[GitHub] [apisix] spacewander commented on a change in pull request #6745: fix: hide 5xx error message from client

[GitBox <gi...@apache.org>]

spacewander commented on a change in pull request #6745:
URL: https://github.com/apache/apisix/pull/6745#discussion_r838026879



##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -581,17 +582,17 @@ local function evaluate_permissions(conf, ctx, token)
         -- Ensure service account access token.
         local sa_access_token, err = authz_keycloak_ensure_sa_access_token(conf)
         if err then
-            return 500, err
+            return 503

Review comment:
       Missing a log here?

##########
File path: apisix/plugins/authz-casbin.lua
##########
@@ -112,7 +113,8 @@ function _M.rewrite(conf, ctx)
     -- creates an enforcer when request sent for the first time
     local ok, err = new_enforcer_if_need(conf)
     if not ok then
-        return 503, {message = err}
+        log.error(err)

Review comment:
       We can use core.log.error directly?

##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -581,17 +582,17 @@ local function evaluate_permissions(conf, ctx, token)
         -- Ensure service account access token.
         local sa_access_token, err = authz_keycloak_ensure_sa_access_token(conf)
         if err then
-            return 500, err
+            return 503
         end
 
         -- Resolve URI to resource(s).
-        permission, err = authz_keycloak_resolve_resource(conf, ctx.var.request_uri,

Review comment:
       We should not hide the err




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org