ignored paths don't support request methods about tyk HOT 5 CLOSED

A great idea - can't believe the feature was missed out! Tyk doesn't currently support method ignores out of the box, it would need to be added in (shouldn't be too hard though):

The things that would need doing are:

1. Enabling users creating new defs to add methods
2. Extending URLSpec to include a methods slice
3. Populating tURLSpecs
4. Actually checking if the method is supported when matched in a request

First off, https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L87 would need to be changed to use a map[string][]string, which would be map[<URL>]['method1', 'method2', ...], this way we can define ignored methods against URL's

Tyk converts these verbose definition elements into leaner objects called an ApiSpec (https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L134), these use regexps to identify paths quickly when a request hits the router, the ApiSpec maps a regexp to a URLSpec, which would need extending with a slice of strings such as []string Methods (https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L127) to hold the methods array that was created in the definition.

In order to populate this object at load time, we'd need to incorporate the new values into the MakeSpec function, in particular the loop that creates the URLSpec values: https://github.com/lonelycode/tyk/blob/master/api_definition_manager.go#L208

To actually ensure the HTTP method gets checked, the IsURLAllowedAndIgnored function would need extending to include a method check on match https://github.com/lonelycode/tyk/blob/721a05f468269e53c3d32d4063e80c4eb2ded91f/api_definition_manager.go#L333

It would also need to have it's signature changed to include the method data as part of the function parameters (or change it to take a request object pointer) https://github.com/lonelycode/tyk/blob/721a05f468269e53c3d32d4063e80c4eb2ded91f/api_definition_manager.go#L438

The versioning code that controls most of this needs refactoring, it's a little messy at the moment, would much rather have all these methods in the middleware, but that's something I'll tackle at a later date :-/

from tyk.

Great will try to look into it this weekend. Just ran into an issue that paths.ignored is still checked for authentication. Below my json. The target API has an endpoint POST /users/create and listen path is set to "/". TYK should ignore "/users/create" what I am doing wrong? Do I need to create a version or white list?

{
  "proxy": {
    "target_url": "TARGET",
    "listen_path": "/"
  },
  "version_data": {
    "versions": {
      "v1": {
        "paths": {
          "black_list": [],
          "white_list": [],
          "ignored": [
            "/users/create",
            "/users/auth"
          ]
        },
        "expires": "3000-01-02 15:04",
        "name": "Default"
      }
    },
    "not_versioned": true
  },
  "auth": {
    "auth_header_name": "Authorization"
  },
  "definition": {
    "key": "version",
    "location": "header"
  },
  "org_id": "default",
  "api_id": "1",
  "name": "Tyk Test API"
}

from tyk.

I think you may have identified a pretty serious bug!

In the loadApps() function in main.go, in the middleware chain, authentication happens before version checking. Which means ignores paths are only ignored in the context of being versioned, not being free of auth.

It should be a quick fix (I will patch tomorrow - it's 1am atm) simply moving &VersionCheck up above keyCheck should solve it, so long as it doesn't require user context (which I think it doesn't).

Good spot!

Btw are you running master branch or a binary version?

M.

from tyk.

Minor bugfix release for ignored paths now published:

https://github.com/lonelycode/tyk/releases/tag/v1.1.1

from tyk.

Awesome!
I am working off the binary BTW.

from tyk.