Kong Gateway - 18 基于网关服务的请求大小限制(Request Size Limiting)

Configure a Service in Kong
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \

--data 'url=http://contoso.com/v1/books'

HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:29:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "host": "contoso.com", 
    "created_at": 1526455779, 
    "connect_timeout": 60000, 
    "id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "protocol": "http", 
    "name": "book", 
    "read_timeout": 60000, 
    "port": 80, 
    "path": "/v1/books", 
    "updated_at": 1526455779, 
    "retries": 5, 
    "write_timeout": 60000
}
Add a Route to expose the Service
URL Format http://localhost:8001/services/{name of servie}/routes
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:30:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526455813, 
    "strip_path": true, 
    "hosts": null, 
    "preserve_host": false, 
    "regex_priority": 0, 
    "updated_at": 1526455813, 
    "paths": [
        "/v1/books"
    ], 
    "service": {
        "id": "36eff522-32e0-4544-991f-43212b7a7918"
    }, 
    "methods": null, 
    "protocols": [
        "http", 
        "https"
    ], 
    "id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5"    // {route_id} = id
}
Enabling the CORS plugin for a Service
URL Format http://localhost:8001/services/{name of servie}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:31:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484657000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "357188b7-bb16-45b1-a97e-690bd7420b47", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "cors"
}
Enabling the CORS plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:33:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484819000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "1648818d-9415-4962-b5cd-41e398847811", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "cors"
}
Enabling the Request Size Limiting plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=request-size-limiting"  \
--data "config.allowed_payload_size=4"   // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:34:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484837000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "647de075-6bfa-4a0f-9308-ed1656cb6323", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "request-size-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:34:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 35
X-Kong-Proxy-Latency: 65
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Request Size Limiting plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=request-size-limiting"  \
--data "config.allowed_payload_size=4"    // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:36:05 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484965000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "6f675eac-d8fe-4f06-8bed-4c259c215f88", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "request-size-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:36:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 29
X-Kong-Proxy-Latency: 5
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Basic Authentication plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:37:47 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485066000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "4e5f9b50-5134-476c-ae38-4320a26d0ea9", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "basic-auth"
}
Enabling the Basic Authentication plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:18 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485096000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "d8b08b35-ac71-4075-a014-5bd2c822471e", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "basic-auth"
}
Create a Consumer
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485120000, 
    "username": "jack", 
    "id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"    //{consumer_id} = id
}
Create a Credential
URL Format  http://localhost:8001/consumers/{username or consumer_id}/basic-auth    
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "username=jack@hotmail.com" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:39:35 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485176000, 
    "id": "cd78e858-cd53-443d-afad-f2933976c4e1", 
    "username": "jack@hotmail.com", 
    "password": "9b25ddfc4970ca034238b25f5238d61361230044", 
    "consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}
On line base64 tool address is http://tool.oschina.net/encrypt?type=3    
Key-Value about jack@hotmail.com:123456,its base64 value is :    
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=    
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)  

A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY=" 
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:40:00 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 31
X-Kong-Proxy-Latency: 56
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Request Size Limiting plugin for a Consumer
consumer_id={consumer_id}
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=request-size-limiting" \
--data "consumer_id=9f27da39-c03e-411d-8c7e-3400b2ed2098"  \
--data "config.allowed_payload_size=4"    // 128MB太大 不好找大小超过128M文件来做测试
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:41:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485277000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "2a5b4e15-3b87-45b0-92f2-713af13ca5a6", 
    "name": "request-size-limiting", 
    "enabled": true, 
    "consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:41:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 30
X-Kong-Proxy-Latency: 3
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]

上述过程用命令终端演示正确的Request Size Limiting配置启用和访问过程,我们还一直没有测试它是否真的配置正确,是否真的能正常工作生效,我们应该如何测试返回 {"message":"Request size limit exceeded"}这样的信息呢?同样,你搜遍整个互联网,也没人告诉你怎么测试返回{"message":"Request size limit exceeded"}这样的结果来印证我们关于Request Size Limiting实验的整个操作过程是完美正确的。

a). 我们会使用上一篇文章中编写的addCountry方法,用return 'ok' 取代它的整个新增实现代码

/home/myth/www/bookstore/application/api/controller/v1/Country.php

   public function addCountry(Request $request) {
        return 'ok';

    }

b). 我们将使用上一篇文章中下载的GeoIPCountryWhois.csv文件来作上传测试数据,我们的目的是要看返回结果:

{"message":"Request size limit exceeded"},注意状态码这行Header信息 HTTP/1.1 417

终端命令执行过程如下:

[root@contoso ~]# du -sh /root/GeoIPCountryWhois.csv
13M     /root/GeoIPCountryWhois.csv
[root@contoso ~]# INPUT=`cat /root/GeoIPCountryWhois.csv`  // 这个变量值太长无法提交,只能使用文件的形式上传测试数据

[root@contoso ~]# curl -i -X POST \
--url http://contoso.org:8000/v1/countries \
--header 'authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY=' \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--form 'file=@"/root/GeoIPCountryWhois.csv"'

HTTP/1.1 417
Date: Sun, 20 May 2018 02:05:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: kong/0.13.1
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token

{"message":"Request size limit exceeded"}



阅读更多
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭