Apisix-dashboard: bug: when user not fill in `remote address` , `remote_addrs` should be [], but not [""]

Created on 1 Dec 2020  路  9Comments  路  Source: apache/apisix-dashboard

Bug report

How to Reproduce

  1. use dashboard to create a route without filling in remote address

  2. wait a few minutes, will find some error log like

2020/12/01 22:44:48 [error] 34404#36781528: *230358 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds,  etcd key: /apisix/routes, context: ngx.timer
2020/12/01 22:44:48 [error] 34408#36781532: *230380 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds,  etcd key: /apisix/routes, context: ngx.timer
2020/12/01 22:44:48 [error] 34409#36781533: *230352 [lua] config_etcd.lua:509: failed to fetch data from etcd: failed to check item data of [/apisix/routes] err:property "remote_addrs" validation failed: failed to validate item 1: object matches none of the requireds,  etcd key: /apisix/routes, context: ngx.timer

  1. the route doesn't work
backend bug frontend

All 9 comments

@juzhiyuan

Server API should never trust input

sure锛宐ackend need to fix it too

sure锛宐ackend need to fix it too

APISIX has fixed this bug: https://github.com/apache/apisix/pull/2907/files

need to sync the JSON schema.

related issue https://github.com/apache/apisix-dashboard/issues/856#issuecomment-736578374

Just to make sure, will manager-api check the input from the client? (no matter using API or frontend), the manager-api must not trust any data from client.

cc @nic-chen @membphis @ShiningRush

oh I noticed this comment, API should never trust any data from client.

Server API should never trust input

I noticed that remote_addrs is not required in apisix. When the user does not enter remote_addrs, should the client pass [] or not pass the remote_addrs field? @nic-chen

@LiteSun

"not pass the remote_addrs field" should be better.

I noticed that remote_addrs is not required in apisix. When the user does not enter remote_addrs, should the client pass [] or not pass the remote_addrs field? @nic-chen

https://github.com/apache/apisix-dashboard/issues/856#issuecomment-736624035 I have replied this question before.

When the user not filled, should no field remote_addrs. this should be a bug of the frontend

Was this page helpful?
0 / 5 - 0 ratings