From b00715f4ca91f11f2f00ac8050439b448ddb328b Mon Sep 17 00:00:00 2001 From: Water-Melon Date: Fri, 21 Nov 2025 12:38:51 +0800 Subject: [PATCH] feat(redis): support cloud Redis AuthN Remove the read only restriction on object methods and add a flag to control whether auth is required after each connection. --- README.md | 1 + lib/resty/session/redis.lua | 11 +++++------ lib/resty/session/redis/cluster.lua | 9 ++++----- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 8f3f2e45..72be3ac6 100644 --- a/README.md +++ b/README.md @@ -363,6 +363,7 @@ With DHSM storage you can use the following settings (set the `storage` to `"dsh | `ssl` | `nil` | Enable SSL. | | `ssl_verify` | `nil` | Verify server certificate. | | `server_name` | `nil` | The server name for the new TLS extension Server Name Indication (SNI). | +| `force_auth` | `nil` | The flag controls whether to invoke auth after obtaining each Redis connection. | Please refer to [ngx-distributed-shm](https://github.com/grrolland/ngx-distributed-shm) to get necessary dependencies installed. diff --git a/lib/resty/session/redis.lua b/lib/resty/session/redis.lua index 291a1cdd..7aa06bb6 100644 --- a/lib/resty/session/redis.lua +++ b/lib/resty/session/redis.lua @@ -45,7 +45,7 @@ local function exec(self, func, ...) return nil, err end - if red:get_reused_times() == 0 then + if self.force_auth == true or red:get_reused_times() == 0 then local password = self.password if password then local username = self.username @@ -99,11 +99,6 @@ local metatable = {} metatable.__index = metatable -function metatable.__newindex() - error("attempt to update a read-only table", 2) -end - - --- -- Store session data. -- @@ -233,6 +228,8 @@ function storage.new(configuration) local ssl_verify = configuration and configuration.ssl_verify local server_name = configuration and configuration.server_name + local force_auth = configuration and configuration.force_auth + if ssl ~= nil or ssl_verify ~= nil or server_name or pool or pool_size or backlog then return setmetatable({ prefix = prefix, @@ -247,6 +244,7 @@ function storage.new(configuration) send_timeout = send_timeout, read_timeout = read_timeout, keepalive_timeout = keepalive_timeout, + force_auth = force_auth, options = { ssl = ssl, ssl_verify = ssl_verify, @@ -271,6 +269,7 @@ function storage.new(configuration) send_timeout = send_timeout, read_timeout = read_timeout, keepalive_timeout = keepalive_timeout, + force_auth = force_auth, }, metatable) end diff --git a/lib/resty/session/redis/cluster.lua b/lib/resty/session/redis/cluster.lua index c00323a8..500467fa 100644 --- a/lib/resty/session/redis/cluster.lua +++ b/lib/resty/session/redis/cluster.lua @@ -50,11 +50,6 @@ local metatable = {} metatable.__index = metatable -function metatable.__newindex() - error("attempt to update a read-only table", 2) -end - - --- -- Store session data. -- @@ -206,6 +201,8 @@ function storage.new(configuration) local ssl_verify = configuration and configuration.ssl_verify local server_name = configuration and configuration.server_name + local force_auth = configuration and configuration.force_auth + local auth if not username then @@ -235,6 +232,7 @@ function storage.new(configuration) auth = auth, username = username, password = password, + force_auth = force_auth, connect_opts = { ssl = ssl, ssl_verify = ssl_verify, @@ -266,6 +264,7 @@ function storage.new(configuration) auth = auth, username = username, password = password, + force_auth = force_auth, }, }, metatable) end