global-rule.t 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419
  1. #
  2. # Licensed to the Apache Software Foundation (ASF) under one or more
  3. # contributor license agreements. See the NOTICE file distributed with
  4. # this work for additional information regarding copyright ownership.
  5. # The ASF licenses this file to You under the Apache License, Version 2.0
  6. # (the "License"); you may not use this file except in compliance with
  7. # the License. You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. #
  17. BEGIN {
  18. if ($ENV{TEST_NGINX_CHECK_LEAK}) {
  19. $SkipReason = "unavailable for the hup tests";
  20. } else {
  21. $ENV{TEST_NGINX_USE_HUP} = 1;
  22. undef $ENV{TEST_NGINX_USE_STAP};
  23. }
  24. }
  25. use t::APISIX 'no_plan';
  26. repeat_each(1);
  27. log_level('info');
  28. worker_connections(256);
  29. no_root_location();
  30. no_shuffle();
  31. run_tests();
  32. __DATA__
  33. === TEST 1: set global rule
  34. --- config
  35. location /t {
  36. content_by_lua_block {
  37. local t = require("lib.test_admin").test
  38. local code, body = t('/apisix/admin/global_rules/1',
  39. ngx.HTTP_PUT,
  40. [[{
  41. "plugins": {
  42. "limit-count": {
  43. "count": 2,
  44. "time_window": 60,
  45. "rejected_code": 503,
  46. "key": "remote_addr"
  47. }
  48. }
  49. }]]
  50. )
  51. if code >= 300 then
  52. ngx.status = code
  53. end
  54. ngx.say(body)
  55. }
  56. }
  57. --- request
  58. GET /t
  59. --- response_body
  60. passed
  61. === TEST 2: delete route(id: 1)
  62. --- config
  63. location /t {
  64. content_by_lua_block {
  65. local t = require("lib.test_admin").test
  66. local code, body = t('/apisix/admin/routes/1', ngx.HTTP_DELETE)
  67. ngx.say("passed")
  68. }
  69. }
  70. --- request
  71. GET /t
  72. --- response_body
  73. passed
  74. === TEST 3: /not_found
  75. --- request
  76. GET /not_found
  77. --- error_code: 404
  78. --- response_body
  79. {"error_msg":"404 Route Not Found"}
  80. === TEST 4: /not_found
  81. --- request
  82. GET /hello
  83. --- error_code: 404
  84. --- response_body
  85. {"error_msg":"404 Route Not Found"}
  86. === TEST 5: /not_found
  87. --- request
  88. GET /hello
  89. --- error_code: 503
  90. === TEST 6: global rule for internal api (should limit)
  91. --- yaml_config
  92. plugins:
  93. - limit-count
  94. - node-status
  95. --- request
  96. GET /apisix/status
  97. --- error_code: 503
  98. === TEST 7: update global rule
  99. --- config
  100. location /t {
  101. content_by_lua_block {
  102. local t = require("lib.test_admin").test
  103. local code, body = t('/apisix/admin/global_rules/1',
  104. ngx.HTTP_PUT,
  105. [[{
  106. "plugins": {
  107. "response-rewrite": {
  108. "headers": {
  109. "X-VERSION":"1.0"
  110. }
  111. },
  112. "uri-blocker": {
  113. "block_rules": ["select.+(from|limit)", "(?:(union(.*?)select))"]
  114. }
  115. }
  116. }]]
  117. )
  118. if code >= 300 then
  119. ngx.status = code
  120. end
  121. ngx.say(body)
  122. }
  123. }
  124. --- request
  125. GET /t
  126. --- response_body
  127. passed
  128. === TEST 8: set one more global rule
  129. --- config
  130. location /t {
  131. content_by_lua_block {
  132. local t = require("lib.test_admin").test
  133. local code, body = t('/apisix/admin/global_rules/2',
  134. ngx.HTTP_PUT,
  135. [[{
  136. "plugins": {
  137. "response-rewrite": {
  138. "headers": {
  139. "X-TEST":"test"
  140. }
  141. }
  142. }
  143. }]]
  144. )
  145. if code >= 300 then
  146. ngx.status = code
  147. end
  148. ngx.say(body)
  149. }
  150. }
  151. --- request
  152. GET /t
  153. --- response_body
  154. passed
  155. === TEST 9: hit global rules
  156. --- request
  157. GET /hello?name=;union%20select%20
  158. --- error_code: 403
  159. --- response_headers
  160. X-VERSION: 1.0
  161. X-TEST: test
  162. === TEST 10: hit global rules by internal api (only check uri-blocker)
  163. --- yaml_config
  164. plugins:
  165. - response-rewrite
  166. - uri-blocker
  167. - node-status
  168. --- request
  169. GET /apisix/status?name=;union%20select%20
  170. --- error_code: 403
  171. --- response_headers
  172. X-VERSION: 1.0
  173. X-TEST: test
  174. === TEST 11: delete global rules
  175. --- config
  176. location /t {
  177. content_by_lua_block {
  178. local t = require("lib.test_admin").test
  179. local code, body = t('/apisix/admin/global_rules/1', ngx.HTTP_DELETE)
  180. if code >= 300 then
  181. ngx.status = code
  182. end
  183. ngx.say(body)
  184. local code, body = t('/apisix/admin/global_rules/2', ngx.HTTP_DELETE)
  185. if code >= 300 then
  186. ngx.status = code
  187. end
  188. local code, body = t('/not_found', ngx.HTTP_GET)
  189. ngx.say(code)
  190. local code, body = t('/not_found', ngx.HTTP_GET)
  191. ngx.say(code)
  192. }
  193. }
  194. --- request
  195. GET /t
  196. --- response_body
  197. passed
  198. 404
  199. 404
  200. === TEST 12: empty global rule
  201. --- config
  202. location /t {
  203. content_by_lua_block {
  204. local t = require("lib.test_admin").test
  205. local code, body = t('/apisix/admin/global_rules/1',
  206. ngx.HTTP_PUT,
  207. [[{
  208. "plugins": {
  209. }
  210. }]]
  211. )
  212. if code >= 300 then
  213. ngx.status = code
  214. ngx.say(body)
  215. return
  216. end
  217. local code, body = t('/apisix/admin/routes/1',
  218. ngx.HTTP_PUT,
  219. [[{
  220. "plugins": {
  221. "response-rewrite": {
  222. "body": "changed\n"
  223. }
  224. },
  225. "upstream": {
  226. "nodes": {
  227. "127.0.0.1:1980": 1
  228. },
  229. "type": "roundrobin"
  230. },
  231. "uri": "/hello"
  232. }]]
  233. )
  234. if code >= 300 then
  235. ngx.status = code
  236. return
  237. end
  238. ngx.say(body)
  239. }
  240. }
  241. --- request
  242. GET /t
  243. --- response_body
  244. passed
  245. === TEST 13: hit global rules
  246. --- request
  247. GET /hello
  248. --- response_body
  249. changed
  250. === TEST 14: global rule works with the consumer, after deleting the global rule, ensure no stale plugins remaining
  251. --- config
  252. location /t {
  253. content_by_lua_block {
  254. local t = require("lib.test_admin").test
  255. local code, body = t('/apisix/admin/consumers',
  256. ngx.HTTP_PUT,
  257. [[{
  258. "username": "test",
  259. "plugins": {
  260. "basic-auth": {
  261. "username": "test",
  262. "password": "test"
  263. }
  264. },
  265. "desc": "test description"
  266. }]]
  267. )
  268. if code >= 300 then
  269. ngx.status = code
  270. return
  271. end
  272. local code, body = t('/apisix/admin/routes/1',
  273. ngx.HTTP_PUT,
  274. [[{
  275. "uri": "/hello",
  276. "upstream": {
  277. "type": "roundrobin",
  278. "nodes": {
  279. "127.0.0.1:1980": 1
  280. }
  281. }
  282. }]]
  283. )
  284. if code >= 300 then
  285. ngx.status = code
  286. return
  287. end
  288. local code, body = t('/apisix/admin/global_rules/1',
  289. ngx.HTTP_PUT,
  290. [[{
  291. "plugins": {
  292. "basic-auth": {}
  293. }
  294. }]]
  295. )
  296. if code >= 300 then
  297. ngx.status = code
  298. return
  299. end
  300. -- sleep for data sync
  301. ngx.sleep(0.5)
  302. -- hit the route without authorization, should be 401
  303. local code, body = t('/hello',
  304. ngx.HTTP_PUT
  305. )
  306. if code ~= 401 then
  307. ngx.status = 400
  308. return
  309. end
  310. -- hit the route with authorization
  311. local code, body = t('/hello',
  312. ngx.HTTP_PUT,
  313. nil,
  314. nil,
  315. {Authorization = "Basic dGVzdDp0ZXN0"}
  316. )
  317. if code ~= 200 then
  318. ngx.status = code
  319. return
  320. end
  321. local code, body = t('/apisix/admin/global_rules/1',
  322. ngx.HTTP_DELETE,
  323. [[{
  324. "plugins": {
  325. "basic-auth": {}
  326. }
  327. }]]
  328. )
  329. if code >= 300 then
  330. ngx.status = code
  331. return
  332. end
  333. ngx.sleep(0.5)
  334. -- hit the route with authorization, should be 200
  335. local code, body = t('/hello',
  336. ngx.HTTP_PUT
  337. )
  338. if code ~= 200 then
  339. ngx.status = code
  340. return
  341. end
  342. ngx.say(body)
  343. }
  344. }
  345. --- request
  346. GET /t
  347. --- response_body
  348. passed