feat: ext auth forward_auth endpoint_mode enhancement (#1180)

2026-06-09 12:47:28 +08:00 · 2024-08-08 18:01:51 +08:00
parent a17ac9e4c6
commit 53f8410843
3 changed files with 26 additions and 11 deletions
--- a/plugins/wasm-go/extensions/ext-auth/main.go
+++ b/plugins/wasm-go/extensions/ext-auth/main.go
@@ -34,6 +34,8 @@ func main() {
 const (
 	HeaderAuthorization    string = "authorization"
 	HeaderFailureModeAllow string = "x-envoy-auth-failure-mode-allowed"
+	HeaderOriginalMethod   string = "x-original-method"
+	HeaderOriginalUri      string = "x-original-uri"
 )

 func onHttpRequestHeaders(ctx wrapper.HttpContext, config ExtAuthConfig, log wrapper.Log) types.Action {
@@ -88,6 +90,12 @@ func checkExtAuth(ctx wrapper.HttpContext, config ExtAuthConfig, body []byte, lo
 		extAuthReqHeaders.Set(HeaderAuthorization, authorization)
 	}

+	// when endpoint_mode is forward_auth, add x-original-method and x-original-uri headers
+	if httpServiceConfig.endpointMode == EndpointModeForwardAuth {
+		extAuthReqHeaders.Set(HeaderOriginalMethod, ctx.Method())
+		extAuthReqHeaders.Set(HeaderOriginalUri, ctx.Path())
+	}
+
 	requestMethod := httpServiceConfig.requestMethod
 	requestPath := httpServiceConfig.path
 	if httpServiceConfig.endpointMode == EndpointModeEnvoy {
@@ -142,8 +150,8 @@ func callExtAuthServerErrorHandler(config ExtAuthConfig, statusCode int, extAuth
 		}
 	}

-	// Rejects client requests with statusOnError on extAuth unavailability or 5xx.
-	// Otherwise, uses the extAuth's returned status code to reject requests.
+	// rejects client requests with statusOnError on extAuth unavailability or 5xx.
+	// otherwise, uses the extAuth's returned status code to reject requests
 	statusToUse := statusCode
 	if statusCode >= http.StatusInternalServerError {
 		statusToUse = int(config.statusOnError)