f3l3gy/ReadMe.md

## ReadMe.md

      
    Raw
  

              ReadMe.md
            
          
    Kong JWT test


Clone Kong/docker-kong repo fom Github: git@github.com:Kong/docker-kong.git
Pimp up docker-compose, as you can see below in docker-compose.yml
Run docker-compose: cd docker-kong/compose and docker-compose up

Here we are using ping to check the health of the core-data micro service (core-data operates on port 6543 by default).
http://192.168.10.130:6543/api/v1/ping
Kong listen on IP: 192.168.10.20, ports 8000 and 8001
Registrate service to Kong

$ curl -X POST --url http://192.168.10.20:8001/services/ \
-d "name=core-data" \
-d "url=http://192.168.10.130:6543" 

{"host":"192.168.10.130","created_at":1542662026,"connect_timeout":60000,"id":"a17d890c-b6d6-4157-ae88-3773aee894ed","protocol":"http","name":"core-data","read_timeout":60000,"port":6543,"path":null,"updated_at":1542662026,"retries":5,"write_timeout":60000}

Add route to service

$ curl -X POST  --url http://192.168.10.20:8001/services/core-data/routes  --data "paths[]=/core-data"

{"created_at":1542662379,"strip_path":true,"hosts":null,"preserve_host":false,"regex_priority":0,"updated_at":1542662379,"paths":["\/core-data"],"service":{"id":"e7e84380-3d4b-43fb-8910-86f38511af91"},"methods":null,"protocols":["http","https"],"id":"cbc5dce5-472a-4cc5-98f0-dcc9f64d66ad"}

$ curl -i -X GET --url http://192.168.10.20:8000/core-data/api/v1/ping

HTTP/1.1 200 OK                         
Content-Type: text/plain; charset=utf-8 
Transfer-Encoding: chunked              
Connection: keep-alive                  
Server: Microsoft-HTTPAPI/2.0           
Date: Mon, 19 Nov 2018 21:24:45 GMT     
X-Kong-Upstream-Latency: 2              
X-Kong-Proxy-Latency: 0                 
Via: kong/0.14.1                        
                                        
Pong                                    
Setting up JWT plugin to service

$ curl-X POST  --url http://192.168.10.20:8001/services/core-data/plugins -d "name=jwt"

{"created_at":1542662730000,"config":{"secret_is_base64":false,"key_claim_name":"iss","cookie_names":{},"maximum_expiration":0,"anonymous":"","run_on_preflight":true,"uri_param_names":["jwt"]},"id":"f66ac080-e532-4fe4-bcad-7ed5785f2c3e","enabled":true,"service_id":"e7e84380-3d4b-43fb-8910-86f38511af91","name":"jwt"}

$ curl -i -X GET --url http://192.168.10.20:8000/core-data/api/v1/ping

HTTP/1.1 401 Unauthorized
Date: Mon, 19 Nov 2018 21:25:36 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: kong/0.14.1
Content-Length: 27

{"message":"Unauthorized"}

Create customer and JWT token

$ curl -X POST  --url http://192.168.10.20:8001/consumers -d "username=felegy"

{"custom_id":null,"created_at":1542662794,"username":"felegy","id":"3ddfab05-a0b6-42f3-b91f-7065795db13d"}

$ curl -X POST  --url http://192.168.10.20:8001/consumers/felegy/jwt -H "Content-Type: application/x-www-form-urlencoded"

{"created_at":1542662959000,"id":"4b2d8af5-7d6a-49dc-92ab-bbccdbb36193","algorithm":"HS256","key":"mxjwd8YcXs44xpDvUCiNUtD7FXqehsj9","secret":"wTMoShWJ2t0G7ku8suL0I4h78soWiECv","consumer_id":"3ddfab05-a0b6-42f3-b91f-7065795db13d"}
jwt.io helps to create signed and encrypted token:
HEADER:
{
  "alg": "HS256",
  "typ": "JWT"
}

PAYLOAD:
{
  "iss": "mxjwd8YcXs44xpDvUCiNUtD7FXqehsj9",
  "username": "felegy"
}

VERIFY SIGNATURE:
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  
wTMoShWJ2t0G7ku8suL0I4h78soWiECv

)

and as you can see (on a left side at
jwt.io)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJteGp3ZDhZY1hzNDR4cER2VUNpTlV0RDdGWHFlaHNqOSIsInVzZXJuYW1lIjoiZmVsZWd5In0.vrdQE2s7f7sQPZ20BkQn_9qQl5EW0cqMr1Kl7pU4eMw
Using token to authorize the request to core-data access:

$ curl -i -X GET --url http://192.168.10.20:8000/core-data/api/v1/ping -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJteGp3ZDhZY1hzNDR4 cER2VUNpTlV0RDdGWHFlaHNqOSIsInVzZXJuYW1lIjoiZmVsZWd5In0.vrdQE2s7f7sQPZ20BkQn_9qQl5EW0cqMr1Kl7pU4eMw"

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 19 Nov 2018 21:35:17 GMT
X-Kong-Upstream-Latency: 3
X-Kong-Proxy-Latency: 15
Via: kong/0.14.1

Pong
Another test request for checking upstream headers:

$ curl -i -X GET --url http://192.168.10.20:8000/core-data/api/v1/headers -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJteGp3ZDhZY1hzN DR4cER2VUNpTlV0RDdGWHFlaHNqOSIsInVzZXJuYW1lIjoiZmVsZWd5In0.vrdQE2s7f7sQPZ20BkQn_9qQl5EW0cqMr1Kl7pU4eMw"

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 19 Nov 2018 21:38:17 GMT
X-Kong-Upstream-Latency: 131
X-Kong-Proxy-Latency: 1
Via: kong/0.14.1
[
  {
    "key": "X-Forwarded-For",
    "value": [ "192.168.10.130" ]
  },
  {
    "key": "X-Forwarded-Proto",
    "value": [ "http" ]
  },
  {
    "key": "X-Forwarded-Host",
    "value": [ "192.168.10.20" ]
  },
  {
    "key": "X-Forwarded-Port",
    "value": [ "8000" ]
  },
  {
    "key": "X-Real-IP",
    "value": [ "192.168.10.130" ]
  },
  {
    "key": "X-Consumer-ID",
    "value": [ "3ddfab05-a0b6-42f3-b91f-7065795db13d" ]
  },
  {
    "key": "X-Consumer-Username",
    "value": [ "felegy" ]
  },
  {
    "key": "Connection",
    "value": [ "keep-alive" ]
  },
  {
    "key": "Accept",
    "value": [ "*/*;q=1" ]
  },
  {
    "key": "Authorization",
    "value": [ "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJteGp3ZDhZY1hzNDR4cER2VUNpTlV0RDdGWHFlaHNqOSIsInVzZXJuYW1lIjoiZmVsZWd5In0.vrdQE2s7f7sQPZ20BkQn_9qQl5EW0cqMr1Kl7pU4eMw" ]
  },
  {
    "key": "Host",
    "value": [ "192.168.10.130:6543" ]
  },
  {
    "key": "User-Agent",
    "value": [ "curl/7.55.1" ]
  }
]

  
## docker-compose.yml
version: '3.3'
services:
  konga:
    image: pantsel/konga
    ports:
      - "1337:1337/tcp"
    volumes:
      - konga_data:/app/kongadata
  kong:
    image: "${KONG_DOCKER_TAG:-kong:latest}"
    command: kong start --run-migrations

    environment:
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: '0.0.0.0:8001'
      KONG_CASSANDRA_CONTACT_POINTS: db
      KONG_DATABASE: postgres
      KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
      KONG_PG_HOST: db
      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-kong}
      KONG_PG_USER: ${KONG_PG_USER:-kong}
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
    links:
      - db:db
    ports:
      - "8000:8000/tcp"
      - "8001:8001/tcp"
      - "8443:8443/tcp"
      - "8444:8444/tcp"
    restart: on-failure
  db:
    image: postgres:9.5
    environment:
      POSTGRES_DB: ${KONG_PG_DATABASE:-kong}
      POSTGRES_PASSWORD: ${KONG_PG_PASSWORD:-kong}
      POSTGRES_USER: ${KONG_PG_USER:-kong}
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "${KONG_PG_USER:-kong}"]
      interval: 30s
      timeout: 30s
      retries: 3
    restart: on-failure
    stdin_open: true
    tty: true
volumes:
  konga_data:
	version: '3.3'
	services:
	konga:
	image: pantsel/konga
	ports:
	- "1337:1337/tcp"
	volumes:
	- konga_data:/app/kongadata
	kong:
	image: "${KONG_DOCKER_TAG:-kong:latest}"
	command: kong start --run-migrations

	environment:
	KONG_ADMIN_ACCESS_LOG: /dev/stdout
	KONG_ADMIN_ERROR_LOG: /dev/stderr
	KONG_ADMIN_LISTEN: '0.0.0.0:8001'
	KONG_CASSANDRA_CONTACT_POINTS: db
	KONG_DATABASE: postgres
	KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
	KONG_PG_HOST: db
	KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-kong}
	KONG_PG_USER: ${KONG_PG_USER:-kong}
	KONG_PROXY_ACCESS_LOG: /dev/stdout
	KONG_PROXY_ERROR_LOG: /dev/stderr
	links:
	- db:db
	ports:
	- "8000:8000/tcp"
	- "8001:8001/tcp"
	- "8443:8443/tcp"
	- "8444:8444/tcp"
	restart: on-failure
	db:
	image: postgres:9.5
	environment:
	POSTGRES_DB: ${KONG_PG_DATABASE:-kong}
	POSTGRES_PASSWORD: ${KONG_PG_PASSWORD:-kong}
	POSTGRES_USER: ${KONG_PG_USER:-kong}
	healthcheck:
	test: ["CMD", "pg_isready", "-U", "${KONG_PG_USER:-kong}"]
	interval: 30s
	timeout: 30s
	retries: 3
	restart: on-failure
	stdin_open: true
	tty: true
	volumes:
	konga_data: