From 94cff2c002b9b6fde7eda9d345ac16d657282e56 Mon Sep 17 00:00:00 2001 From: mpw Date: Fri, 28 Jul 2023 12:36:56 -0300 Subject: [PATCH 1/3] send 403 errors in json format and attach request_id to it --- charts/hub-gateway/Chart.yaml | 2 +- charts/hub-gateway/plugins/authz.lua | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/hub-gateway/Chart.yaml b/charts/hub-gateway/Chart.yaml index f459b7a..37b9b5f 100644 --- a/charts/hub-gateway/Chart.yaml +++ b/charts/hub-gateway/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.23.5 +version: 0.23.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/hub-gateway/plugins/authz.lua b/charts/hub-gateway/plugins/authz.lua index d691517..ef4b6a7 100644 --- a/charts/hub-gateway/plugins/authz.lua +++ b/charts/hub-gateway/plugins/authz.lua @@ -128,6 +128,13 @@ function _M.access(conf, ctx) reason = type(result.reason) == "table" and json.encode(result.reason) or result.reason + else + local req_id = core.request.header(ctx, "X-Request-Id") + reason = json.encode({ + code = status_code, + message = "Unauthorized", + request_id = req_id + }) end return status_code, reason From 6e65fdb2a5748f300f7896ef1149ef157b4ca51c Mon Sep 17 00:00:00 2001 From: mpw Date: Fri, 28 Jul 2023 12:40:28 -0300 Subject: [PATCH 2/3] remove opa reason from if condition. just say unauthorized --- charts/hub-gateway/plugins/authz.lua | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/charts/hub-gateway/plugins/authz.lua b/charts/hub-gateway/plugins/authz.lua index ef4b6a7..0832bcc 100644 --- a/charts/hub-gateway/plugins/authz.lua +++ b/charts/hub-gateway/plugins/authz.lua @@ -123,19 +123,12 @@ function _M.access(conf, ctx) status_code = result.status_code end - local reason = nil - if result.reason then - reason = type(result.reason) == "table" - and json.encode(result.reason) - or result.reason - else - local req_id = core.request.header(ctx, "X-Request-Id") - reason = json.encode({ - code = status_code, - message = "Unauthorized", - request_id = req_id - }) - end + local req_id = core.request.header(ctx, "X-Request-Id") + reason = json.encode({ + code = status_code, + message = "Unauthorized", + request_id = req_id + }) return status_code, reason end From 2976d7bd93fded7ddb0fce4b500cc86519b85466 Mon Sep 17 00:00:00 2001 From: mpw Date: Fri, 28 Jul 2023 12:41:38 -0300 Subject: [PATCH 3/3] lint fix --- charts/hub-gateway/plugins/authz.lua | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/hub-gateway/plugins/authz.lua b/charts/hub-gateway/plugins/authz.lua index 0832bcc..8cf140f 100644 --- a/charts/hub-gateway/plugins/authz.lua +++ b/charts/hub-gateway/plugins/authz.lua @@ -19,8 +19,6 @@ local core = require("apisix.core") local http = require("resty.http") local helper = require("apisix.plugins.authz.helper") local json = require("apisix.core.json") -local type = type - local schema = { type = "object", @@ -124,7 +122,7 @@ function _M.access(conf, ctx) end local req_id = core.request.header(ctx, "X-Request-Id") - reason = json.encode({ + local reason = json.encode({ code = status_code, message = "Unauthorized", request_id = req_id