From 9f18cdfc2f3f7f9bc6b14d4e55dfed02ae074ec4 Mon Sep 17 00:00:00 2001
From: An Tran <tkan145@gmail.com>
Date: Tue, 16 Apr 2024 15:37:35 +1000
Subject: [PATCH] [3scale_batcher] Update regrex to match app_id/access_token
 with special characters

---
 .../policy/3scale_batcher/keys_helper.lua     |  6 ++---
 .../3scale_batcher/keys_helper_spec.lua       | 27 +++++++++++++++----
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua b/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua
index 8b6a80035..21854ee5f 100644
--- a/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua
+++ b/gateway/src/apicast/policy/3scale_batcher/keys_helper.lua
@@ -40,9 +40,9 @@ end
 
 local regexes_report_key = {
   [[service_id:(?<service_id>[\w-]+),user_key:(?<user_key>[\S-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\w-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
-  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\S-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
+  [[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),metric:(?<metric>[\S-]+)]],
 }
 
 function _M.key_for_cached_auth(transaction)
diff --git a/spec/policy/3scale_batcher/keys_helper_spec.lua b/spec/policy/3scale_batcher/keys_helper_spec.lua
index ba061a5a0..32a60811c 100644
--- a/spec/policy/3scale_batcher/keys_helper_spec.lua
+++ b/spec/policy/3scale_batcher/keys_helper_spec.lua
@@ -1,6 +1,18 @@
 local keys_helper = require 'apicast.policy.3scale_batcher.keys_helper'
 local Usage = require 'apicast.usage'
 local Transaction = require 'apicast.policy.3scale_batcher.transaction'
+local JWT = require('resty.jwt')
+local rsa = require('fixtures.rsa')
+
+local access_token = setmetatable({
+  header = { typ = 'JWT', alg = 'RS256', kid = 'somekid' },
+  payload = {
+    iss = 'http://example.com/issuer',
+    sub = 'some',
+    aud = 'one',
+    exp = ngx.now() + 3600,
+  },
+}, { __tostring = function(jwt) return JWT:sign(rsa.private, jwt) end })
 
 describe('Keys Helper', function()
   describe('.key_for_cached_auth', function()
@@ -35,10 +47,10 @@ describe('Keys Helper', function()
       local report = keys_helper.report_from_key_batched_report(key)
       assert.same({ service_id = 's1', app_id = 'ai', app_key = 'ak', metric = 'm1' }, report)
 
-      -- special chars
-      key = 'service_id:s1,app_id:ai,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
+      -- app_key and app_id contain special chars
+      key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
       report = keys_helper.report_from_key_batched_report(key)
-      assert.same({ service_id = 's1', app_id = 'ai', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
+      assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
     end)
 
     it('returns a valid metric in case of special chars', function()
@@ -82,10 +94,10 @@ describe('Keys Helper', function()
     end)
 
     it('returns a report given a key of a batched report with access token', function()
-      local key = 'service_id:s1,access_token:at,metric:m1'
+      local key = 'service_id:s1,access_token:'..tostring(access_token)..',metric:m1'
 
       local report = keys_helper.report_from_key_batched_report(key)
-      assert.same({ service_id = 's1', access_token = 'at', metric = 'm1' }, report)
+      assert.same({ service_id = 's1', access_token = tostring(access_token), metric = 'm1' }, report)
     end)
 
     it('returns a report given a key of a batched report with app ID only', function()
@@ -93,6 +105,11 @@ describe('Keys Helper', function()
 
       local report = keys_helper.report_from_key_batched_report(key)
       assert.same({ service_id = 's1', app_id = 'ai', metric = 'm1'}, report)
+
+      -- special chars
+      key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,metric:m1'
+      report = keys_helper.report_from_key_batched_report(key)
+      assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', metric = 'm1'}, report)
     end)
 
     it('returns an error when key has no credentials', function()