From 73e1c8d743c0dc4114a6d9c1a233b0e564a78c8e Mon Sep 17 00:00:00 2001
From: wklken <wklken@gmail.com>
Date: Mon, 27 Nov 2023 14:34:32 +0800
Subject: [PATCH 1/3] fix(bk-auth-verify): add app_code/app_secret length check

---
 .../bk-auth-verify/app-account-verifier.lua   |  9 ++++++
 .../test-app-account-verifier.lua             | 29 +++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua b/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
index a456613..b7882c8 100644
--- a/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
+++ b/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
@@ -20,6 +20,7 @@ local app_account_utils = require("apisix.plugins.bk-auth-verify.app-account-uti
 local bk_app_define = require("apisix.plugins.bk-define.app")
 local bk_cache = require("apisix.plugins.bk-cache.init")
 local setmetatable = setmetatable
+local string       = string
 
 local _M = {}
 
@@ -45,6 +46,14 @@ function _M.verify_app(self)
         return bk_app_define.new_anonymous_app("app code cannot be empty")
     end
 
+    -- check the length before call bkauth apis
+    if string.len(self.app_code) > 32 then
+        return bk_app_define.new_anonymous_app("app code cannot be longer than 32 characters")
+    end
+    if string.len(self.app_secret) > 128 then
+        return bk_app_define.new_anonymous_app("app secret cannot be longer than 128 characters")
+    end
+
     if not pl_types.is_empty(self.app_secret) then
         return self:verify_by_app_secret()
     end
diff --git a/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua b/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
index 9ed25f9..ce56f34 100644
--- a/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
+++ b/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
@@ -83,6 +83,35 @@ describe(
                     end
                 )
 
+                it(
+                    "app_code length is greather 32", function()
+                        local auth_params = auth_params_mod.new({
+                            bk_app_code = "123456789012345678901234567890123",
+                        })
+                        local verifier = app_account_verifier_mod.new(auth_params)
+
+                        local app = verifier:verify_app()
+                        assert.is_equal(app.app_code, "")
+                        assert.is_false(app.verified)
+                        assert.is_equal(app.valid_error_message, "app code cannot be longer than 32 characters")
+                    end
+                )
+
+                it(
+                    "app_secret length is greather 128", function()
+                        local auth_params = auth_params_mod.new({
+                            bk_app_code = "hello",
+                            bk_app_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                        })
+                        local verifier = app_account_verifier_mod.new(auth_params)
+
+                        local app = verifier:verify_app()
+                        assert.is_equal(app.app_code, "")
+                        assert.is_false(app.verified)
+                        assert.is_equal(app.valid_error_message, "app secret cannot be longer than 128 characters")
+                    end
+                )
+
                 it(
                     "app secret is not empty", function()
                         auth_params = auth_params_mod.new(

From ba0bb5ef6688afbf5c014b013b744f7ab6800013 Mon Sep 17 00:00:00 2001
From: wklken <wklken@gmail.com>
Date: Mon, 27 Nov 2023 14:41:07 +0800
Subject: [PATCH 2/3] fix(bk-auth-verify): move into the bk_secret not empty
 section

---
 .../bk-auth-verify/app-account-verifier.lua      | 16 ++++++++--------
 .../bk-auth-verify/test-app-account-verifier.lua |  1 +
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua b/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
index b7882c8..7780eae 100644
--- a/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
+++ b/src/apisix/plugins/bk-auth-verify/app-account-verifier.lua
@@ -46,15 +46,15 @@ function _M.verify_app(self)
         return bk_app_define.new_anonymous_app("app code cannot be empty")
     end
 
-    -- check the length before call bkauth apis
-    if string.len(self.app_code) > 32 then
-        return bk_app_define.new_anonymous_app("app code cannot be longer than 32 characters")
-    end
-    if string.len(self.app_secret) > 128 then
-        return bk_app_define.new_anonymous_app("app secret cannot be longer than 128 characters")
-    end
-
     if not pl_types.is_empty(self.app_secret) then
+        -- check the length before call bkauth apis
+        if string.len(self.app_code) > 32 then
+            return bk_app_define.new_anonymous_app("app code cannot be longer than 32 characters")
+        end
+        if string.len(self.app_secret) > 128 then
+            return bk_app_define.new_anonymous_app("app secret cannot be longer than 128 characters")
+        end
+
         return self:verify_by_app_secret()
     end
 
diff --git a/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua b/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
index ce56f34..069210c 100644
--- a/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
+++ b/src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua
@@ -87,6 +87,7 @@ describe(
                     "app_code length is greather 32", function()
                         local auth_params = auth_params_mod.new({
                             bk_app_code = "123456789012345678901234567890123",
+                            bk_app_secret = "world",
                         })
                         local verifier = app_account_verifier_mod.new(auth_params)
 

From 42ed09dbfce86aa7adf5dd8cb1cfd9ac221bef3b Mon Sep 17 00:00:00 2001
From: wklken <wklken@gmail.com>
Date: Wed, 29 Nov 2023 17:30:13 +0800
Subject: [PATCH 3/3] fix(build/patches): patch to fix Chinese character as
 param in uri match failed

---
 .../006_use_encoded_uri_for_radixtree_match.patch  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 src/build/patches/006_use_encoded_uri_for_radixtree_match.patch

diff --git a/src/build/patches/006_use_encoded_uri_for_radixtree_match.patch b/src/build/patches/006_use_encoded_uri_for_radixtree_match.patch
new file mode 100644
index 0000000..2400dd2
--- /dev/null
+++ b/src/build/patches/006_use_encoded_uri_for_radixtree_match.patch
@@ -0,0 +1,14 @@
+diff --git a/apisix/http/route.lua b/apisix/http/route.lua
+index d475646b..bc97ef82 100644
+--- a/apisix/http/route.lua
++++ b/apisix/http/route.lua
+@@ -111,7 +111,8 @@ function _M.match_uri(uri_router, match_opts, api_ctx)
+     match_opts.vars = api_ctx.var
+     match_opts.matched = core.tablepool.fetch("matched_route_record", 0, 4)
+ 
+-    local ok = uri_router:dispatch(api_ctx.var.uri, match_opts, api_ctx, match_opts)
++    local encoded_uri = core.utils.uri_safe_encode(api_ctx.var.uri)
++    local ok = uri_router:dispatch(encoded_uri, match_opts, api_ctx, match_opts)
+     return ok
+ end
+