feat: Add statusCodeDetails info when returning response in Wasm plugins directly (#1116)

2026-06-09 04:37:31 +08:00 · 2024-07-16 09:52:46 +08:00
parent 85219b6c53
commit f069ad5b0d
111 changed files with 231 additions and 182 deletions
--- a/plugins/wasm-go/extensions/jwt-auth/go.mod
+++ b/plugins/wasm-go/extensions/jwt-auth/go.mod
@@ -7,7 +7,7 @@ replace github.com/alibaba/higress/plugins/wasm-go => ../..
 require (
 	github.com/alibaba/higress/plugins/wasm-go v1.3.5
 	github.com/go-jose/go-jose/v3 v3.0.3
-	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240327114451-d6b7174a84fc
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240711023527-ba358c48772f
 	github.com/tidwall/gjson v1.17.1
 )

--- a/plugins/wasm-go/extensions/jwt-auth/go.sum
+++ b/plugins/wasm-go/extensions/jwt-auth/go.sum
@@ -10,6 +10,7 @@ github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 h1:IHDghbG
 github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520/go.mod h1:Nz8ORLaFiLWotg6GeKlJMhv8cci8mM43uEnLA5t8iew=
 github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240327114451-d6b7174a84fc h1:t2AT8zb6N/59Y78lyRWedVoVWHNRSCBh0oWCC+bluTQ=
 github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240327114451-d6b7174a84fc/go.mod h1:hNFjhrLUIq+kJ9bOcs8QtiplSQ61GZXtd2xHKx4BYRo=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240711023527-ba358c48772f/go.mod h1:hNFjhrLUIq+kJ9bOcs8QtiplSQ61GZXtd2xHKx4BYRo=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
--- a/plugins/wasm-go/extensions/jwt-auth/handler/verify.go
+++ b/plugins/wasm-go/extensions/jwt-auth/handler/verify.go
@@ -172,31 +172,31 @@ func consumerVerify(consumer *cfg.Consumer, verifyTime time.Time, header HeaderP
 }

 func deniedJWTMissing() types.Action {
-	_ = proxywasm.SendHttpResponse(401, WWWAuthenticateHeader(protectionSpace),
+	_ = proxywasm.SendHttpResponseWithDetail(401, "jwt-auth.token_missing", WWWAuthenticateHeader(protectionSpace),
 		[]byte("Request denied by JWT Auth check. JWT is missing."), -1)
 	return types.ActionContinue
 }

 func deniedJWTExpired() types.Action {
-	_ = proxywasm.SendHttpResponse(401, WWWAuthenticateHeader(protectionSpace),
-		[]byte("Request denied by JWT Auth check. JWT is expried."), -1)
+	_ = proxywasm.SendHttpResponseWithDetail(401, "jwt-auth.token_expired", WWWAuthenticateHeader(protectionSpace),
+		[]byte("Request denied by JWT Auth check. JWT is expired."), -1)
 	return types.ActionContinue
 }

 func deniedJWTVerificationFails() types.Action {
-	_ = proxywasm.SendHttpResponse(401, WWWAuthenticateHeader(protectionSpace),
+	_ = proxywasm.SendHttpResponseWithDetail(401, "jwt-auth.verification_failed", WWWAuthenticateHeader(protectionSpace),
 		[]byte("Request denied by JWT Auth check. JWT verification fails"), -1)
 	return types.ActionContinue
 }

 func deniedUnauthorizedConsumer() types.Action {
-	_ = proxywasm.SendHttpResponse(403, WWWAuthenticateHeader(protectionSpace),
+	_ = proxywasm.SendHttpResponseWithDetail(403, "jwt-auth.unauthorized_customer", WWWAuthenticateHeader(protectionSpace),
 		[]byte("Request denied by JWT Auth check. Unauthorized consumer."), -1)
 	return types.ActionContinue
 }

 func deniedNotAllow() types.Action {
-	_ = proxywasm.SendHttpResponse(403, WWWAuthenticateHeader(protectionSpace),
+	_ = proxywasm.SendHttpResponseWithDetail(403, "jwt-auth.not_allowed_by_default", WWWAuthenticateHeader(protectionSpace),
 		[]byte("Request denied by JWT Auth check. JWT token not allow."), -1)
 	return types.ActionContinue
 }