Kong Gateway - 18 基于网关服务的请求大小限制(Request Size Limiting)
程序员文章站
2022-05-24 13:22:13
...
Configure a Service in Kong
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \
URL Format http://localhost:8001/services/{name of servie}/routes
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
URL Format http://localhost:8001/services/{name of servie}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
URL Format http://localhost:8001/services/{service}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=request-size-limiting" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=request-size-limiting" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
URL Format http://localhost:8001/services/{service}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/consumers/ \
--data "username=jack"
URL Format http://localhost:8001/consumers/{username or consumer_id}/basic-auth
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "aaa@qq.com" \
--data "password=123456"
Key-Value about aaa@qq.com:123456,its base64 value is :
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)
A client-user requesting the book microservice exposed through Kong's proxy server
[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
consumer_id={consumer_id}
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=request-size-limiting" \
--data "consumer_id=9f27da39-c03e-411d-8c7e-3400b2ed2098" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \
--data 'url=http://contoso.com/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:29:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"host": "contoso.com",
"created_at": 1526455779,
"connect_timeout": 60000,
"id": "36eff522-32e0-4544-991f-43212b7a7918",
"protocol": "http",
"name": "book",
"read_timeout": 60000,
"port": 80,
"path": "/v1/books",
"updated_at": 1526455779,
"retries": 5,
"write_timeout": 60000
}URL Format http://localhost:8001/services/{name of servie}/routes
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:30:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526455813,
"strip_path": true,
"hosts": null,
"preserve_host": false,
"regex_priority": 0,
"updated_at": 1526455813,
"paths": [
"/v1/books"
],
"service": {
"id": "36eff522-32e0-4544-991f-43212b7a7918"
},
"methods": null,
"protocols": [
"http",
"https"
],
"id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5" // {route_id} = id
}URL Format http://localhost:8001/services/{name of servie}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:31:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526484657000,
"config": {
"methods": [
"GET",
"POST"
],
"exposed_headers": [
"X-Auth-Token"
],
"max_age": 3600,
"headers": [
"Accept",
"Accept-Version",
"Content-Length",
"Content-MD5",
"Content-Type",
"Date",
"X-Auth-Token"
],
"credentials": true,
"origins": [
"http://contoso.com"
],
"preflight_continue": false
},
"id": "357188b7-bb16-45b1-a97e-690bd7420b47",
"enabled": true,
"service_id": "36eff522-32e0-4544-991f-43212b7a7918",
"name": "cors"
}URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:33:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526484819000,
"config": {
"methods": [
"GET",
"POST"
],
"exposed_headers": [
"X-Auth-Token"
],
"max_age": 3600,
"headers": [
"Accept",
"Accept-Version",
"Content-Length",
"Content-MD5",
"Content-Type",
"Date",
"X-Auth-Token"
],
"credentials": true,
"origins": [
"http://contoso.com"
],
"preflight_continue": false
},
"id": "1648818d-9415-4962-b5cd-41e398847811",
"enabled": true,
"route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5",
"name": "cors"
}URL Format http://localhost:8001/services/{service}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=request-size-limiting" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:34:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526484837000,
"config": {
"allowed_payload_size": 4
},
"id": "647de075-6bfa-4a0f-9308-ed1656cb6323",
"enabled": true,
"service_id": "36eff522-32e0-4544-991f-43212b7a7918",
"name": "request-size-limiting"
}[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:34:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 35
X-Kong-Proxy-Latency: 65
Via: kong/0.13.1
[
{
"id": 1,
"title": "Fashion That Changed the World",
"author": "Jennifer Croll"
},
{
"id": 2,
"title": "Brigitte Bardot - My Life in Fashion",
"author": "Henry-Jean Servat and Brigitte Bardot"
},
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=request-size-limiting" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:36:05 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526484965000,
"config": {
"allowed_payload_size": 4
},
"id": "6f675eac-d8fe-4f06-8bed-4c259c215f88",
"enabled": true,
"route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5",
"name": "request-size-limiting"
}[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:36:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 29
X-Kong-Proxy-Latency: 5
Via: kong/0.13.1
[
{
"id": 1,
"title": "Fashion That Changed the World",
"author": "Jennifer Croll"
},
{
"id": 2,
"title": "Brigitte Bardot - My Life in Fashion",
"author": "Henry-Jean Servat and Brigitte Bardot"
},
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]URL Format http://localhost:8001/services/{service}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:37:47 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526485066000,
"config": {
"hide_credentials": true,
"anonymous": ""
},
"id": "4e5f9b50-5134-476c-ae38-4320a26d0ea9",
"enabled": true,
"service_id": "36eff522-32e0-4544-991f-43212b7a7918",
"name": "basic-auth"
}URL Format http://localhost:8001/routes/{route_id}/plugins
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:18 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526485096000,
"config": {
"hide_credentials": true,
"anonymous": ""
},
"id": "d8b08b35-ac71-4075-a014-5bd2c822471e",
"enabled": true,
"route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5",
"name": "basic-auth"
}[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/consumers/ \
--data "username=jack"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526485120000,
"username": "jack",
"id": "9f27da39-c03e-411d-8c7e-3400b2ed2098" //{consumer_id} = id
}URL Format http://localhost:8001/consumers/{username or consumer_id}/basic-auth
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "aaa@qq.com" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:39:35 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526485176000,
"id": "cd78e858-cd53-443d-afad-f2933976c4e1",
"username": "aaa@qq.com",
"password": "9b25ddfc4970ca034238b25f5238d61361230044",
"consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}Key-Value about aaa@qq.com:123456,its base64 value is :
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)
A client-user requesting the book microservice exposed through Kong's proxy server
[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:40:00 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 31
X-Kong-Proxy-Latency: 56
Via: kong/0.13.1
[
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]consumer_id={consumer_id}
[aaa@qq.com ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=request-size-limiting" \
--data "consumer_id=9f27da39-c03e-411d-8c7e-3400b2ed2098" \
--data "config.allowed_payload_size=4" // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:41:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526485277000,
"config": {
"allowed_payload_size": 4
},
"id": "2a5b4e15-3b87-45b0-92f2-713af13ca5a6",
"name": "request-size-limiting",
"enabled": true,
"consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}[aaa@qq.com ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:41:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 30
X-Kong-Proxy-Latency: 3
Via: kong/0.13.1
[
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]
上述过程用命令终端演示正确的Request Size Limiting配置启用和访问过程,我们还一直没有测试它是否真的配置正确,是否真的能正常工作生效,我们应该如何测试返回 {"message":"Request size limit exceeded"}这样的信息呢?同样,你搜遍整个互联网,也没人告诉你怎么测试返回{"message":"Request size limit exceeded"}这样的结果来印证我们关于Request Size Limiting实验的整个操作过程是完美正确的。
a). 我们会使用上一篇文章中编写的addCountry方法,用return 'ok' 取代它的整个新增实现代码
/home/myth/www/bookstore/application/api/controller/v1/Country.php
public function addCountry(Request $request) {
return 'ok';
}
b). 我们将使用上一篇文章中下载的GeoIPCountryWhois.csv文件来作上传测试数据,我们的目的是要看返回结果:
{"message":"Request size limit exceeded"},注意状态码这行Header信息 HTTP/1.1 417
终端命令执行过程如下:
[aaa@qq.com ~]# du -sh /root/GeoIPCountryWhois.csv
13M /root/GeoIPCountryWhois.csv
[aaa@qq.com ~]# INPUT=`cat /root/GeoIPCountryWhois.csv` // 这个变量值太长无法提交,只能使用文件的形式上传测试数据
[aaa@qq.com ~]# curl -i -X POST \
--url http://contoso.org:8000/v1/countries \
--header 'authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY=' \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--form 'aaa@qq.com"/root/GeoIPCountryWhois.csv"'
HTTP/1.1 417
Date: Sun, 20 May 2018 02:05:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: kong/0.13.1
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
{"message":"Request size limit exceeded"}