38 lines
1.8 KiB
Lua
38 lines
1.8 KiB
Lua
local typedefs = require "kong.db.schema.typedefs"
|
|
|
|
|
|
local ALGORITHMS = {
|
|
"hmac-sha1",
|
|
"hmac-sha256",
|
|
"hmac-sha384",
|
|
"hmac-sha512",
|
|
}
|
|
|
|
|
|
return {
|
|
name = "hmac-auth",
|
|
fields = {
|
|
{ consumer = typedefs.no_consumer },
|
|
{ protocols = typedefs.protocols_http },
|
|
{ config = {
|
|
type = "record",
|
|
fields = {
|
|
{ hide_credentials = { description = "An optional boolean value telling the plugin to show or hide the credential from the upstream service.", type = "boolean", required = true, default = false }, },
|
|
{ clock_skew = { description = "Clock skew in seconds to prevent replay attacks.", type = "number", default = 300, gt = 0 }, },
|
|
{ anonymous = { description = "An optional string (Consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.", type = "string" }, },
|
|
{ validate_request_body = { description = "A boolean value telling the plugin to enable body validation.", type = "boolean", required = true, default = false }, },
|
|
{ enforce_headers = { description = "A list of headers that the client should at least use for HTTP signature creation.", type = "array",
|
|
elements = { type = "string" },
|
|
default = {},
|
|
}, },
|
|
{ algorithms = { description = "A list of HMAC digest algorithms that the user wants to support. Allowed values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384`, and `hmac-sha512`", type = "array",
|
|
elements = { type = "string", one_of = ALGORITHMS },
|
|
default = ALGORITHMS,
|
|
}, },
|
|
{ realm = { description = "When authentication fails the plugin sends `WWW-Authenticate` header with `realm` attribute value.", type = "string", required = false }, },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|