You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/07/29 03:01:59 UTC
[apisix] branch master updated: fix(wolf-rbac): Return the error code returned by the wolf server (#7561)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new e14cfd380 fix(wolf-rbac): Return the error code returned by the wolf server (#7561)
e14cfd380 is described below
commit e14cfd38073ab15b48ccd56223308a85568fecb4
Author: iGeeky <ig...@gmail.com>
AuthorDate: Fri Jul 29 11:01:54 2022 +0800
fix(wolf-rbac): Return the error code returned by the wolf server (#7561)
---
apisix/plugins/wolf-rbac.lua | 8 +++-----
t/lib/server.lua | 10 ++++++++--
t/plugin/wolf-rbac.t | 43 ++++++++++++++++++++++++++++++++++++++-----
3 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/apisix/plugins/wolf-rbac.lua b/apisix/plugins/wolf-rbac.lua
index 1eb3d1987..a6be6474c 100644
--- a/apisix/plugins/wolf-rbac.lua
+++ b/apisix/plugins/wolf-rbac.lua
@@ -232,7 +232,7 @@ local function check_url_permission(server, appid, action, resName, client_ip, w
}
end
- if res.status ~= 200 and res.status ~= 401 then
+ if res.status ~= 200 and res.status >= 500 then
return {
status = 500,
err = 'request to wolf-server failed, status:' .. res.status
@@ -314,7 +314,7 @@ function _M.rewrite(conf, ctx)
core.response.set_header(prefix .. "UserId", userId)
core.response.set_header(prefix .. "Username", username)
core.response.set_header(prefix .. "Nickname", ngx.escape_uri(nickname))
- core.request.set_header(ctx, prefix .. "UserId", userId, ctx)
+ core.request.set_header(ctx, prefix .. "UserId", userId)
core.request.set_header(ctx, prefix .. "Username", username)
core.request.set_header(ctx, prefix .. "Nickname", ngx.escape_uri(nickname))
end
@@ -324,9 +324,7 @@ function _M.rewrite(conf, ctx)
core.log.error(" check_url_permission(",
core.json.delay_encode(perm_item),
") failed, res: ",core.json.delay_encode(res))
- return 403, fail_response("Invalid user permission",
- { username = username, nickname = nickname }
- )
+ return res.status, fail_response(res.err, { username = username, nickname = nickname })
end
core.log.info("wolf-rbac check permission passed")
end
diff --git a/t/lib/server.lua b/t/lib/server.lua
index a08ad227d..a8ec77af6 100644
--- a/t/lib/server.lua
+++ b/t/lib/server.lua
@@ -298,9 +298,15 @@ function _M.wolf_rbac_access_check()
ngx.say(json_encode({ok=true,
data={ userInfo={nickname="administrator",
username="admin", id="100"} }}))
- else
+ elseif resName == '/hello/500' then
+ ngx.status = 500
+ ngx.say(json_encode({ok=false, reason="ERR_SERVER_ERROR"}))
+ elseif resName == '/hello/401' then
ngx.status = 401
- ngx.say(json_encode({ok=false, reason="no permission to access"}))
+ ngx.say(json_encode({ok=false, reason="ERR_TOKEN_INVALID"}))
+ else
+ ngx.status = 403
+ ngx.say(json_encode({ok=false, reason="ERR_ACCESS_DENIED"}))
end
end
diff --git a/t/plugin/wolf-rbac.t b/t/plugin/wolf-rbac.t
index 134a37f33..6e0fb0d7d 100644
--- a/t/plugin/wolf-rbac.t
+++ b/t/plugin/wolf-rbac.t
@@ -346,13 +346,13 @@ GET /hello1
--- more_headers
x-rbac-token: V1#wolf-rbac-app#wolf-rbac-token
--- response_body
-{"message":"Invalid user permission"}
+{"message":"ERR_ACCESS_DENIED"}
--- grep_error_log eval
-qr/no permission to access */
+qr/ERR_ACCESS_DENIED */
--- grep_error_log_out
-no permission to access
-no permission to access
-no permission to access
+ERR_ACCESS_DENIED
+ERR_ACCESS_DENIED
+ERR_ACCESS_DENIED
@@ -545,3 +545,36 @@ location /t {
}
--- response_body_like eval
qr/success to change password/
+
+
+
+=== TEST 29: verify: failed, server internal error
+--- request
+GET /hello/500
+--- error_code: 500
+--- more_headers
+x-rbac-token: V1#wolf-rbac-app#wolf-rbac-token
+--- response_body
+{"message":"request to wolf-server failed, status:500"}
+--- grep_error_log eval
+qr/request to wolf-server failed, status:500 */
+--- grep_error_log_out
+request to wolf-server failed, status:500
+request to wolf-server failed, status:500
+
+
+
+=== TEST 30: verify: failed, token is expired
+--- request
+GET /hello/401
+--- error_code: 401
+--- more_headers
+x-rbac-token: V1#wolf-rbac-app#wolf-rbac-token
+--- response_body
+{"message":"ERR_TOKEN_INVALID"}
+--- grep_error_log eval
+qr/ERR_TOKEN_INVALID */
+--- grep_error_log_out
+ERR_TOKEN_INVALID
+ERR_TOKEN_INVALID
+ERR_TOKEN_INVALID