orange---openresty.---authorization,-129.0.1.227,jwt

需要有一个类似于API网关的中间件来做API的管理工作，也就是API的实现方面更多的考虑业务逻辑，安全、性能、监控可以交由网关来做（如下图所示，下图根据Kong官方文档修改）

通过MySQL存储来简单支持集群部署

支持多种条件匹配和变量提取

支持通过自定义插件方式扩展功能

默认内置六个插件

全局状态统计

自定义监控

URL重写

URI重定向

简单防火墙

代理、ABTesting、分流

 

1.227: ----orange install

docker pull mysql:5.7
docker pull syhily/orange

docker run --name orange-database -d -e MYSQL_ROOT_PASSWORD=your_root_pwd -p 3306:3306 mysql:5.7
docker exec -it orange-database /bin/bash

mysql -u root -p

CREATE DATABASE orange;
CREATE USER 'orange'@'%' IDENTIFIED BY 'orange';
GRANT ALL PRIVILEGES ON orange.* TO 'orange'@'%';

 

docker run -d --name orange \
--link orange-database:orange-database \
-p 7777:7777 \
-p 8888:8888 \
-p 9999:9999 \
--security-opt seccomp:unconfined \
-e ORANGE_DATABASE=orange \
-e ORANGE_HOST=orange-database \
-e ORANGE_PORT=3306 \
-e ORANGE_USER=orange \
-e ORANGE_PWD=orange \
syhily/orange

https://github.com/sumory/orange/issues?utf8=%E2%9C%93&q=auth

测试
后台管理
http://localhost:9999
Api service
http://localhost:7777/
实际使用转发Url
http://localhost:8888

https://github.com/sumory/orange

basic-author
wget --http-username=llq --http-password=1234 http://129.0.1.227:8888/api/test
curl -u llq:1234 http://129.0.1.227:8888/api/test
Authorization: Basic bGxxOjEyMzQ=
wget --header 'Authorization: Basic bGxxOjEyMzQ=' http://129.0.1.227:8888/api/test

md5;
https://github.com/sumory/orange/issues/72

You can use the hmac module in python to key-hash a message. More info here.

Here's a sample program:

import hmac
import md5

hash_key = 'secret hashing key'
hash = hmac.new(hash_key, 'this is the text to be hashed', md5)
value = hash.digest()
print hash.hexdigest()

 

I found a way to use a secret key authentication called HMAC (Hashed Message Authentication Code) and it
echo -n 'value' | openssl dgst -md5 -hmac 'key'
echo -n 'value' | openssl dgst -md5 -hmac 'key'

 

http://129.0.1.227:8888/httpmd5?uuid=akdflja1299330aa&pjcid=11111&sig= md5(uuid+pjcid+secret key)
akdflja1299330aa11111111111

akdflja1299330aa11111111111

echo -n 'akdflja1299330aa11111111111' | openssl dgst -md5 -hmac '111111'

http://129.0.1.227:8888/httpmd5?uuid=akdflja1299330aa&pjcid=11111&sig=1b04d8da6b7fb39c285b1463842fcd12

对应的请求是

http://domain.com/xxxxx?uuid=akdflja1299330aa&pjcod=11111&sig= md5(uuid+pjcod+secret key)

 http://orange.sumory.com/docs/

http://www.pangxieke.com/share/install-orange-api-gateway-by-docker.html

jwt:
https://segmentfault.com/a/1190000015677681