From 1316d360ff365a549dccd5f2b57afef6a2476150 Mon Sep 17 00:00:00 2001 From: Se7en <40051120+cr7258@users.noreply.github.com> Date: Fri, 28 Jun 2024 17:57:28 +0800 Subject: [PATCH] feat: Add plugins to higress console (#315) --- README.md | 2 +- .../main/resources/plugins/ai-cache/spec.yaml | 10 ++--- .../plugins/ai-prompt-decorator/spec.yaml | 11 +++-- .../plugins/ai-prompt-template/spec.yaml | 11 +++-- .../main/resources/plugins/ai-proxy/spec.yaml | 10 ++--- .../main/resources/plugins/ai-rag/spec.yaml | 10 ++--- .../plugins/ai-security-guard/spec.yaml | 10 ++--- .../resources/plugins/ai-statistics/spec.yaml | 11 +++-- .../plugins/ai-token-ratelimit/spec.yaml | 8 ++-- .../plugins/ai-transformer/spec.yaml | 11 +++-- .../resources/plugins/basic-auth/spec.yaml | 7 ++-- .../resources/plugins/bot-detect/spec.yaml | 6 ++- .../resources/plugins/cache-control/spec.yaml | 25 +++++++++++ .../plugins/cluster-key-rate-limit/spec.yaml | 42 +++++++++++++++++++ .../src/main/resources/plugins/cors/spec.yaml | 34 +++++++++++++++ .../plugins/custom-response/spec.yaml | 8 ++-- .../resources/plugins/de-graphql/spec.yaml | 34 +++++++++++++++ .../resources/plugins/hmac-auth/spec.yaml | 9 ++-- .../plugins/ip-restriction/spec.yaml | 27 ++++++++++++ .../main/resources/plugins/jwt-auth/spec.yaml | 7 ++-- .../main/resources/plugins/key-auth/spec.yaml | 11 ++--- .../plugins/key-rate-limit/spec.yaml | 9 ++-- .../src/main/resources/plugins/oidc/spec.yaml | 37 ++++++++++++++++ .../main/resources/plugins/plugins.properties | 24 +++++++++-- .../resources/plugins/request-block/spec.yaml | 8 ++-- .../plugins/request-validation/spec.yaml | 32 ++++++++++++++ .../resources/plugins/sni-misdirect/README.md | 11 ----- .../resources/plugins/sni-misdirect/spec.yaml | 17 -------- .../resources/plugins/transformer/spec.yaml | 34 +++++++++++++++ .../src/main/resources/plugins/waf/spec.yaml | 6 ++- 30 files changed, 373 insertions(+), 109 deletions(-) create mode 100644 backend/sdk/src/main/resources/plugins/cache-control/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/cors/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/oidc/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/request-validation/spec.yaml delete mode 100644 backend/sdk/src/main/resources/plugins/sni-misdirect/README.md delete mode 100644 backend/sdk/src/main/resources/plugins/sni-misdirect/spec.yaml create mode 100644 backend/sdk/src/main/resources/plugins/transformer/spec.yaml diff --git a/README.md b/README.md index 6201a363..3519fcdf 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ npm run build #### 第二步、编译 & 镜像 ```bash -sh bulid.sh +cd backend && sh bulid.sh # 脚本中涉及docker命令,本地调试可注释 ``` diff --git a/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml index cf4d8d73..5a3ea2e1 100644 --- a/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-cache/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-cache - title: AI缓存 + title: AI Cache x-title-i18n: - zh-CN: AI缓存 - description: 大模型结果缓存 + zh-CN: AI 缓存 + description: Cache the response of large language models, significantly reduce the response latency of similar problems and save costs. x-description-i18n: - zh-CN: 大模型结果缓存 + zh-CN: 缓存大语言模型的响应结果,显著降低相似问题的响应时延并节省成本。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml index 9b0f5139..e0de6d09 100644 --- a/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-prompt-decorator/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-prompt-decorator - title: AI提示词修饰器 + title: AI Prompt Decorator x-title-i18n: - zh-CN: AI提示词修饰器 - description: 对LLM提示词进行修改 + zh-CN: AI 提示词修饰 + description: Add additional prompts before and after the user's input to simplify the interaction between the user and the large language model. x-description-i18n: - zh-CN: 对LLM提示词进行修改 + zh-CN: 在用户输入的提示词前后添加额外的修饰,简化用户与大语言模型的交互。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: @@ -30,4 +30,3 @@ spec: append: - role: user content: "在介绍杭州时,避开杭州的饮食" - diff --git a/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml index 63be4213..fb599109 100644 --- a/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-prompt-template/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-prompt-template - title: AI提示词模板 + title: AI Prompt Template x-title-i18n: - zh-CN: AI提示词模板 - description: 基于模板构建LLM提示词 + zh-CN: AI 提示词模板 + description: Quickly construct fixed-format prompts based on templates. x-description-i18n: - zh-CN: 基于模板构建LLM提示词 + zh-CN: 基于模板快速构建固定格式的提示词。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: @@ -28,4 +28,3 @@ spec: content: '你是一个 {{program}} 专家,编程语言为 {{language}}' - role: user content: '帮我写一个 {{program}} 程序' - diff --git a/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml index 6fd8ba70..b59b0f2f 100644 --- a/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-proxy/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-proxy - title: AI代理 + title: AI Proxy x-title-i18n: - zh-CN: AI代理 - description: 通过AI助手提供智能对话服务 + zh-CN: AI 代理 + description: Provide unified OpenAI API compatible interface to call different AI service providers. x-description-i18n: - zh-CN: 通过AI助手提供智能对话服务 + zh-CN: 实现了基于 OpenAI API 规范的代理功能,通过统一的接口调用不同的 AI 服务提供商。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml index e30a1273..bce8eb95 100644 --- a/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-rag/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-rag - title: AI检索增强生成 + title: AI RAG x-title-i18n: - zh-CN: AI检索增强生成 - description: 通过RAG技术优化大模型生成内容 + zh-CN: AI 检索增强生成 + description: Simplify the development of RAG applications by integrating with Alibaba Cloud Vector Retrieval Service (DashVector) and optimize the generated content of large models. x-description-i18n: - zh-CN: 通过RAG技术优化大模型生成内容 + zh-CN: 通过对接阿里云向量检索服务(DashVector)简化 RAG 应用的开发,优化大模型的生成内容。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml index c4bad471..bc547524 100644 --- a/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-security-guard/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-security-guard - title: AI内容安全 + title: AI Security Guard x-title-i18n: - zh-CN: AI内容安全 - description: 基于阿里云内容安全对大模型的输入输出进行安全检测 + zh-CN: AI 内容安全 + description: Securely check the input and output of large models based on Alibaba Cloud Content Moderation Service. x-description-i18n: - zh-CN: 基于阿里云内容安全对大模型的输入输出进行安全检测 + zh-CN: 基于阿里云内容安全服务对大模型的输入输出进行安全检测。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml index 5ef0d813..421527d2 100644 --- a/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-statistics/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-statistics - title: AI可观测 + title: AI Statistics x-title-i18n: - zh-CN: AI可观测 - description: 生成AI可观测数据 + zh-CN: AI 统计 + description: Provides statistics of token usage, including logs, monitoring, and alerts. x-description-i18n: - zh-CN: 生成AI可观测数据 + zh-CN: 提供了对 token 用量的统计信息,包括日志、监控以及告警。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: @@ -20,4 +20,3 @@ spec: type: object example: enable: true - diff --git a/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml index 989a8794..20a05451 100644 --- a/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-token-ratelimit/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-token-ratelimit - title: AI Token 限流 + title: AI Token Rate Limit x-title-i18n: zh-CN: AI Token 限流 - description: 对大模型服务进行 Token 限流 + description: Implement token rate limiting based on specific keys, where the key source can be URL parameters, HTTP request headers, client IP addresses, etc. x-description-i18n: - zh-CN: 对大模型服务进行 Token 限流 + zh-CN: 基于特定键值实现 token 限流,键值来源可以是 URL 参数、HTTP 请求头、客户端 IP 地址等。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml b/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml index 652fecd9..01d02207 100644 --- a/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/ai-transformer/spec.yaml @@ -1,13 +1,13 @@ apiVersion: 1.0.0 info: - category: custom + category: ai name: ai-transformer - title: AI请求/响应转换 + title: AI Transformer x-title-i18n: - zh-CN: AI请求/响应转换 - description: 基于LLM对请求/响应进行智能转换 + zh-CN: AI 请求/响应转换 + description: Modify the requests/responses of the gateway in a natural language way without writing code. x-description-i18n: - zh-CN: 基于LLM对请求/响应进行智能转换 + zh-CN: 无须编写代码,使用自然语言的方式对网关的请求/响应进行修改。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN018iKKih1iVx287RltL_!!6000000004419-2-tps-42-42.png version: 1.0.0 contact: @@ -29,4 +29,3 @@ spec: serviceName: qwen domain: dashscope.aliyuncs.com sk: sk-xxxxxxxxxxxxxxxxxxx - diff --git a/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml index 27440be8..f502add7 100644 --- a/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/basic-auth/spec.yaml @@ -3,9 +3,11 @@ info: category: auth name: basic-auth/v1 title: Basic Auth - description: 本插件实现了基于 HTTP Basic Auth 标准进行认证鉴权的功能。 + x-title-i18n: + zh-CN: Basic 认证 + description: implement authentication feature based on HTTP Basic Auth standard. x-description-i18n: - en-US: This plugin implements an authentication function based on HTTP Basic Auth standard. + zh-CN: 实现基于 HTTP Basic Auth 标准进行认证鉴权的功能。 iconUrl: https://img.alicdn.com/imgextra/i4/O1CN01BPFGlT1pGZ2VDLgaH_!!6000000005333-2-tps-42-42.png version: 1.0.0 contact: @@ -82,7 +84,6 @@ spec: example: global_auth: false consumers: - # 注意!该凭证仅做示例使用,请勿用于具体业务,造成安全风险 - name: consumer1 credential: admin:123456 - name: consumer2 diff --git a/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml b/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml index 245bee89..cf03322c 100644 --- a/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/bot-detect/spec.yaml @@ -3,9 +3,11 @@ info: category: security name: bot-detect/v1 title: Bot Detect - description: 用于识别并阻止互联网爬虫对站点资源的爬取 + x-title-i18n: + zh-CN: 机器人拦截 + description: Identify and block resource crawling from bots on the Internet. x-description-i18n: - en-US: Identify and block resource crawling from bots on the Internet + zh-CN: 用于识别并阻止互联网爬虫对站点资源的爬取。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN01jKT9vC1O059vNaq5u_!!6000000001642-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml b/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml new file mode 100644 index 00000000..32e2ae05 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/cache-control/spec.yaml @@ -0,0 +1,25 @@ +apiVersion: 1.0.0 +info: + category: transformation + name: cache-control + title: Cache Control + x-title-i18n: + zh-CN: 缓存控制 + description: Add Expires and Cache-Control headers to the response headers to facilitate browser caching of specific file types, such as jpg, png, and other image files. + x-description-i18n: + zh-CN: 为响应头部添加 Expires 和 Cache-Control 头部,从而方便浏览器对特定后缀的文件进行缓存,例如 jpg、png 等图片文件。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 420 + configSchema: + openAPIV3Schema: + type: object + example: + suffix: jpg|png|jpeg + expires: 3600 diff --git a/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml b/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml new file mode 100644 index 00000000..003609cf --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/cluster-key-rate-limit/spec.yaml @@ -0,0 +1,42 @@ +apiVersion: 1.0.0 +info: + category: traffic + name: cluster-key-rate-limit + title: Key Cluster Rate Limit + x-title-i18n: + zh-CN: 基于 Key 集群限流 + description: Implement cluster-level rate limiting based on specific key values, which can be derived from URL parameters, HTTP request headers, client IP addresses, etc. + x-description-i18n: + zh-CN: 根据特定键值实现集群层面的限流,键值来源可以是 URL 参数、HTTP 请求头、客户端 IP 地址等。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: UNSPECIFIED_PHASE + priority: 20 + configSchema: + openAPIV3Schema: + type: object + example: + rule_name: default_rule + rule_items: + - limit_by_param: apikey + limit_keys: + - key: 9a342114-ba8a-11ec-b1bf-00163e1250b5 + query_per_minute: 10 + - key: a6a6d7f2-ba8a-11ec-bec2-00163e1250b5 + query_per_hour: 100 + - limit_by_per_param: apikey + limit_keys: + - key: "regexp:^a.*" + query_per_second: 10 + - key: "regexp:^b.*" + query_per_minute: 100 + - key: "*" + query_per_hour: 1000 + redis: + service_name: redis.static + show_limit_quota_header: true diff --git a/backend/sdk/src/main/resources/plugins/cors/spec.yaml b/backend/sdk/src/main/resources/plugins/cors/spec.yaml new file mode 100644 index 00000000..819b4222 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/cors/spec.yaml @@ -0,0 +1,34 @@ +apiVersion: 1.0.0 +info: + category: security + name: cors + title: CORS + x-title-i18n: + zh-CN: CORS + description: Enables CORS (Cross-Origin Resource Sharing) HTTP response headers for the server. + x-description-i18n: + zh-CN: 为服务端启用 CORS(Cross-Origin Resource Sharing,跨域资源共享)的返回 HTTP 响应头。 + iconUrl: https://img.alicdn.com/imgextra/i1/O1CN01jKT9vC1O059vNaq5u_!!6000000001642-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHZ + priority: 340 + configSchema: + openAPIV3Schema: + type: object + example: + allow_origins: + - '*' + allow_methods: + - '*' + allow_headers: + - '*' + expose_headers: + - '*' + allow_credentials: false + max_age: 7200 + diff --git a/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml b/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml index d171672d..7d5fd277 100644 --- a/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/custom-response/spec.yaml @@ -1,11 +1,13 @@ apiVersion: 1.0.0 info: - category: traffic + category: transformation name: custom-response/v1 title: Custom Response - description: 支持配置自定义的响应,包括自定义 HTTP 应答状态码、HTTP 应答头,以及 HTTP 应答 Body + x-title-i18n: + zh-CN: 自定义应答 + description: Support configuring custom responses, including HTTP response status code, header and body. x-description-i18n: - en-US: Support configuring custom responses, including HTTP response status code, header and body + zh-CN: 支持配置自定义的响应,包括自定义 HTTP 应答状态码、HTTP 应答头,以及 HTTP 应答 Body。 iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png version: 1.0.0 contact: diff --git a/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml b/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml new file mode 100644 index 00000000..1d912319 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/de-graphql/spec.yaml @@ -0,0 +1,34 @@ +apiVersion: 1.0.0 +info: + category: transformation + name: de-graphql + title: DeGraphQL + x-title-i18n: + zh-CN: DeGraphQL + description: Convert a RESTful API to a GraphQL request. + x-description-i18n: + zh-CN: 将 Restful API 转换为 GraphQL 请求。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 430 + configSchema: + openAPIV3Schema: + type: object + example: + timeout: 5000 + endpoint: /graphql + domain: api.github.com + gql: | + query ($owner:String! $name:String!){ + repository(owner:$owner, name:$name) { + name + forkCount + description + } + } diff --git a/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml index 8e327fd7..f1c9244e 100644 --- a/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/hmac-auth/spec.yaml @@ -2,10 +2,12 @@ apiVersion: 1.0.0 info: category: auth name: hmac-auth/v1 - title: HMAC Auth - description: 基于 HMAC 算法为 HTTP 请求生成不可伪造的签名,并基于签名实现身份认证和鉴权 + title: HMAC Auth + x-title-i18n: + zh-CN: HMAC 认证 + description: Generate a unforgeable signatures using HMAC algorithms and perform authentication and authorization with it. x-description-i18n: - en-US: Generate a unforgeable signatures using HMAC algorithms and perform authentication and authorization with it + zh-CN: 基于 HMAC 算法为 HTTP 请求生成不可伪造的签名,并基于签名实现身份认证和鉴权。 iconUrl: https://img.alicdn.com/imgextra/i4/O1CN01BPFGlT1pGZ2VDLgaH_!!6000000005333-2-tps-42-42.png version: 1.0.0 contact: @@ -21,7 +23,6 @@ spec: example: global_auth: false consumers: - # 注意!该凭证仅做示例使用,请勿用于具体业务,造成安全风险 - key: appKey-example-1 secret: appSecret-example-1 name: consumer-1 diff --git a/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml b/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml new file mode 100644 index 00000000..24fa084f --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/ip-restriction/spec.yaml @@ -0,0 +1,27 @@ +apiVersion: 1.0.0 +info: + category: traffic + name: ip-restriction + title: IP Restriction + x-title-i18n: + zh-CN: IP 限制 + description: Add IP addresses to a whitelist or blacklist to restrict access to services or routes. + x-description-i18n: + zh-CN: 通过将 IP 地址列入白名单或黑名单来限制对服务或路由的访问。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 210 + configSchema: + openAPIV3Schema: + type: object + example: + ip_source_type: origin-source + allow: + - 10.0.0.1 + - 192.168.0.0/16 diff --git a/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml index 180d4667..194e6572 100644 --- a/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/jwt-auth/spec.yaml @@ -3,9 +3,11 @@ info: category: auth name: jwt-auth/v1 title: JWT Auth - description: 实现了基于JSON Web Tokens进行认证鉴权的功能,支持从HTTP请求的URL参数、请求头、Cookie字段解析JWT,同时验证该Token是否有权限访问 + x-title-i18n: + zh-CN: JWT 认证 + description: Implement an authentication and authorization feature based on JSON Web Tokens, which supports extracting JWT from URL parameters, request headers and cookies, and checking whether the given token is allowed to access the corresponding resource. x-description-i18n: - en-US: Implement an authentication and authorization feature based on JSON Web Tokens, which supports extracting JWT from URL parameters, request headers and cookies, and checking whether the given token is allowed to access the corresponding resource. + zh-CN: 实现了基于 JSON Web Token 进行认证鉴权的功能,支持从 HTTP 请求的 URL 参数、请求头、Cookie 字段解析 JWT,同时验证该 Token 是否有权限访问。 iconUrl: https://img.alicdn.com/imgextra/i4/O1CN01BPFGlT1pGZ2VDLgaH_!!6000000005333-2-tps-42-42.png version: 1.0.0 contact: @@ -21,7 +23,6 @@ spec: example: global_auth: false consumers: - # 注意!该凭证仅做示例使用,请勿用于具体业务,造成安全风险 - name: consumer1 issuer: abcd jwks: | diff --git a/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml b/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml index fe6ed9aa..fc39fcca 100644 --- a/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/key-auth/spec.yaml @@ -3,9 +3,11 @@ info: category: auth name: key-auth/v1 title: Key Auth - description: 基于 API Key 实现身份认证和鉴权 + x-title-i18n: + zh-CN: Key 认证 + description: Authentication based on API Key. x-description-i18n: - en-US: Authentication based on API Key + zh-CN: 基于 API Key 实现身份认证和鉴权。 iconUrl: https://img.alicdn.com/imgextra/i4/O1CN01BPFGlT1pGZ2VDLgaH_!!6000000005333-2-tps-42-42.png version: 1.0.0 contact: @@ -114,11 +116,10 @@ spec: - allow example: global_auth: false - # 注意!该凭证仅做示例使用,请勿用于具体业务,造成安全风险 consumers: - - credential: 2bda943c-ba2b-11ec-ba07-00163e1250b5 + - credential: key-example1 name: consumer1 - - credential: c8c8e9ca-558e-4a2d-bb62-e700dcc40e35 + - credential: key-example2 name: consumer2 keys: - apikey diff --git a/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml b/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml index e8756b61..7aacf987 100644 --- a/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/key-rate-limit/spec.yaml @@ -1,11 +1,13 @@ apiVersion: 1.0.0 info: - category: security + category: traffic name: key-rate-limit/v1 title: Key Rate Limit - description: 根据特定键值实现限流,键值来源可以是 URL 参数、HTTP 请求头 + x-title-i18n: + zh-CN: 基于 Key 限流 + description: Perform rate-limiting based on given keys and values, which can be extracted from URL parameters and HTTP request headers. x-description-i18n: - en-US: Perform rate-limiting based on given keys and values, which can be extracted from URL parameters and HTTP request headers. + zh-CN: 根据特定键值实现限流,键值来源可以是 URL 参数、HTTP 请求头。 iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png version: 1.0.0 contact: @@ -13,6 +15,7 @@ info: url: http://higress.io/ email: admin@higress.io spec: + phase: UNSPECIFIED_PHASE priority: 10 configSchema: openAPIV3Schema: diff --git a/backend/sdk/src/main/resources/plugins/oidc/spec.yaml b/backend/sdk/src/main/resources/plugins/oidc/spec.yaml new file mode 100644 index 00000000..fb32bb47 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/oidc/spec.yaml @@ -0,0 +1,37 @@ +apiVersion: 1.0.0 +info: + category: auth + name: oidc + title: OIDC Auth + x-title-i18n: + zh-CN: OIDC 认证 + description: Implement user authentication based on the OpenID Connect standard. + x-description-i18n: + zh-CN: 实现基于 OpenID Connect 标准的用户身份验证。 + iconUrl: https://img.alicdn.com/imgextra/i4/O1CN01BPFGlT1pGZ2VDLgaH_!!6000000005333-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 350 + configSchema: + openAPIV3Schema: + type: object + example: + issuer: "https://dev-65874123.okta.com" + redirect_url: "http://foo.bar.com/a/oauth2/callback" + scopes: + - "openid" + - "email" + client_url: "http://foo.bar.com/a" + cookie_domain: "foo.bar.com" + client_id: "xxxxxxxxxxxxxxx" + client_secret: "xxxxxxx" + service_domain: "dev-65874123.okta.com" + service_name: "okta" + service_port: 443 + service_source: "dns" + timeout_millis: 2000 diff --git a/backend/sdk/src/main/resources/plugins/plugins.properties b/backend/sdk/src/main/resources/plugins/plugins.properties index 691ac73e..28667355 100644 --- a/backend/sdk/src/main/resources/plugins/plugins.properties +++ b/backend/sdk/src/main/resources/plugins/plugins.properties @@ -11,6 +11,7 @@ # specific language governing permissions and limitations under the License. # +# AI ai-prompt-decorator=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-decorator:1.0.0 ai-prompt-template=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-template:1.0.0 ai-rag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-rag:1.0.0 @@ -20,13 +21,28 @@ ai-token-ratelimit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai ai-transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-transformer:1.0.0 ai-cache=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-cache:1.0.0 ai-proxy=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:1.0.0 + +# Auth basic-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/basic-auth:1.0.0 key-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-auth:1.0.0 -hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:1.0.0 +oidc=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oidc:1.0.0 jwt-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jwt-auth:1.0.0 -bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:1.0.0 +hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:1.0.0 + +# Transformation custom-response=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/custom-response:1.0.0 -key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:1.0.0 +transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/transformer:1.0.0 +cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-control:1.0.0 +de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:1.0.0 + +# Traffic request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:1.0.0 -#sni-misdirect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/sni-misdirect:1.0.0 +key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:1.0.0 +cluster-key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cluster-key-rate-limit:1.0.0 +ip-restriction=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ip-restriction:1.0.0 +request-validation=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-validation:1.0.0 + +# Security +bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:1.0.0 waf=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/waf:1.0.1 +cors=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cors:1.0.1 diff --git a/backend/sdk/src/main/resources/plugins/request-block/spec.yaml b/backend/sdk/src/main/resources/plugins/request-block/spec.yaml index 85a926e4..f8245c68 100644 --- a/backend/sdk/src/main/resources/plugins/request-block/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/request-block/spec.yaml @@ -3,10 +3,12 @@ info: category: security name: request-block/v1 title: Request Block - description: 基于 URI、请求头等特征屏蔽 HTTP 请求,可以用于防护部分站点资源不对外部暴露 + x-title-i18n: + zh-CN: 请求屏蔽 + description: Block HTTP requests based on characteristics like URI and request headers, which can be used to prevent some of the resources being accessed. x-description-i18n: - en-US: Block HTTP requests based on characteristics like URI and request headers, which can be used to prevent some of the resources being accessed. - iconUrl: https://img.alicdn.com/imgextra/i1/O1CN01jKT9vC1O059vNaq5u_!!6000000001642-2-tps-42-42.png + zh-CN: 基于 URI、请求头等特征屏蔽 HTTP 请求,可以用于防护部分站点资源不对外部暴露。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png version: 1.0.0 contact: name: Higress Team diff --git a/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml b/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml new file mode 100644 index 00000000..630c1f22 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/request-validation/spec.yaml @@ -0,0 +1,32 @@ +apiVersion: 1.0.0 +info: + category: traffic + name: request-validation + title: Request Validation + x-title-i18n: + zh-CN: 请求校验 + description: Validate the requests forwarded to the upstream service in advance, which can verify the data of the request body and headers. + x-description-i18n: + zh-CN: 提前验证向上游服务转发的请求,可以验证请求的 Body 以及 Header 的数据。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 220 + configSchema: + openAPIV3Schema: + type: object + example: + body_schema: + type: object + required: + - boolean_payload + properties: + boolean_payload: + type: boolean + rejected_code: 403 + rejected_msg: "请求被拒绝" diff --git a/backend/sdk/src/main/resources/plugins/sni-misdirect/README.md b/backend/sdk/src/main/resources/plugins/sni-misdirect/README.md deleted file mode 100644 index 456f7764..00000000 --- a/backend/sdk/src/main/resources/plugins/sni-misdirect/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# 功能说明 -`sni-misdirect`插件用于解决网关开启 HTTP2 时,因为浏览器复用连接导致访问出现 404 等问题。 - -# 插件原理 - -HTTP2 协议允许两个不同域名的请求,在域名解析到相同 IP,并且使用了相同证书的情况下,复用同一条连接。这在一些特殊场景会导致复用连接的请求发送给了错误的 Virtual Host 进行处理,从而导致出现 404 等问题。 -本插件基于`HTTP/2 RFC 7540`的`9.1.1`和`9.1.2`章节描述,在发现请求 SNI 与当前 Virtual Host 不匹配时,发送 HTTP 421 状态码,强制浏览器新建连接,并根据当前请求域名生成匹配的 SNI,从而让网关能正确处理路由。 - -# 浏览器兼容性 - -`Safari` 浏览器 `15.1` 版本以下不支持 HTTP 421 状态码,若有此类客户端访问场景,建议对相应域名关闭 HTTP2 的 ALPN diff --git a/backend/sdk/src/main/resources/plugins/sni-misdirect/spec.yaml b/backend/sdk/src/main/resources/plugins/sni-misdirect/spec.yaml deleted file mode 100644 index f546dc7d..00000000 --- a/backend/sdk/src/main/resources/plugins/sni-misdirect/spec.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: 1.0.0 -info: - category: other - name: sni-misdirect/v1 - title: SNI Misdirect - description: SNI 连接错误复用处理插件 - x-description-i18n: - en-US: SNI misdirect plugin - iconUrl: https://img.alicdn.com/imgextra/i2/O1CN01xIywow1mVGuRUjbhe_!!6000000004959-2-tps-42-42.png - version: 1.0.0 - contact: - name: Higress Team - url: http://higress.io/ - email: admin@higress.io -spec: - phase: AUTHZ - priority: 330 \ No newline at end of file diff --git a/backend/sdk/src/main/resources/plugins/transformer/spec.yaml b/backend/sdk/src/main/resources/plugins/transformer/spec.yaml new file mode 100644 index 00000000..9361e7c3 --- /dev/null +++ b/backend/sdk/src/main/resources/plugins/transformer/spec.yaml @@ -0,0 +1,34 @@ +apiVersion: 1.0.0 +info: + category: transformation + name: transformer + title: Transformer + x-title-i18n: + zh-CN: 请求/响应转换 + description: Convert request/response headers, request query parameters, and request/response body parameters. + x-description-i18n: + zh-CN: 对请求/响应头、请求查询参数、请求/响应体参数进行转换。 + iconUrl: https://img.alicdn.com/imgextra/i3/O1CN01bAFa9k1t1gdQcVTH0_!!6000000005842-2-tps-42-42.png + version: 1.0.0 + contact: + name: Higress Team + url: http://higress.io/ + email: admin@higress.io +spec: + phase: AUTHN + priority: 410 + configSchema: + openAPIV3Schema: + type: object + example: + reqRules: + - operate: remove + headers: + - key: X-remove + respRules: + - operate: add + body: + - key: foo.bar + value: value + + diff --git a/backend/sdk/src/main/resources/plugins/waf/spec.yaml b/backend/sdk/src/main/resources/plugins/waf/spec.yaml index d95fa079..c6133ea7 100644 --- a/backend/sdk/src/main/resources/plugins/waf/spec.yaml +++ b/backend/sdk/src/main/resources/plugins/waf/spec.yaml @@ -3,9 +3,11 @@ info: category: security name: waf/v1 title: WAF - description: 支持基于 OWASP ModSecurity Core Rule Set (CRS) 的 WAF 规则配置 + x-title-i18n: + zh-CN: WAF 防护 + description: Support configuring WAF rules based on OWASP ModSecurity Core Rule Set (CRS). x-description-i18n: - en-US: Support configuring WAF rules based on OWASP ModSecurity Core Rule Set (CRS) + zh-CN: 支持基于 OWASP ModSecurity Core Rule Set (CRS) 的 WAF 规则配置。 iconUrl: https://img.alicdn.com/imgextra/i1/O1CN01jKT9vC1O059vNaq5u_!!6000000001642-2-tps-42-42.png version: 1.0.1 contact: