Ashing Zheng

> 个人自己尝试分析了一波这个请求的加密算法，和别的请求不太一样的是 headers 多了 Crpsign 和 Crtraceid，以及 order 接口的payload 似乎都加密了，技术有限，对加解密不是很懂哈哈哈哈，有办法的话可以一起整 花点时间看了一下，加密逻辑变了一些，但是整体还是可控，有时间的话，再更新下。

提交了一个 draft PR: https://github.com/ronething/xiudong-go/pull/7

PR 已经 merge，不过同样的，我暂时没有进行订单相关接口的处理。有兴趣的可以讨论下。 v0.0.2: https://github.com/ronething/xiudong-go/releases/tag/v0.0.2

Perhaps you can use the `consumer-restriction` plugin to implement your requirements. https://apisix.apache.org/docs/apisix/plugins/consumer-restriction/

Looks like you're using websocket，you can use `enable_websocket` parameter in route ref: - https://apisix.apache.org/docs/apisix/admin-api/#request-body-parameters - https://apisix.apache.org/docs/apisix/tutorials/websocket-authentication/

This problem should have been fixed by this PR https://github.com/apache/apisix/pull/11145, but it seems that this modification is not included in version 3.9.1 https://github.com/apache/apisix/commits/3.9.1/

> Do you mean health check on DP side? Yes, I found todo in init.lua https://github.com/apache/apisix/blob/403e4c51d605f7ea88f2481bc505ba9c9942c347/apisix/discovery/nacos/init.lua#L150 but if the field `hosts` is domain name instead of ip, it seems health...

@alvarobem @kayx23 for `headers.add` field, it should be an array. ref: - https://apisix.apache.org/docs/apisix/plugins/response-rewrite/ - https://github.com/apache/apisix/blob/aec606d420f52196b0aee69d27876506126b647c/apisix/plugins/response-rewrite.lua#L57-L65 - https://github.com/apache/apisix/blob/c56bace23af3cb3312674647db3179f508ea0763/t/plugin/response-rewrite2.t#L567-L570