Help migrating 3rd party plugin to Kong 2.8.1

Greetings,

I’m having trouble updating an old 3rd party plugin. A few methods are already deprecated and the GitHub repository is pretty much dead, so no help there.

handler.lua (original):

local singletons = require "kong.singletons"
local responses = require "kong.tools.responses"

local table_insert = table.insert
local table_concat = table.concat

local jwt = require "resty.jwt"
local cjson = require "cjson"

local BasePlugin = require "kong.plugins.base_plugin"
local JwtCrafter = BasePlugin:extend()

JwtCrafter.PRIORITY = 10

function JwtCrafter:new()
  JwtCrafter.super.new(self, "jwt-crafter")
end

local function fetch_acls(consumer_id)
  local results, err = singletons.dao.acls:find_all {consumer_id = consumer_id}
  if err then
    return nil, err
  end
  return results
end

local function load_credential(consumer_id)
  -- Only HS256 is now supported, probably easy to add more if needed
  local rows, err = singletons.dao.jwt_secrets:find_all {consumer_id = consumer_id, algorithm = "HS256"}
  if err then
    return nil, err
  end
  return rows[1]
end

-- Executed for every request upon it's reception from a client and before it is being proxied to the upstream service.
function JwtCrafter:access(config)
  JwtCrafter.super.access(self)

  local consumer_id
  if ngx.ctx.authenticated_credential then
    consumer_id = ngx.ctx.authenticated_credential.consumer_id
  else
    return responses.send_HTTP_FORBIDDEN("Cannot identify the consumer, add an authentication plugin to generate JWT token")
  end

  local acls, err = fetch_acls(consumer_id)

  if err then
    return responses.send_HTTP_INTERNAL_SERVER_ERROR(err)
  end
  if not acls then acls = {} end

  -- Prepare header
  local str_acls = {}
  for _, v in ipairs(acls) do
    table_insert(str_acls, v.group)
  end

  -- Fetch JWT secret for signing
  local credential, err = load_credential(consumer_id)

  if err then
    return responses.send_HTTP_INTERNAL_SERVER_ERROR(err)
  end
  if not credential then
    return responses.send_HTTP_FORBIDDEN("Consumer has no JWT credential, cannot craft token")
  end

  -- Hooray, create the token finally
  local jwt_token = jwt:sign(
    credential.secret,
    {
      header = {
        typ = "JWT",
        alg = "HS256" -- load_credential only loads HS256 for now
      },
      payload = {
        sub = ngx.ctx.authenticated_consumer.id,
        nam = ngx.ctx.authenticated_credential.username or ngx.ctx.authenticated_credential.id,
        iss = credential.key,
        rol = str_acls,
        exp = ngx.time() + config.expires_in
      }
    }
  )

  ngx.say(
    cjson.encode(
      {
        access_token = jwt_token,
        token_type = "Bearer",
        expires_in = config.expires_in
      }
    )
  )
  ngx.exit(200)
end

return JwtCrafter

handler.lua (current):

local singletons = require "kong.singletons"

local table_insert = table.insert
local table_concat = table.concat

local jwt = require "resty.jwt"
local cjson = require "cjson"

local BasePlugin = require "kong.plugins.base_plugin"
local JwtCrafter = BasePlugin:extend()

JwtCrafter.PRIORITY = 10

function JwtCrafter:new()
  JwtCrafter.super.new(self, "jwt-crafter")
end

local function fetch_acls(consumer_id)
  local results, err = singletons.dao.acls:find_all {consumer_id = consumer_id}
  if err then
    return nil, err
  end
  return results
end

local function load_credential(consumer_id)
  -- Only HS256 is now supported, probably easy to add more if needed
  local rows, err = singletons.dao.jwt_secrets:find_all {consumer_id = consumer_id, algorithm = "HS256"}
  if err then
    return nil, err
  end
  return rows[1]
end

-- Executed for every request upon it's reception from a client and before it is being proxied to the upstream service.
function JwtCrafter:access(config)
  JwtCrafter.super.access(self)

  local consumer_id
  if ngx.ctx.authenticated_credential then
    consumer_id = ngx.ctx.authenticated_credential.consumer_id
  else
    return kong.response.exit(403, { message = "Cannot identify the consumer, add an authentication plugin to generate JWT token" })
  end

  local acls, err = fetch_acls(consumer_id)

  if err then
    return kong.response.exit(500, { message = err })
  end
  if not acls then acls = {} end

  -- Prepare header
  local str_acls = {}
  for _, v in ipairs(acls) do
    table_insert(str_acls, v.group)
  end

  -- Fetch JWT secret for signing
  local credential, err = load_credential(consumer_id)

  if err then
    return kong.response.exit(500, { message = err })
  end
  if not credential then
    return kong.response.exit(403, { message = "Consumer has no JWT credential, cannot craft token" })
  end

  -- Hooray, create the token finally
  local jwt_token = jwt:sign(
    credential.secret,
    {
      header = {
        typ = "JWT",
        alg = "HS256" -- load_credential only loads HS256 for now
      },
      payload = {
        sub = ngx.ctx.authenticated_consumer.id,
        nam = ngx.ctx.authenticated_credential.username or ngx.ctx.authenticated_credential.id,
        iss = credential.key,
        rol = str_acls,
        exp = ngx.time() + config.expires_in
      }
    }
  )

  ngx.say(
    cjson.encode(
      {
        access_token = jwt_token,
        token_type = "Bearer",
        expires_in = config.expires_in
      }
    )
  )
  ngx.exit(200)
end

return JwtCrafter

Container logs:

2022/08/17 10:58:53 [info] 1109#0: *2786 client 192.168.65.3 closed keepalive connection 2022/08/17 10:58:57 [debug] 1110#0: *2813 [lua] init.lua:288: [cluster_events] polling events from: 1660733917.297 2022/08/17 10:59:02 [debug] 1110#0: *2853 [lua] init.lua:288: [cluster_events] polling events from: 1660733937.29 2022/08/17 10:59:07 [debug] 1110#0: *2889 [lua] init.lua:288: [cluster_events] polling events from: 1660733937.29 2022/08/17 10:59:12 [debug] 1109#0: *2930 [lua] init.lua:288: [cluster_events] polling events from: 1660733937.29 2022/08/17 10:59:17 [debug] 1109#0: *2976 [lua] init.lua:288: [cluster_events] polling events from: 1660733937.29 2022/08/17 10:59:22 [debug] 1110#0: *3015 [lua] init.lua:288: [cluster_events] polling events from: 1660733937.29 2022/08/17 10:59:25 [debug] 1109#0: *3049 [lua] base_plugin.lua:26: access(): executing plugin "jwt-crafter": access 2022/08/17 10:59:25 [error] 1109#0: *3049 [kong] init.lua:297 [jwt-crafter] /opt/kong/plugins/jwt-crafter/handler.lua:19: attempt to index field 'dao' (a nil value), client: 192.168.65.3, server: kong, request: "GET /api/v1/publico HTTP/1.1", host: "localhost:31550" 192.168.65.3 - username [17/Aug/2022:10:59:25 +0000] "GET /api/v1/publico HTTP/1.1" 500 42 "-" "curl/7.83.1"

I’m not an expert on building Kong plugins or Lua itself but I’m confident that the find_all is the only deprecated method left.

thank you in advance