fix(bk-auth-verify): add app_code/app_secret length check

src/apisix/plugins/bk-auth-verify/app-account-verifier.lua

@@ -20,6 +20,7 @@ local app_account_utils = require("apisix.plugins.bk-auth-verify.app-account-uti
 local bk_app_define = require("apisix.plugins.bk-define.app")
 local bk_cache = require("apisix.plugins.bk-cache.init")
 local setmetatable = setmetatable
+local string       = string
 
 local _M = {}
 
@@ -46,6 +47,14 @@ function _M.verify_app(self)
     end
 
     if not pl_types.is_empty(self.app_secret) then
+        -- check the length before call bkauth apis
+        if string.len(self.app_code) > 32 then
+            return bk_app_define.new_anonymous_app("app code cannot be longer than 32 characters")
+        end
+        if string.len(self.app_secret) > 128 then
+            return bk_app_define.new_anonymous_app("app secret cannot be longer than 128 characters")
+        end
+
         return self:verify_by_app_secret()
     end
 

src/apisix/tests/bk-auth-verify/test-app-account-verifier.lua

@@ -83,6 +83,36 @@ describe(
                     end
                 )
 
+                it(
+                    "app_code length is greather 32", function()
+                        local auth_params = auth_params_mod.new({
+                            bk_app_code = "123456789012345678901234567890123",
+                            bk_app_secret = "world",
+                        })
+                        local verifier = app_account_verifier_mod.new(auth_params)
+
+                        local app = verifier:verify_app()
+                        assert.is_equal(app.app_code, "")
+                        assert.is_false(app.verified)
+                        assert.is_equal(app.valid_error_message, "app code cannot be longer than 32 characters")
+                    end
+                )
+
+                it(
+                    "app_secret length is greather 128", function()
+                        local auth_params = auth_params_mod.new({
+                            bk_app_code = "hello",
+                            bk_app_secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                        })
+                        local verifier = app_account_verifier_mod.new(auth_params)
+
+                        local app = verifier:verify_app()
+                        assert.is_equal(app.app_code, "")
+                        assert.is_false(app.verified)
+                        assert.is_equal(app.valid_error_message, "app secret cannot be longer than 128 characters")
+                    end
+                )
+
                 it(
                     "app secret is not empty", function()
                         auth_params = auth_params_mod.new(