in plugins/wasm-cpp/common/route_rule_matcher.h [435:555]
bool parseAuthRuleConfig(const json& config) {
bool has_rules = false;
int32_t key_count = config.size();
auto it = config.find("_rules_");
if (it != config.end()) {
has_rules = true;
key_count--;
}
auto auth_it = config.find("global_auth");
if (auth_it != config.end()) {
auto global_auth_value = JsonValueAs<bool>(auth_it.value());
if (global_auth_value.second !=
Wasm::Common::JsonParserResultDetail::OK ||
!global_auth_value.first) {
LOG_WARN(
"failed to parse 'global_auth' field in filter configuration.");
return false;
}
global_auth_ = global_auth_value.first.value();
}
PluginConfig plugin_config;
// has other config fields
if (key_count > 0 && parsePluginConfig(config, plugin_config)) {
global_config_ = std::move(plugin_config);
}
if (!has_rules) {
return global_config_ ? true : false;
}
auto rules = it.value();
if (!rules.is_array()) {
LOG_WARN("'_rules_' field is not an array");
return false;
}
for (const auto& item : rules.items()) {
AuthRuleConfig auth_rule;
auto config = item.value();
// ignore the '_match_route_' or '_match_domain_' field
auto local_config_size = config.size() - 1;
auto has_allow = config.find("allow");
if (has_allow != config.end()) {
local_config_size -= 1;
LOG_DEBUG("has allow filed");
if (!JsonArrayIterate(config, "allow", [&](const json& allow) -> bool {
auto parse_result = JsonValueAs<std::string>(allow);
if (parse_result.second !=
Wasm::Common::JsonParserResultDetail::OK ||
!parse_result.first) {
LOG_WARN(
"failed to parse 'allow' field in filter "
"configuration.");
return false;
}
auth_rule.allow_set.insert(parse_result.first.value());
return true;
})) {
LOG_WARN("failed to parse configuration for allow");
return false;
}
}
auto has_disable = config.find("_disable_");
if (has_disable != config.end()) {
local_config_size -= 1;
auto disable = JsonValueAs<bool>(has_disable.value());
if (disable.second == Wasm::Common::JsonParserResultDetail::OK) {
auth_rule.rule_config.disable = disable.first.value();
}
}
if (local_config_size > 0) {
if (!parsePluginConfig(config, auth_rule.rule_config.config)) {
if (has_allow == config.end()) {
LOG_WARN("parse rule's config failed");
return false;
}
} else {
auth_rule.has_local_config = true;
}
}
if (!parseRouteMatchConfig(config, auth_rule.rule_config.routes)) {
LOG_WARN("failed to parse configuration for _match_route_");
return false;
}
if (!parseRoutePrefixMatchConfig(config,
auth_rule.rule_config.route_prefixs)) {
LOG_WARN("failed to parse configuration for _match_route_prefix_");
return false;
}
if (!parseServiceMatchConfig(config, auth_rule.rule_config.services)) {
LOG_WARN("failed to parse configuration for _match_service_");
return false;
}
if (!parseDomainMatchConfig(config, auth_rule.rule_config.hosts)) {
LOG_WARN("failed to parse configuration for _match_domain_");
return false;
}
auto has_route = !auth_rule.rule_config.routes.empty();
auto has_route_prefix = !auth_rule.rule_config.route_prefixs.empty();
auto has_host = !auth_rule.rule_config.hosts.empty();
auto has_service = !auth_rule.rule_config.services.empty();
if (has_route + has_route_prefix + has_host + has_service == 0) {
LOG_WARN(
"there is at least one of '_match_route_', '_match_domain_', "
"'_match_route_prefix_' and '_match_service_' can "
"present in configuration.");
return false;
}
if (has_route) {
auth_rule.rule_config.category = CATEGORY::Route;
if (has_service) {
auth_rule.rule_config.category = CATEGORY::RouteAndService;
}
} else if (has_route_prefix) {
auth_rule.rule_config.category = CATEGORY::RoutePrefix;
} else if (has_service) {
auth_rule.rule_config.category = CATEGORY::Service;
} else {
auth_rule.rule_config.category = CATEGORY::Host;
}
auth_rule_config_.push_back(std::move(auth_rule));
}
return true;
}