxying or ctx.buffered_proxying - if not buffered then + if not ctx.buffered_proxying then error("service body is only available with buffered proxying " .. "(see: kong.service.request.enable_buffering function)", 2) end @@ -314,8 +313,8 @@ local function new(pdk, major_version) -- local body = kong.service.response.get_body() function response.get_body(mimetype, max_args) check_phase(header_body_log) - local bufferred_proxying = ngx.ctx.buffered_proxying - if not bufferred_proxying then + local ctx = ngx.ctx + if not ctx.buffered_proxying then error("service body is only available with buffered proxying " .. "(see: kong.service.request.enable_buffering function)", 2) end @@ -346,7 +345,7 @@ local function new(pdk, major_version) end end - local body = response.get_raw_body(bufferred_proxying) + local body = ctx.buffered_body or "" local pargs, err = ngx.decode_args(body, max_args or MAX_POST_ARGS_DEFAULT) if not pargs then return nil, err, CONTENT_TYPE_POST @@ -355,7 +354,7 @@ local function new(pdk, major_version) return pargs, nil, CONTENT_TYPE_POST elseif find(content_type_lower, CONTENT_TYPE_JSON, 1, true) == 1 then - local body = response.get_raw_body(bufferred_proxying) + local body = ctx.buffered_body or "" local json = cjson.decode_with_array_mt(body) if type(json) ~= "table" then return nil, "invalid json body", CONTENT_TYPE_JSON @@ -364,7 +363,7 @@ local function new(pdk, major_version) return json, nil, CONTENT_TYPE_JSON elseif find(content_type_lower, CONTENT_TYPE_FORM_DATA, 1, true) == 1 then - local body = response.get_raw_body(bufferred_proxying) + local body = ctx.buffered_body or "" local parts = multipart(body, content_type) if not parts then diff --git a/kong/plugins/basic-auth/access.lua b/kong/plugins/basic-auth/access.lua index 45570e23436..26bd27489b7 100644 --- a/kong/plugins/basic-auth/access.lua +++ b/kong/plugins/basic-auth/access.lua @@ -28,9 +28,9 @@ local _M = {} -- @param {table} conf Plugin config -- @return {string} public_key -- @return {string} private_key -local function retrieve_credentials(header_name, conf, ctx) +local function retrieve_credentials(header_name, conf, headers) local username, password - local authorization_header = kong.request.get_header(header_name, ctx) + local authorization_header = headers[header_name] if authorization_header then local iterator, iter_err = re_gmatch(authorization_header, "\\s*[Bb]asic\\s*(.+)", "oj") @@ -158,22 +158,22 @@ end local function do_authentication(conf) local www_authenticate = "Basic realm=\"" .. conf.realm .. "\"" - local ctx = {} + local headers = kong.request.get_headers() -- If both headers are missing, return 401 - if not (kong.request.get_header("authorization", ctx) or kong.request.get_header("proxy-authorization", ctx)) then + if not (headers["authorization"] or headers["proxy-authorization"]) then return false, unauthorized("Unauthorized", www_authenticate) end local credential - local given_username, given_password = retrieve_credentials("proxy-authorization", conf, ctx) + local given_username, given_password = retrieve_credentials("proxy-authorization", conf, headers) if given_username and given_password then credential = load_credential_from_db(given_username) end -- Try with the authorization header if not credential then - given_username, given_password = retrieve_credentials("authorization", conf, ctx) + given_username, given_password = retrieve_credentials("authorization", conf, headers) if given_username and given_password then credential = load_credential_from_db(given_username) else diff --git a/kong/plugins/cors/handler.lua b/kong/plugins/cors/handler.lua index 4f2a023b87f..3756f735ca4 100644 --- a/kong/plugins/cors/handler.lua +++ b/kong/plugins/cors/handler.lua @@ -61,7 +61,7 @@ local function add_vary_header(header_filter) end end -local function configure_origin(conf, header_filter, ctx) +local function configure_origin(conf, header_filter, headers) local n_origins = conf.origins ~= nil and #conf.origins or 0 local set_header = kong.response.set_header @@ -89,7 +89,7 @@ local function configure_origin(conf, header_filter, ctx) end end - local req_origin = kong.request.get_header("origin", ctx) + local req_origin = headers["origin"] if req_origin then local cached_domains = config_cache[conf] if not cached_domains then @@ -167,7 +167,7 @@ local function configure_origin(conf, header_filter, ctx) end -local function configure_credentials(conf, allow_all, header_filter, ctx) +local function configure_credentials(conf, allow_all, header_filter, headers) local set_header = kong.response.set_header if not conf.credentials then @@ -181,7 +181,7 @@ local function configure_credentials(conf, allow_all, header_filter, ctx) -- Access-Control-Allow-Origin is '*', must change it because ACAC cannot -- be 'true' if ACAO is '*'. - local req_origin = kong.request.get_header("origin", ctx) + local req_origin = headers["origin"] if req_origin then add_vary_header(header_filter) set_header("Access-Control-Allow-Origin", req_origin) @@ -191,10 +191,10 @@ end function CorsHandler:access(conf) - local ctx = {} + local headers = kong.request.get_headers() if kong.request.get_method() ~= "OPTIONS" - or not kong.request.get_header("Origin", ctx) - or not kong.request.get_header("Access-Control-Request-Method", ctx) + or not headers["Origin"] + or not headers["Access-Control-Request-Method"] then return end @@ -208,8 +208,8 @@ function CorsHandler:access(conf) return end - local allow_all = configure_origin(conf, false, ctx) - configure_credentials(conf, allow_all, false, ctx) + local allow_all = configure_origin(conf, false, headers) + configure_credentials(conf, allow_all, false, headers) local set_header = kong.response.set_header @@ -217,7 +217,7 @@ function CorsHandler:access(conf) set_header("Access-Control-Allow-Headers", concat(conf.headers, ",")) else - local acrh = kong.request.get_header("Access-Control-Request-Headers", ctx) + local acrh = headers["Access-Control-Request-Headers"] if acrh then set_header("Access-Control-Allow-Headers", acrh) else @@ -235,7 +235,7 @@ function CorsHandler:access(conf) end if conf.private_network and - kong.request.get_header("Access-Control-Request-Private-Network", ctx) == 'true' then + headers["Access-Control-Request-Private-Network"] == 'true' then set_header("Access-Control-Allow-Private-Network", 'true') end @@ -248,9 +248,9 @@ function CorsHandler:header_filter(conf) return end - local ctx = {} - local allow_all = configure_origin(conf, true, ctx) - configure_credentials(conf, allow_all, true, ctx) + local headers = kong.request.get_headers() + local allow_all = configure_origin(conf, true, headers) + configure_credentials(conf, allow_all, true, headers) if conf.exposed_headers and #conf.exposed_headers > 0 then kong.response.set_header("Access-Control-Expose-Headers", diff --git a/kong/plugins/hmac-auth/access.lua b/kong/plugins/hmac-auth/access.lua index cd4acaedbbc..8e6e2848699 100644 --- a/kong/plugins/hmac-auth/access.lua +++ b/kong/plugins/hmac-auth/access.lua @@ -132,10 +132,9 @@ local function create_hash(request_uri, hmac_params) local hmac_headers = hmac_params.hmac_headers local count = #hmac_headers - local ctx = {} for i = 1, count do local header = hmac_headers[i] - local header_value = kong.request.get_header(header, ctx) + local header_value = kong.request.get_header(header) if not header_value then if header == "@request-target" then @@ -200,8 +199,8 @@ local function load_credential(username) end -local function validate_clock_skew(date_header_name, allowed_clock_skew, ctx) - local date = kong_request.get_header(date_header_name, ctx) +local function validate_clock_skew(date_header_name, allowed_clock_skew, headers) + local date = headers[date_header_name] if not date then return false end @@ -220,14 +219,13 @@ local function validate_clock_skew(date_header_name, allowed_clock_skew, ctx) end -local function validate_body(ctx) +local function validate_body(digest_received) local body, err = kong_request.get_raw_body() if err then kong.log.debug(err) return false end - local digest_received = kong_request.get_header(DIGEST, ctx) if not digest_received then -- if there is no digest and no body, it is ok return body == "" @@ -282,9 +280,9 @@ end local function do_authentication(conf) - local ctx = {} - local authorization = kong_request.get_header(AUTHORIZATION, ctx) - local proxy_authorization = kong_request.get_header(PROXY_AUTHORIZATION, ctx) + local headers = kong_request.get_headers() + local authorization = headers[AUTHORIZATION] + local proxy_authorization = headers[PROXY_AUTHORIZATION] local www_auth_content = conf.realm and fmt('hmac realm="%s"', conf.realm) or 'hmac' -- If both headers are missing, return 401 @@ -293,8 +291,8 @@ local function do_authentication(conf) end -- validate clock skew - if not (validate_clock_skew(X_DATE, conf.clock_skew, ctx) or - validate_clock_skew(DATE, conf.clock_skew, ctx)) then + if not (validate_clock_skew(X_DATE, conf.clock_skew, headers) or + validate_clock_skew(DATE, conf.clock_skew, headers)) then return false, unauthorized( "HMAC signature cannot be verified, a valid date or " .. "x-date header is required for HMAC Authentication", @@ -336,7 +334,7 @@ local function do_authentication(conf) end -- If request body validation is enabled, then verify digest. - if conf.validate_request_body and not validate_body() then + if conf.validate_request_body and not validate_body(headers[DIGEST]) then kong.log.debug("digest validation failed") return false, unauthorized(SIGNATURE_NOT_SAME, www_auth_content) end diff --git a/kong/plugins/ldap-auth/access.lua b/kong/plugins/ldap-auth/access.lua index 824aace960e..a2b5db0817b 100644 --- a/kong/plugins/ldap-auth/access.lua +++ b/kong/plugins/ldap-auth/access.lua @@ -241,9 +241,8 @@ local function unauthorized(message, authorization_scheme) end local function do_authentication(conf) - local ctx = {} - local authorization_value = kong.request.get_header(AUTHORIZATION, ctx) - local proxy_authorization_value = kong.request.get_header(PROXY_AUTHORIZATION, ctx) + local authorization_value = kong.request.get_header(AUTHORIZATION) + local proxy_authorization_value = kong.request.get_header(PROXY_AUTHORIZATION) local scheme = conf.header_type if scheme == "ldap" then From 16b159c68d0152a701f46927d2ce4374d16b494f Mon Sep 17 00:00:00 2001 From: ProBrian Date: Fri, 7 Feb 2025 17:28:15 +0800 Subject: [PATCH 17/20] perf(pdk):minor refinement on pdk usage --- kong/globalpatches.lua | 5 +++-- kong/plugins/grpc-web/handler.lua | 2 +- kong/plugins/request-transformer/access.lua | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/kong/globalpatches.lua b/kong/globalpatches.lua index 5b0712e071d..2fbe75807f9 100644 --- a/kong/globalpatches.lua +++ b/kong/globalpatches.lua @@ -237,11 +237,12 @@ return function(options) -- READ REQUEST BODY [ _G.ngx.req.read_body = function() -- for the same request, only one `read_body` call is needed - if not ngx.ctx.body_read then + if not ngx.ctx.req_body_read then read_req_body() - ngx.ctx.body_read = true + ngx.ctx.req_body_read = true end end + -- ] end end diff --git a/kong/plugins/grpc-web/handler.lua b/kong/plugins/grpc-web/handler.lua index 437f92f119a..0ad3fe0fa87 100644 --- a/kong/plugins/grpc-web/handler.lua +++ b/kong/plugins/grpc-web/handler.lua @@ -50,7 +50,7 @@ function grpc_web:access(conf) end local dec, err = deco.new( - ngx.var.http_content_type, + ngx_var.http_content_type, uri, conf.proto) if not dec then diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index 9ab374841f5..4e2edbccf2c 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -8,7 +8,7 @@ local table_insert = table.insert local get_uri_args = kong.request.get_query local set_uri_args = kong.service.request.set_query local clear_header = kong.service.request.clear_header -local var = ngx.var +local ngx_var = ngx.var local set_header = kong.service.request.set_header local get_headers = kong.request.get_headers local set_headers = kong.service.request.set_headers @@ -422,7 +422,7 @@ end local function transform_body(conf, template_env) -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = var.http_content_type + local content_type_value = ngx_var.http_content_type local content_type = get_content_type(content_type_value) if content_type == nil or #conf.rename.body < 1 and #conf.remove.body < 1 and #conf.replace.body < 1 and @@ -457,7 +457,7 @@ local function transform_method(conf) set_method(conf.http_method:upper()) if conf.http_method == "GET" or conf.http_method == "HEAD" or conf.http_method == "TRACE" then -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = var.http_content_type + local content_type_value = ngx_var.http_content_type local content_type = get_content_type(content_type_value) if content_type == ENCODED then -- Also put the body into querystring From b40a178ea29ee617b8549e9d6368f6509b9b3542 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Fri, 7 Feb 2025 17:43:20 +0800 Subject: [PATCH 18/20] perf(pdk):change naming and localize method --- kong/globalpatches.lua | 4 ++-- kong/plugins/oauth2/access.lua | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kong/globalpatches.lua b/kong/globalpatches.lua index 2fbe75807f9..65f2d8cb470 100644 --- a/kong/globalpatches.lua +++ b/kong/globalpatches.lua @@ -237,9 +237,9 @@ return function(options) -- READ REQUEST BODY [ _G.ngx.req.read_body = function() -- for the same request, only one `read_body` call is needed - if not ngx.ctx.req_body_read then + if not ngx.ctx._req_body_has_read then read_req_body() - ngx.ctx.req_body_read = true + ngx.ctx._req_body_has_read = true end end -- ] diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 8b1dcb5ea95..62796f65099 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -27,7 +27,7 @@ local ngx_decode_args = ngx.decode_args local ngx_re_gmatch = ngx.re.gmatch local ngx_decode_base64 = ngx.decode_base64 local ngx_encode_base64 = ngx.encode_base64 - +local ngx_var = ngx.var local _M = {} @@ -877,7 +877,7 @@ local function parse_access_token(conf) parameters[ACCESS_TOKEN] = nil kong.service.request.set_query(parameters) - local content_type = ngx.var.http_content_type + local content_type = ngx_var.http_content_type local is_form_post = content_type and string_find(content_type, "application/x-www-form-urlencoded", 1, true) From d21ef10b9ce9d65225a875938d06deff165ac157 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 12 Feb 2025 10:08:44 +0800 Subject: [PATCH 19/20] feat(pdk): revert var.http_content_type change due to behavior inconsistency --- kong/pdk/request.lua | 4 +++- kong/pdk/service/request.lua | 3 ++- kong/plugins/aws-lambda/request-util.lua | 2 +- kong/plugins/grpc-web/handler.lua | 3 ++- kong/plugins/oauth2/access.lua | 3 +-- kong/plugins/request-transformer/access.lua | 9 ++++----- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/kong/pdk/request.lua b/kong/pdk/request.lua index ffad72b4b4a..aa648c42fd3 100644 --- a/kong/pdk/request.lua +++ b/kong/pdk/request.lua @@ -61,6 +61,8 @@ local function new(self) local MIN_PORT = 1 local MAX_PORT = 65535 + local CONTENT_TYPE = "Content-Type" + local CONTENT_TYPE_POST = "application/x-www-form-urlencoded" local CONTENT_TYPE_JSON = "application/json" local CONTENT_TYPE_FORM_DATA = "multipart/form-data" @@ -818,7 +820,7 @@ local function new(self) -- body.age -- "42" function _REQUEST.get_body(mimetype, max_args, max_allowed_file_size) check_phase(before_content) - local content_type = mimetype or ngx.var.http_content_type + local content_type = mimetype or _REQUEST.get_header(CONTENT_TYPE) if not content_type then return nil, "missing content type" end diff --git a/kong/pdk/service/request.lua b/kong/pdk/service/request.lua index 9c01c237bc1..a20daf4bbb3 100644 --- a/kong/pdk/service/request.lua +++ b/kong/pdk/service/request.lua @@ -23,6 +23,7 @@ local validate_header = checks.validate_header local validate_headers = checks.validate_headers local check_phase = phase_checker.check local escape = require("kong.tools.uri").escape +local get_header = require("kong.tools.http").get_header local search_remove = require("resty.ada.search").remove @@ -653,7 +654,7 @@ local function new(self) error("mime must be a string", 2) end if not mime then - mime = ngx_var.http_content_type + mime = get_header(CONTENT_TYPE) if not mime then return nil, "content type was neither explicitly given " .. "as an argument or received as a header" diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua index fe59f786c98..ac7c2767b33 100644 --- a/kong/plugins/aws-lambda/request-util.lua +++ b/kong/plugins/aws-lambda/request-util.lua @@ -294,7 +294,7 @@ local function build_request_payload(conf) end if conf.forward_request_body then - local content_type = ngx.var.http_content_type + local content_type = kong.request.get_header("Content-Type") local body_raw = read_request_body(conf.skip_large_bodies) local body_args, err = kong.request.get_body() if err and err:match("content type") then diff --git a/kong/plugins/grpc-web/handler.lua b/kong/plugins/grpc-web/handler.lua index 0ad3fe0fa87..3c8047862db 100644 --- a/kong/plugins/grpc-web/handler.lua +++ b/kong/plugins/grpc-web/handler.lua @@ -13,6 +13,7 @@ local ngx_var = ngx.var local kong_request_get_path = kong.request.get_path local kong_request_get_method = kong.request.get_method +local kong_request_get_header = kong.request.get_header local kong_request_get_raw_body = kong.request.get_raw_body local kong_response_exit = kong.response.exit local kong_response_set_header = kong.response.set_header @@ -50,7 +51,7 @@ function grpc_web:access(conf) end local dec, err = deco.new( - ngx_var.http_content_type, + kong_request_get_header("Content-Type"), uri, conf.proto) if not dec then diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 62796f65099..5ae159c130a 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -27,7 +27,6 @@ local ngx_decode_args = ngx.decode_args local ngx_re_gmatch = ngx.re.gmatch local ngx_decode_base64 = ngx.decode_base64 local ngx_encode_base64 = ngx.encode_base64 -local ngx_var = ngx.var local _M = {} @@ -877,7 +876,7 @@ local function parse_access_token(conf) parameters[ACCESS_TOKEN] = nil kong.service.request.set_query(parameters) - local content_type = ngx_var.http_content_type + local content_type = kong.request.get_header("content-type") local is_form_post = content_type and string_find(content_type, "application/x-www-form-urlencoded", 1, true) diff --git a/kong/plugins/request-transformer/access.lua b/kong/plugins/request-transformer/access.lua index 4e2edbccf2c..9b3216a233e 100644 --- a/kong/plugins/request-transformer/access.lua +++ b/kong/plugins/request-transformer/access.lua @@ -8,7 +8,7 @@ local table_insert = table.insert local get_uri_args = kong.request.get_query local set_uri_args = kong.service.request.set_query local clear_header = kong.service.request.clear_header -local ngx_var = ngx.var +local get_header = kong.request.get_header local set_header = kong.service.request.set_header local get_headers = kong.request.get_headers local set_headers = kong.service.request.set_headers @@ -31,6 +31,7 @@ local template_cache = setmetatable( {}, { __mode = "k" }) local DEBUG = ngx.DEBUG local CONTENT_LENGTH = "content-length" +local CONTENT_TYPE = "content-type" local HOST = "host" local JSON, MULTI, ENCODED = "json", "multi_part", "form_encoded" local EMPTY = require("kong.tools.table").EMPTY @@ -421,8 +422,7 @@ local function transform_multipart_body(conf, body, content_length, content_type end local function transform_body(conf, template_env) - -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = ngx_var.http_content_type + local content_type_value = get_header(CONTENT_TYPE) local content_type = get_content_type(content_type_value) if content_type == nil or #conf.rename.body < 1 and #conf.remove.body < 1 and #conf.replace.body < 1 and @@ -456,8 +456,7 @@ local function transform_method(conf) if conf.http_method then set_method(conf.http_method:upper()) if conf.http_method == "GET" or conf.http_method == "HEAD" or conf.http_method == "TRACE" then - -- content-type is a builtin single value header, use var to fetch is faster. - local content_type_value = ngx_var.http_content_type + local content_type_value = get_header(CONTENT_TYPE) local content_type = get_content_type(content_type_value) if content_type == ENCODED then -- Also put the body into querystring From edd040a7f93cf98402c40ccb445afe8919c85b47 Mon Sep 17 00:00:00 2001 From: ProBrian Date: Wed, 12 Feb 2025 15:49:56 +0800 Subject: [PATCH 20/20] feat(pdk): keep lower case header name change --- kong/plugins/aws-lambda/request-util.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua index ac7c2767b33..9e761afc195 100644 --- a/kong/plugins/aws-lambda/request-util.lua +++ b/kong/plugins/aws-lambda/request-util.lua @@ -294,7 +294,7 @@ local function build_request_payload(conf) end if conf.forward_request_body then - local content_type = kong.request.get_header("Content-Type") + local content_type = kong.request.get_header("content-type") local body_raw = read_request_body(conf.skip_large_bodies) local body_args, err = kong.request.get_body() if err and err:match("content type") then