add zh docs for keyAuth (#227)

Signed-off-by: spacewander <[email protected]>
mosn · Jan 17, 2024 · 25984a2 · 25984a2
1 parent 05f96d2
commit 25984a2
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 11 deletions.
diff --git a/site/cmd/translator/prompt.txt b/site/cmd/translator/prompt.txt
@@ -41,7 +41,7 @@ The following rules should be followed when translating:
 * Metadata at the beginning of the document, between --- and ---, is in `key: value` format. The keys should not be translated.
 * The content within `` is not to be translated. The content between ``` and ``` should not be translated.
 * Markdown table content should not be translated, with the exception of the Required and Description columns.
-* Secondary headings beginning with '## Configuration' or '## Consumer Configuration', and the following headings should not be translated
+* The following headings after '## Configuration' or '## Consumer Configuration' should not be translated
 {{ $name := .DstName -}}
 {{range .Rules}}{{println "* If the target language is" $name "," .}}{{end}}
 

diff --git a/site/content/en/docs/reference/plugins/key_auth.md b/site/content/en/docs/reference/plugins/key_auth.md
@@ -15,24 +15,22 @@ The `keyAuth` plugin authenticates the client according to the consumers and the
 
 ## Configuration
 
-### Filter Configuration
-
 | Name | Type  | Required | Validation | Description                           |
 | ---- | ----- | -------- | ---------- | ------------------------------------- |
 | keys | Key[] | True     | min_len: 1 | Where to find the authentication key. |
 
 Keys configured in the `keys` field are matched one by one until one of them is matched.
 
-#### Key
+### Key
 
-| Name   | Type   | Required | Validation      | Description                                   |
-| ------ | ------ | -------- | --------------- | --------------------------------------------- |
-| name   | string | True     | min_len: 1      | The source's name                             |
-| source | enum   | False    | [header, query] | Where to find the token, default to `header`. |
+| Name   | Type   | Required | Validation      | Description                                 |
+|--------|--------|----------|-----------------|---------------------------------------------|
+| name   | string | True     | min_len: 1      | The source's name                           |
+| source | enum   | False    | [header, query] | Where to find the key, default to `header`. |
 
-When the `source` is `header`, it fetches the token from the configured request header `name`. It can also be `query`: fetch token from URL query string.
+When the `source` is `header`, it fetches the key from the configured request header `name`. It can also be `query`: fetch token from URL query string.
 
-### Consumer Configuration
+## Consumer Configuration
 
 | Name | Type   | Required | Validation | Description        |
 | ---- | ------ | -------- | ---------- | ------------------ |
@@ -83,7 +81,7 @@ $ curl -I 'http://127.0.0.1:10000/?ak=rick'
 HTTP/1.1 200 OK
 ```
 
-Note that if a `key` exists in the request, the subsequent keys will not be used to authenticate the client:
+Note that if a configured `key` exists in the request, the subsequent `key` in `keys` will not be used to authenticate the client:
 
 ```
 $ curl -I 'http://127.0.0.1:10000/?ak=rick' -H "Authorization: morty"

diff --git a/site/content/zh-hans/docs/reference/plugins/key_auth.md b/site/content/zh-hans/docs/reference/plugins/key_auth.md
@@ -0,0 +1,91 @@
+---
+title: Key Auth
+---
+
+## 说明
+
+`keyAuth` 插件根据消费者配置和请求中发送的密钥对客户端进行认证。
+
+## 属性
+
+|       |       |
+|-------|-------|
+| Type  | Authn |
+| Order | Authn |
+
+## 配置
+
+| 名称 | 类型  | 必选 | 校验规则   | 说明                 |
+|------|-------|------|------------|----------------------|
+| keys | Key[] | 是   | min_len: 1 | 查找认证密钥的位置。 |
+
+在 `keys` 字段中配置的密钥将逐一匹配，直到找到一个匹配的密钥。
+
+### Key
+
+| 名称   | 类型   | 必选 | 校验规则        | 说明                              |
+|--------|--------|------|-----------------|-----------------------------------|
+| name   | string | 是   | min_len: 1      | 来源的名称                        |
+| source | enum   | 否   | [header, query] | 查找密钥的位置，默认为 `header`。 |
+
+当 `source` 是 `header` 时，它会从配置的请求头 `name` 中获取密钥。它也可以是 `query`：此时会从 URL 查询字符串中获取令牌。
+
+## 消费者配置
+
+| 名称 | 类型   | 必选 | 校验规则   | 说明           |
+|------|--------|------|------------|----------------|
+| key  | string | 是   | min_len: 1 | 消费者的密钥。 |
+
+## 用法
+
+首先，让我们创建一个带有密钥 `rick` 的消费者：
+
+```yaml
+apiVersion: mosn.io/v1
+kind: Consumer
+metadata:
+  name: consumer
+  namespace: default
+spec:
+  auth:
+    keyAuth:
+      config:
+        key: rick
+```
+
+假设我们提供了如下配置到 `http://127.0.0.1:10000/`：
+
+```yaml
+keys:
+  - name: Authorization
+  - name: ak
+    source: query
+```
+
+插件将首先检查请求头 `Authorization`，然后检查查询参数 `ak`。
+
+让我们试一试：
+
+```
+$ curl -I http://127.0.0.1:10000/ -H "Authorization: rick"
+HTTP/1.1 200 OK
+```
+
+```
+$ curl -I http://127.0.0.1:10000/ -H "Authorization: morty"
+HTTP/1.1 401 Unauthorized
+```
+
+```
+$ curl -I 'http://127.0.0.1:10000/?ak=rick'
+HTTP/1.1 200 OK
+```
+
+注意，如果请求中存在一个配置的 `key`，那么在 `keys` 中后续的 `key` 将不会用于认证客户端：
+
+```
+$ curl -I 'http://127.0.0.1:10000/?ak=rick' -H "Authorization: morty"
+HTTP/1.1 401 Unauthorized
+```
+
+在上面的例子中，请求被拒绝，因为 `Authorization` 中的密钥不正确。这避免了黑客通过提供多个密钥伪造不同客户端的安全风险。