kong hmac 應用實踐
service 創建
curl -i -X POST --url http://127.0.0.1:8001/services/ --data 'name=lxy-service' --data 'url=http://127.0.0.1:8090/project/'
注:請根據實際情況填寫自己服務地址url
route 創建
curl -i -X POST --url http://127.0.0.1:8001/services/lxy-service/routes --data 'paths[]=/test/'
爲services 添加 hmac插件
POST http://127.0.0.1:8001/services/a721cb35-d3e4-41d6-bace-2acf7c688b7c/plugins
{
"name":"hmac-auth",
"config": {
"enforce_headers": ["testhamc"],
"algorithms": ["hmac-sha1", "hmac-sha256"]
}
}
創建consumer
curl -i -X POST http://127.0.0.1:8001/consumers
爲consumer 創建證書
POST http://127.0.0.1:8001/consumers/5b10f786-1392-49c5-b64f-b74195b481da/hmac-auth
{
"username":"test",
"secret":"test123456"
}
以上配置完成,現在看一下怎麼用:
先試着訪問一下
可以看到,提示需要認證,參考官方文檔
生成簽名
import hashlib
import hmac
import base64
message = "test: 123456"
secret = b"test123456"
signature = base64.b64encode(hmac.new(secret, message.encode("utf8"), digestmod=hashlib.sha256).digest())
print(signature)
添加請求頭Authorization,在次訪問,提示如下信息
根據提示需要添加x-date信息
import datetime
GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
time = datetime.datetime.utcnow().strftime(GMT_FORMAT)
print(time)
獲取x-date數據,添加至請求頭,訪問,可以成功返回
根據官方文檔, 請求需要添加如下請求頭
-H "Host: hmac.com" \
-H "Date: Thu, 22 Jun 2017 17:15:21 GMT" \
-H 'Authorization: hmac username="alice123", algorithm="hmac-sha256", headers="date request-line", signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'