bug: multi-auth raise 500 error when use default conf

[yuweizzz]

Current Behavior

multi-auth plugin will raise 500 error when use default conf.

Expected Behavior

No response

Error Logs

2024/04/16 02:33:25 [error] 3646#3646: *1579 lua entry thread aborted: runtime error: /usr/local/openresty/lualib/resty/core/request.lua:118: bad argument #1 to 'lower' (string expected, got nil)
stack traceback:
coroutine 0:
        [C]: in function 'lower'
        /usr/local/openresty/lualib/resty/core/request.lua:118: in function '__index'
        /workspaces/apisix/apisix/core/request.lua:110: in function 'header'
        /workspaces/apisix/apisix/plugins/key-auth.lua:71: in function 'rewrite'
        /workspaces/apisix/apisix/plugins/multi-auth.lua:71: in function 'phase_func'
        /workspaces/apisix/apisix/plugin.lua:1155: in function 'run_plugin'
        /workspaces/apisix/apisix/init.lua:696: in function 'http_access_phase'
        access_by_lua(nginx.conf:319):2: in main chunk, client: 127.0.0.1, server: _, request: "GET /abc HTTP/1.1", host: "127.0.0.1:9080"

Steps to Reproduce

# 1.create consumers
curl http://localhost:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "username": "foo1",
    "plugins": {
        "basic-auth": {
            "username": "foo1",
            "password": "bar1"
        }
    }
}'

curl http://localhost:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "username": "foo2",
    "plugins": {
         "key-auth": {
             "key": "bar2"
          }
    }
}'

# 2. create route
curl http://localhost:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "methods": ["GET"],
    "uri": "/abc",
    "plugins": {
        "multi-auth": {
             "auth_plugins": [{
                     "basic-auth": {}
             },{
                     "key-auth": {}
             }]
        }
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:8848": 1
        }
    }
}'


# 3. access
curl http://localhost:9080/abc

Environment

• APISIX version (run apisix version):
• Operating system (run uname -a):
• OpenResty / Nginx version (run openresty -V or nginx -V):
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):

[shreemaan-abhishek]

Could you also mention why this bug occurs? This will significantly make it easier for me to review the PR. Thanks.

[yuweizzz]

the multi-auth didn't check the the plugin schema, so when we use the default plugin config like {}, if we need to read the HTTP header specified by the plugin config from the request, like core.req.header(ctx, conf.header_name) , it will raise an error because conf.header_name is nil.