use the body returned by the ext auth server when auth fails (#1510)

alibaba · Nov 14, 2024 · f2a5df3 · f2a5df3
1 parent ebc5b29
commit f2a5df3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/plugins/wasm-go/extensions/ext-auth/main.go b/plugins/wasm-go/extensions/ext-auth/main.go
@@ -120,7 +120,7 @@ func checkExtAuth(ctx wrapper.HttpContext, config ExtAuthConfig, body []byte, lo
 			defer proxywasm.ResumeHttpRequest()
 			if statusCode != http.StatusOK {
 				log.Errorf("failed to call ext auth server, status: %d", statusCode)
-				callExtAuthServerErrorHandler(config, statusCode, responseHeaders)
+				callExtAuthServerErrorHandler(config, statusCode, responseHeaders, responseBody)
 				return
 			}
 
@@ -137,13 +137,13 @@ func checkExtAuth(ctx wrapper.HttpContext, config ExtAuthConfig, body []byte, lo
 	if err != nil {
 		log.Errorf("failed to call ext auth server: %v", err)
 		// Since the handling logic for call errors and HTTP status code 500 is the same, we directly use 500 here.
-		callExtAuthServerErrorHandler(config, http.StatusInternalServerError, nil)
+		callExtAuthServerErrorHandler(config, http.StatusInternalServerError, nil, nil)
 		return types.ActionContinue
 	}
 	return pauseAction
 }
 
-func callExtAuthServerErrorHandler(config ExtAuthConfig, statusCode int, extAuthRespHeaders http.Header) {
+func callExtAuthServerErrorHandler(config ExtAuthConfig, statusCode int, extAuthRespHeaders http.Header, responseBody []byte) {
 	if statusCode >= http.StatusInternalServerError && config.failureModeAllow {
 		if config.failureModeAllowHeaderAdd {
 			_ = proxywasm.ReplaceHttpRequestHeader(HeaderFailureModeAllow, "true")
@@ -167,5 +167,5 @@ func callExtAuthServerErrorHandler(config ExtAuthConfig, statusCode int, extAuth
 	if statusCode >= http.StatusInternalServerError {
 		statusToUse = int(config.statusOnError)
 	}
-	_ = sendResponse(uint32(statusToUse), "ext-auth.unauthorized", respHeaders)
+	_ = sendResponse(uint32(statusToUse), "ext-auth.unauthorized", respHeaders, responseBody)
 }
diff --git a/plugins/wasm-go/extensions/ext-auth/utils.go b/plugins/wasm-go/extensions/ext-auth/utils.go
@@ -8,8 +8,8 @@ import (
 	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
 )
 
-func sendResponse(statusCode uint32, statusCodeDetailData string, headers http.Header) error {
-	return proxywasm.SendHttpResponseWithDetail(statusCode, statusCodeDetailData, reconvertHeaders(headers), nil, -1)
+func sendResponse(statusCode uint32, statusCodeDetailData string, headers http.Header, body []byte) error {
+	return proxywasm.SendHttpResponseWithDetail(statusCode, statusCodeDetailData, reconvertHeaders(headers), body, -1)
 }
 
 func reconvertHeaders(headers http.Header) [][2]string {