Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API KEY Unique #11197

Open
dvdieu opened this issue Apr 24, 2024 · 8 comments · May be fixed by #12040
Open

API KEY Unique #11197

dvdieu opened this issue Apr 24, 2024 · 8 comments · May be fixed by #12040
Assignees
@Baoyuantop
Labels
bug Something isn't working

Comments

@dvdieu
Copy link

dvdieu commented Apr 24, 2024

Description

API KEY can be use for purpose Authentication, to do that API KEY need require to unique for all Consumer
@nitishfy
Copy link

The API_KEY is already unique for different consumers. No two users have the same api_key.

@dvdieu
Copy link
Author

dvdieu commented Apr 24, 2024

The API_KEY is already unique for different consumers. No two users have the same api_key.

Hi,
I realy created 2 consumer with the same API KEY, you can try this

@kayx23
Copy link
Member

kayx23 commented Apr 25, 2024
edited
Loading

The consumer username should be unique

@dvdieu
Copy link
Author

dvdieu commented Apr 25, 2024
edited
Loading

username required unique but API Key also, because if API Key not unique for all user how about your detect user A with user B.

What happens when the username is unique but the API Key is duplicate, then determining which user is calling is impossible

@moonming
Copy link
Member

username required unique but API Key also, because if API Key not unique for all user how about your detect user A with user B.

What happens when the username is unique but the API Key is duplicate, then determining which user is calling is impossible

@dvdieu You are right, if there are duplicate API keys, it is impossible to identify different consumers.
I don't have a good proposal on how to solve it yet, because Apache APISIX uses etcd as storage instead of a relational database, and it's not easy to determine if there are duplicates. What do you think?

@moonming moonming added the bug Something isn't working label Apr 26, 2024
@moonming moonming moved this from 📋 Backlog to 🏗 In progress in Apache APISIX backlog Apr 26, 2024
@dvdieu
Copy link
Author

dvdieu commented Apr 27, 2024

You are right, if there are duplicate API keys, it is impossible to identify different consumers.
I don't have a good proposal on how to solve it yet, because Apache APISIX uses etcd as storage instead of a relational database, and it's not easy to determine if there are duplicates. What do you think?

i think
local client = etcd.client({host = etcd_host, port = etcd_port})
local response, err = client:get(key)
if err then
return false
end
if response.count > 1 then
return true
else
return false
end

for scaling we can using redis for check before insert to ectd

@moonming
Copy link
Member

You are right, if there are duplicate API keys, it is impossible to identify different consumers.
I don't have a good proposal on how to solve it yet, because Apache APISIX uses etcd as storage instead of a relational database, and it's not easy to determine if there are duplicates. What do you think?

i think local client = etcd.client({host = etcd_host, port = etcd_port}) local response, err = client:get(key) if err then return false end if response.count > 1 then return true else return false end

for scaling we can using redis for check before insert to ectd

If this judgment logic can be added when adding API key instead of processing client requests, it is good for me

@dvdieu
Copy link
Author

dvdieu commented Oct 9, 2024

Please update this bug

@Baoyuantop Baoyuantop self-assigned this Mar 11, 2025
@Baoyuantop Baoyuantop linked a pull request Mar 11, 2025 that will close this issue
Open
5 tasks
@Baoyuantop Baoyuantop moved this from 🏗 In progress to 👀 In review in Apache APISIX backlog Mar 26, 2025
@Baoyuantop Baoyuantop moved this from 👀 In review to 🏗 In progress in Apache APISIX backlog Mar 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Baoyuantop Baoyuantop

Labels
bug Something isn't working
Projects
Apache APISIX backlog
Status: 🏗 In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: consumer key duplication check Baoyuantop/apisix
5 participants
@dvdieu @moonming @Baoyuantop @kayx23 @nitishfy