diff --git a/apisix/plugins/wolf-rbac.lua b/apisix/plugins/wolf-rbac.lua index 22a90c2f5f90..4922f31ada3c 100644 --- a/apisix/plugins/wolf-rbac.lua +++ b/apisix/plugins/wolf-rbac.lua @@ -48,6 +48,10 @@ local schema = { type = "string", default = "X-" }, + error_message = { + type = "string", + default = "request to wolf-server failed!" + }, } } @@ -356,13 +360,14 @@ local function request_to_wolf_server(method, uri, headers, body) } ) + local consumer_conf = consumer.plugin(plugin_name) + local err_msg = consumer_conf and consumer_conf.error_message or "request to wolf-server failed!" + core.log.info("request [", request_debug, "] ....") local res, err = http_req(method, uri, core.json.encode(body), headers, timeout) if not res then core.log.error("request [", request_debug, "] failed! err: ", err) - return core.response.exit(500, - fail_response("request to wolf-server failed!") - ) + return core.response.exit(500, fail_response(err_msg)) end core.log.info("request [", request_debug, "] status: ", res.status, ", body: ", res.body) @@ -370,19 +375,22 @@ local function request_to_wolf_server(method, uri, headers, body) if res.status ~= 200 then core.log.error("request [", request_debug, "] failed! status: ", res.status) - return core.response.exit(500, - fail_response("request to wolf-server failed!") - ) + return core.response.exit(500, fail_response(err_msg)) end local body, err = json.decode(res.body) if not body then core.log.error("request [", request_debug, "] failed! err:", err) - return core.response.exit(500, fail_response("request to wolf-server failed!")) + return core.response.exit(500, fail_response(err_msg)) end if not body.ok then core.log.error("request [", request_debug, "] failed! response body:", core.json.delay_encode(body)) - return core.response.exit(200, fail_response("request to wolf-server failed!")) + local msg = err_msg + if body.reason == "ERR_USER_NOT_FOUND" or body.reason == "ERR_PASSWORD_ERROR" then + msg = "username or password is incorrect" + return core.response.exit(401, fail_response(msg)) + end + return core.response.exit(200, fail_response(msg)) end core.log.info("request [", request_debug, "] success! response body:", diff --git a/docs/en/latest/plugins/wolf-rbac.md b/docs/en/latest/plugins/wolf-rbac.md index 9ee62459c577..42e3773904c1 100644 --- a/docs/en/latest/plugins/wolf-rbac.md +++ b/docs/en/latest/plugins/wolf-rbac.md @@ -39,6 +39,7 @@ The `wolf-rbac` Plugin provides a [role-based access control](https://en.wikiped | server | string | False | "http://127.0.0.1:12180" | Service address of wolf server. | | appid | string | False | "unset" | App id added in wolf console. This field supports saving the value in Secret Manager using the [APISIX Secret](../terminology/secret.md) resource. | | header_prefix | string | False | "X-" | Prefix for a custom HTTP header. After authentication is successful, three headers will be added to the request header (for backend) and response header (for frontend) namely: `X-UserId`, `X-Username`, and `X-Nickname`. | +| error_message | string | False | "request to wolf-server failed!" | Custom error message when request to wolf server fails. Note that for username/password errors, a fixed message "username or password is incorrect" will be returned regardless of this setting. | ## API diff --git a/docs/zh/latest/plugins/wolf-rbac.md b/docs/zh/latest/plugins/wolf-rbac.md index 058029ca3d51..44dfc5627862 100644 --- a/docs/zh/latest/plugins/wolf-rbac.md +++ b/docs/zh/latest/plugins/wolf-rbac.md @@ -39,6 +39,7 @@ description: 本文介绍了关于 Apache APISIX `wolf-rbac` 插件的基本信 | server | string | 否 | "http://127.0.0.1:12180" | `wolf-server` 的服务地址。 | | appid | string | 否 | "unset" | 在 `wolf-console` 中已经添加的应用 id。该字段支持使用 [APISIX Secret](../terminology/secret.md) 资源,将值保存在 Secret Manager 中。 | | header_prefix | string | 否 | "X-" | 自定义 HTTP 头的前缀。`wolf-rbac` 在鉴权成功后,会在请求头 (用于传给后端) 及响应头 (用于传给前端) 中添加 3 个 header:`X-UserId`, `X-Username`, `X-Nickname`。| +| error_message | string | 否 | "request to wolf-server failed!" | 当请求 wolf server 失败时的自定义错误消息。注意:对于用户名/密码错误的情况,无论此设置如何,都会返回固定的错误消息 "username or password is incorrect"。 | ## 接口 diff --git a/t/plugin/wolf-rbac.t b/t/plugin/wolf-rbac.t index 8136e3df6bc0..c3fd26dab542 100644 --- a/t/plugin/wolf-rbac.t +++ b/t/plugin/wolf-rbac.t @@ -54,7 +54,7 @@ __DATA__ } } --- response_body_like eval -qr/\{"appid":"unset","header_prefix":"X-","server":"http:\/\/127\.0\.0\.1:12180"\}/ +qr/\{"appid":"unset","error_message":"request to wolf-server failed!","header_prefix":"X-","server":"http:\/\/127\.0\.0\.1:12180"\}/ @@ -247,9 +247,9 @@ POST /apisix/plugin/wolf-rbac/login appid=wolf-rbac-app&username=not-found&password=123456 --- more_headers Content-Type: application/x-www-form-urlencoded ---- error_code: 200 +--- error_code: 401 --- response_body -{"message":"request to wolf-server failed!"} +{"message":"username or password is incorrect"} --- grep_error_log eval qr/ERR_USER_NOT_FOUND/ --- grep_error_log_out eval @@ -263,9 +263,9 @@ POST /apisix/plugin/wolf-rbac/login appid=wolf-rbac-app&username=admin&password=wrong-password --- more_headers Content-Type: application/x-www-form-urlencoded ---- error_code: 200 +--- error_code: 401 --- response_body -{"message":"request to wolf-server failed!"} +{"message":"username or password is incorrect"} --- grep_error_log eval qr/ERR_PASSWORD_ERROR/ --- grep_error_log_out eval @@ -735,3 +735,79 @@ X-Nickname: administrator consumer merge echo plugins --- no_error_log [error] + + + +=== TEST 38: add consumer with custom error message +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "wolf_rbac_custom_msg", + "plugins": { + "wolf-rbac": { + "appid": "wolf-rbac-custom-msg", + "server": "http://127.0.0.1:1982", + "error_message": "custom error message" + } + } + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 39: test error_message configuration +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + -- 创建 consumer + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "wolf_rbac_error_msg_test", + "plugins": { + "wolf-rbac": { + "appid": "wolf-rbac-error-msg", + "server": "http://127.0.0.1:1982/500", + "error_message": "custom error message for test" + } + } + }]] + ) + + if code >= 300 then + ngx.status = code + return ngx.say(body) + end + + -- 测试 wolf server 请求失败时的错误消息 + local code, body = t('/apisix/plugin/wolf-rbac/login', + ngx.HTTP_POST, + [[ + {"appid": "wolf-rbac-error-msg", "username": "admin", "password": "123456"} + ]], + [[ + {"message":"custom error message for test"} + ]], + {["Content-Type"] = "application/json"} + ) + ngx.status = code + ngx.say(body) + } + } +--- response_body +passed +{"message":"custom error message for test"}