Files
2026-07-13 12:32:21 +08:00

38 lines
1.8 KiB
Lua

local typedefs = require "kong.db.schema.typedefs"
local ALGORITHMS = {
"hmac-sha1",
"hmac-sha256",
"hmac-sha384",
"hmac-sha512",
}
return {
name = "hmac-auth",
fields = {
{ consumer = typedefs.no_consumer },
{ protocols = typedefs.protocols_http },
{ config = {
type = "record",
fields = {
{ hide_credentials = { description = "An optional boolean value telling the plugin to show or hide the credential from the upstream service.", type = "boolean", required = true, default = false }, },
{ clock_skew = { description = "Clock skew in seconds to prevent replay attacks.", type = "number", default = 300, gt = 0 }, },
{ anonymous = { description = "An optional string (Consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.", type = "string" }, },
{ validate_request_body = { description = "A boolean value telling the plugin to enable body validation.", type = "boolean", required = true, default = false }, },
{ enforce_headers = { description = "A list of headers that the client should at least use for HTTP signature creation.", type = "array",
elements = { type = "string" },
default = {},
}, },
{ algorithms = { description = "A list of HMAC digest algorithms that the user wants to support. Allowed values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384`, and `hmac-sha512`", type = "array",
elements = { type = "string", one_of = ALGORITHMS },
default = ALGORITHMS,
}, },
{ realm = { description = "When authentication fails the plugin sends `WWW-Authenticate` header with `realm` attribute value.", type = "string", required = false }, },
},
},
},
},
}