fix(plugins): add more context in error message or log (#84)

src/apisix/plugins/README.md

@@ -19,7 +19,7 @@
 上下文注入，优先级：18000 ~ 19000
 
 - bk-legacy-invalid-params                  # priority: 18880  # 用于兼容老版本 go1.16 使用 `;` 作为 query string 分隔符
-- bk-opentelemetry                          # priority: 18870  # 这个插件用于 opentelemetry, 需要尽量精准统计全局的耗时，同时需要注入 trace_id/span_id 作为后面所有插件自定义 opentelemetry 上报的 trace_id 即 parent span_id
+- bk-opentelemetry                          # priority: 18870  # 这个插件用于 opentelemetry, 需要尽量精准统计全局的耗时，同时需要注入 trace_id/span_id 作为后面所有插件自定义 opentelemetry 上报的 trace_id 即 parent span_id (abandonned, will be replaced by another plugin)
 - bk-not-found-handler                      # priority: 18860  # 该插件仅适用于由 operator 创建的默认根路由，用以规范化 404 消息。该插件以较高优先级结束请求返回 404 错误信息
 - bk-request-id                             # priority: 18850
 - bk-stage-context                          # priority: 18840
@@ -63,17 +63,20 @@ proxy 预处理：17000 ~ 17500
 - bk-resource-header-rewrite                # priority: 17420
 - bk-mock                                   # priority: 17150
 
-响应后处理：
+官方插件：
 
-- bk-response-check                 # priority: 153
-- bk-time-cost                      # priority: 150
-- bk-debug                          # priority: 145
-- bk-error-wrapper                  # priority: 0 # 该插件应默认应用于所有路由
+- fault-injection                           # priority: 11000
+- request-validation                        # priority: 2800
+- api-breaker                               # priority: 1005
+- prometheus                                # priority: 500
+- file-logger (priority update)             # priority: 399
 
-默认：优先级：
+响应后处理：
 
-- prometheus                        # priority: 500
-- file-logger (priority update)     # priority: 399
+- bk-response-check                         # priority: 153
+- bk-time-cost                              # priority: 150
+- bk-debug                                  # priority: 145
+- bk-error-wrapper                          # priority: 0 # 该插件应默认应用于所有路由
 
 ## 插件开发
 

src/apisix/plugins/bk-auth-verify.lua

@@ -71,6 +71,7 @@ local function get_auth_params_from_header(ctx)
 
     local auth_params = core.json.decode(authorization)
     if type(auth_params) ~= "table" then
+        core.log.error("the invalid X-Bkapi-Authorization: ", core.json.delay_encode(authorization))
         return nil, "request header X-Bkapi-Authorization is not a valid JSON"
     end
 

src/apisix/plugins/bk-permission.lua

@@ -129,7 +129,10 @@ function _M.access(conf, ctx)
 
     -- 0. no permission records, return app_no_permission
     if pl_types.is_empty(data) then
-        return errorx.exit_with_apigw_err(ctx, errorx.new_app_no_permission():with_field("reason", reason_no_perm), _M)
+        local reason = reason_no_perm .. ", bk_app_code=" .. app_code
+        return errorx.exit_with_apigw_err(
+            ctx, errorx.new_app_no_permission():with_field("reason", reason), _M
+        )
     end
 
     local now = ngx_time()
@@ -145,8 +148,9 @@ function _M.access(conf, ctx)
             -- if only has one record, means expired
             if pl_tablex.size(data) == 1 then
                 -- expired: permission has expired
+                local reason = reason_perm_expired .. ", type=gateway_permission, bk_app_code=" .. app_code
                 return errorx.exit_with_apigw_err(
-                    ctx, errorx.new_app_no_permission():with_field("reason", reason_perm_expired), _M
+                    ctx, errorx.new_app_no_permission():with_field("reason", reason), _M
                 )
             end
 
@@ -161,8 +165,9 @@ function _M.access(conf, ctx)
             return
         else
             -- expired: permission has expired
+            local reason = reason_perm_expired .. ", type=resource_permission, bk_app_code=" .. app_code
             return errorx.exit_with_apigw_err(
-                ctx, errorx.new_app_no_permission():with_field("reason", reason_perm_expired), _M
+                ctx, errorx.new_app_no_permission():with_field("reason", reason), _M
             )
         end
     end

src/apisix/tests/test-bk-permission.lua

@@ -171,6 +171,8 @@ describe(
 
                         local code = plugin.access(conf, ctx)
                         assert.is_equal(403, code)
+                        assert.is_equal(ctx.var.bk_apigw_error.error.message,
+                            'App has no permission to the resource [reason="no permission, bk_app_code=bk-app-code"]')
                         assert.stub(cache_fallback.get_with_fallback).was_called(1)
                     end
                 )
@@ -184,6 +186,9 @@ describe(
 
                         local code = plugin.access(conf, ctx)
                         assert.is_equal(403, code)
+                        -- the last return in access
+                        assert.is_equal(ctx.var.bk_apigw_error.error.message,
+                            'App has no permission to the resource [reason="no permission"]')
                         assert.stub(cache_fallback.get_with_fallback).was_called(1)
                     end
                 )
@@ -197,6 +202,8 @@ describe(
 
                         local code = plugin.access(conf, ctx)
                         assert.is_equal(403, code)
+                        assert.is_equal(ctx.var.bk_apigw_error.error.message,
+                            'App has no permission to the resource [reason="permission has expired, type=gateway_permission, bk_app_code=bk-app-code"]')
                         assert.stub(cache_fallback.get_with_fallback).was_called(1)
                     end
                 )
@@ -223,6 +230,8 @@ describe(
 
                         local code = plugin.access(conf, ctx)
                         assert.is_equal(403, code)
+                        assert.is_equal(ctx.var.bk_apigw_error.error.message,
+                            'App has no permission to the resource [reason="permission has expired, type=resource_permission, bk_app_code=bk-app-code"]')
                         assert.stub(cache_fallback.get_with_fallback).was_called(1)
                     end
                 )