How to get generated KeyAuth keys for hashing

bungle · August 15, 2019, 10:15am

Basically we just call this:

Kong/kong/blob/next/kong/tools/utils.lua#L226


local char = string.char
local rand = math.random
local encode_base64 = ngx.encode_base64


-- generate a random-looking string by retrieving a chunk of bytes and
-- replacing non-alphanumeric characters with random alphanumeric replacements
-- (we dont care about deriving these bytes securely)
-- this serves to attempt to maintain some backward compatibility with the
-- previous implementation (stripping a UUID of its hyphens), while significantly
-- expanding the size of the keyspace.
local function random_string()
  -- get 24 bytes, which will return a 32 char string after encoding
  -- this is done in attempt to maintain backwards compatibility as
  -- much as possible while improving the strength of this function
  return encode_base64(get_rand_bytes(24, true))
         :gsub("/", char(rand(48, 57)))  -- 0 - 10
         :gsub("+", char(rand(65, 90)))  -- A - Z
         :gsub("=", char(rand(97, 122))) -- a - z
end


_M.random_string = random_string

When we do process_auto_fields:

github.com

Kong/kong/blob/next/kong/db/schema/init.lua#L1524


end


if field.auto then
  if field.uuid then
    if (context == "insert" or context == "upsert") and data[key] == nil then
      data[key] = utils.uuid()
    end


  elseif field.type == "string" then
    if (context == "insert" or context == "upsert") and data[key] == nil then
      data[key] = utils.random_string()
    end


  elseif key == "created_at"
         and (context == "insert" or context == "upsert")
         and (data[key] == null or data[key] == nil) then
    if field.type == "number" then
      data[key] = now_ms
    elseif field.type == "integer" then
      data[key] = now_s
    end

Which we call on DAO insert:

github.com

Kong/kong/blob/next/kong/db/dao/init.lua#L254


  if has_errors then
    local err_t = self.errors:foreign_keys_unresolved(errors)
    return nil, tostring(err_t), err_t
  end


  return true
end




local function check_insert(self, entity, options)
  local entity_to_insert, err = self.schema:process_auto_fields(entity, "insert")
  if not entity_to_insert then
    local err_t = self.errors:schema_violation(err)
    return nil, tostring(err_t), err_t
  end


  local ok, err, err_t = resolve_foreign(self, entity_to_insert)
  if not ok then
    return nil, err, err_t
  end

github.com

Kong/kong/blob/next/kong/db/dao/init.lua#L855


end




function DAO:insert(entity, options)
  validate_entity_type(entity)


  if options ~= nil then
    validate_options_type(options)
  end


  local entity_to_insert, err, err_t = check_insert(self, entity, options)
  if not entity_to_insert then
    return nil, err, err_t
  end


  local row, err_t = self.strategy:insert(entity_to_insert, options)
  if not row then
    return nil, tostring(err_t), err_t
  end


  row, err, err_t = self:row_to_entity(row, options)

Perhaps you can automatically generate the key yourself using the kong.tools.utils.random_string() and put that to self.args.post.key in case the request does not contain key?

Topic		Replies	Views
Key Authentication Plugin key publish algorithm Questions	1	595	June 2, 2021
Kong Key-Auth; return a specific HTTP code?	1	990	May 6, 2019
Is hashing apikeys in kong is possible? if yes can you let us know the steps Questions	0	193	April 11, 2023
How can we use custom apikey instead of auto generate by kong for consumers in key-authentication Questions	1	471	June 1, 2018
How to automatically generate API key? Questions kubernetes	4	1143	November 21, 2023

How to get generated KeyAuth keys for hashing

Related topics