fix: SSL handshaking isn't executed in request_chunk (for watch) (#89)

tokers · web-flow · commit 4a6da8d1b485 · 2020-11-02T20:55:31.000+08:00
diff --git a/lib/resty/etcd/v3.lua b/lib/resty/etcd/v3.lua
@@ -146,16 +146,17 @@ function _M.new(opts)
     end
 
     for _, host in ipairs(http_hosts) do
-        local m, err = re_match(host, [[\/\/([\d.\w]+):(\d+)]], "jo")
+        local m, err = re_match(host, [[([^\/]+)\:\/\/([\d.\w]+):(\d+)]], "jo")
         if not m then
             return nil, "invalid http host: " .. err
         end
 
         tab_insert(endpoints, {
             full_prefix = host .. utils.normalize(api_prefix),
             http_host   = host,
-            host        = m[1] or "127.0.0.1",
-            port        = m[2] or "2379",
+            scheme      = m[1],
+            host        = m[2] or "127.0.0.1",
+            port        = m[3] or "2379",
             api_prefix  = api_prefix,
         })
     end
@@ -450,7 +451,7 @@ local function txn(self, opts_arg, compare, success, failure)
 end
 
 
-local function request_chunk(self, method, host, port, path, opts, timeout)
+local function request_chunk(self, method, scheme, host, port, path, opts, timeout)
     local body, err, _
     if opts and opts.body and tab_nkeys(opts.body) > 0 then
         body, err = encode_json(opts.body)
@@ -493,6 +494,18 @@ local function request_chunk(self, method, host, port, path, opts, timeout)
         return nil, err
     end
 
+    if scheme == "https" then
+        local verify = true
+        if self.ssl_verify == false then
+            verify = false
+        end
+
+        ok, err = http_cli:ssl_handshake(nil, host, verify)
+        if not ok then
+            return nil, err
+        end
+    end
+
     local res
     res, err = http_cli:request({
         method  = method,
@@ -639,6 +652,7 @@ local function watch(self, key, attr)
     local endpoint = choose_endpoint(self)
 
     local callback_fun, err, http_cli = request_chunk(self, 'POST',
+                                endpoint.scheme,
                                 endpoint.host,
                                 endpoint.port,
                                 endpoint.api_prefix .. '/watch', opts,
diff --git a/t/v3/tls.t b/t/v3/tls.t
@@ -104,3 +104,61 @@ GET /t
 [error]
 --- response_body
 err: 18: self signed certificate
+
+
+
+=== TEST 3: watch(key)
+--- http_config eval: $::HttpConfig
+--- config
+    location /t {
+        content_by_lua_block {
+            local etcd, err = require("resty.etcd").new({
+                protocol = "v3",
+                ssl_verify = false,
+                http_host = {
+                    "https://127.0.0.1:12379",
+                    "https://127.0.0.1:22379",
+                    "https://127.0.0.1:32379",
+                }
+            })
+
+            check_res(etcd, err)
+
+            local res, err = etcd:set("/test", "abc")
+            check_res(res, err)
+
+            ngx.timer.at(0.1, function ()
+                etcd:set("/test", "bcd3")
+            end)
+
+            local cur_time = ngx.now()
+            local body_chunk_fun, err = etcd:watch("/test", {timeout = 0.5})
+            if not body_chunk_fun then
+                ngx.say("failed to watch: ", err)
+            end
+
+            local idx = 0
+            while true do
+                local chunk, err = body_chunk_fun()
+
+                if not chunk then
+                    if err then
+                        ngx.say(err)
+                    end
+                    break
+                end
+
+                idx = idx + 1
+                ngx.say(idx, ": ", require("cjson").encode(chunk.result))
+            end
+        }
+    }
+--- request
+GET /t
+--- no_error_log
+[error]
+--- response_body_like eval
+qr/1:.*"created":true.*
+2:.*"value":"bcd3".*
+timeout/
+--- timeout: 5
diff --git a/utils/check-lua-code-style.sh b/utils/check-lua-code-style.sh
