Dev/key auth customize error msg

[nimohunter]

What this PR does / why we need it:

Add customized rejected error code and message for key-auth plugin.

Pre-submission checklist:

• update doc
• update t

#6025

[leslie-tsang]

Hello there, the title and description need to be updated to make the PR more reviewer friendly.

[nimohunter]

Hello there, the title and description need to be updated to make the PR more reviewer friendly.

Sorry about it

[spacewander]

We should use a common solution to solve this problem, instead of adding similar fields to each plugin. For example, the disable in the plugin conf:

apisix/apisix/plugin.lua

Line 137 in 18c316f

if properties.disable then

This has been discussed before.

[nimohunter]

But I don't think the common error return code and message was conflicted with the plugin's customize return error code.

plugin doesn't return only one error message, maybe return kinds of error messages.

for example: key-auth should customize three kinds of error message :

1. Missing API key found in request
2. Missing related consumer
3. Invalid API key in request

so i think there is no conflict between common error msg and plugin's customized error msg

[spacewander]

If you want to customize each error msg to a different value, my suggestion is to fork and modify this plugin by yourself. It's inconvenient to maintain such an API interface. We may introduce refactor in the future and change the number of "return xxx".

How many return xxx in a function is an implementation detail and we can't / should not maintain a public API based on it.

[nimohunter]

@leslie-tsang @spacewander how about we walk in two steps
first, support this function about key-auth return customized error msg
then, we open a new MR to fix all plugin return error msg

[nimohunter]

by the way, I think authentication into two types:

1. Personal authentication, such as QQ. in this way, the gateway should to access the other permission system to determine whether it has authority. This kind of authentication will not use the gateway auth.

2. Calls between services. For example, I have an API that I want to provide to colleagues in other departments. This logic is really suitable for key-auth and consumers.

so i think key-auth is actually a completely underestimated plugin.

[membphis]

Personally, I think it’s not good to customize the rejection code.
But I also found that some friends in the community have different opinions on this.

@nimohunter, if you are very interested in this feature, I think we can discuss it on the Apache mailing list.

[nimohunter]

I agree with you, error code may not be customized. But how about the reject error msg?

Error msg can be more friendly

[membphis]

I agree with you, error code may not be customized. But how about the reject error msg?

Error msg can be more friendly

we can discuss it in Apache mail list, follow the Apache Way.

https://lists.apache.org/[email protected]

This seems to be a meaningful change.

[nimohunter]

OK, i have send a mail about this MR...
and then?

[membphis]

OK, i have send a mail about this MR... and then?

we can discuss the idea in mail list. If we can reach a consensus, we can do things according to the consensus.

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

[github-actions]

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.