Comments (5)
A great idea - can't believe the feature was missed out! Tyk doesn't currently support method ignores out of the box, it would need to be added in (shouldn't be too hard though):
The things that would need doing are:
- Enabling users creating new defs to add methods
- Extending URLSpec to include a methods slice
- Populating tURLSpecs
- Actually checking if the method is supported when matched in a request
First off, https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L87 would need to be changed to use a map[string][]string
, which would be map[<URL>]['method1', 'method2', ...]
, this way we can define ignored methods against URL's
Tyk converts these verbose definition elements into leaner objects called an ApiSpec
(https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L134), these use regexps to identify paths quickly when a request hits the router, the ApiSpec maps a regexp to a URLSpec
, which would need extending with a slice of strings such as []string Methods
(https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L127) to hold the methods array that was created in the definition.
In order to populate this object at load time, we'd need to incorporate the new values into the MakeSpec
function, in particular the loop that creates the URLSpec
values: https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L208
To actually ensure the HTTP method gets checked, the IsURLAllowedAndIgnored
function would need extending to include a method check on match https://github.com/lonelycode/tyk/blob/721a05f468269e53c3d32d4063e80c4eb2ded91f/api_definition_manager.go#L333
It would also need to have it's signature changed to include the method data as part of the function parameters (or change it to take a request object pointer) https://github.com/lonelycode/tyk/blob/721a05f468269e53c3d32d4063e80c4eb2ded91f/api_definition_manager.go#L438
The versioning code that controls most of this needs refactoring, it's a little messy at the moment, would much rather have all these methods in the middleware, but that's something I'll tackle at a later date :-/
from tyk.
Great will try to look into it this weekend. Just ran into an issue that paths.ignored is still checked for authentication. Below my json. The target API has an endpoint POST /users/create and listen path is set to "/". TYK should ignore "/users/create" what I am doing wrong? Do I need to create a version or white list?
{
"proxy": {
"target_url": "TARGET",
"listen_path": "/"
},
"version_data": {
"versions": {
"v1": {
"paths": {
"black_list": [],
"white_list": [],
"ignored": [
"/users/create",
"/users/auth"
]
},
"expires": "3000-01-02 15:04",
"name": "Default"
}
},
"not_versioned": true
},
"auth": {
"auth_header_name": "Authorization"
},
"definition": {
"key": "version",
"location": "header"
},
"org_id": "default",
"api_id": "1",
"name": "Tyk Test API"
}
from tyk.
I think you may have identified a pretty serious bug!
In the loadApps() function in main.go, in the middleware chain, authentication happens before version checking. Which means ignores paths are only ignored in the context of being versioned, not being free of auth.
It should be a quick fix (I will patch tomorrow - it's 1am atm) simply moving &VersionCheck up above keyCheck should solve it, so long as it doesn't require user context (which I think it doesn't).
Good spot!
Btw are you running master branch or a binary version?
M.
from tyk.
Minor bugfix release for ignored paths now published:
https://github.com/lonelycode/tyk/releases/tag/v1.1.1
from tyk.
Awesome!
I am working off the binary BTW.
from tyk.
Related Issues (20)
- Optimize rate limit using Lua script
- [Q]: Adding more tests and increasing the Code Coverage HOT 4
- Double response from go plugin virtual endpoint HOT 1
- [TT-5070]Wrong HTTP status code when panic happens inside Go plugin HOT 1
- [TT-11223]ERROR: Tyk PUMP not able to connect to Redis Sentinels HOT 1
- Error with middleware in one gateway while other pods are working fine HOT 1
- KV Store config not read in tyk.conf (security.certificates.upstream) HOT 4
- User not authorized when using basic authentication HOT 1
- OAS API: transformRequestMethod.toMethod expects boolean instead of string HOT 1
- Automatic retries when there are specific errors from Upstream
- How to define proxy.listen_path as exact path? HOT 4
- HTTP/2 Continuation Frame Vulnerability
- graphql playground error for federation
- Add HTTP proxy support to MDCB
- Tyk cannot validate client certificates against a certificate authority HOT 2
- Profile Raw Editor cursor placement HOT 2
- Sd
- Sd HOT 1
- Support multiple JWKS sources / one source per OIDC provider/issuer
- [TT-12318] SSE Streaming is broken HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tyk.