in apisix/plugins/opa.lua [75:149]
function _M.access(conf, ctx)
local body = helper.build_opa_input(conf, ctx, "http")
local params = {
method = "POST",
body = core.json.encode(body),
headers = {
["Content-Type"] = "application/json",
},
keepalive = conf.keepalive,
ssl_verify = conf.ssl_verify
}
if conf.keepalive then
params.keepalive_timeout = conf.keepalive_timeout
params.keepalive_pool = conf.keepalive_pool
end
local endpoint = conf.host .. "/v1/data/" .. conf.policy
local httpc = http.new()
httpc:set_timeout(conf.timeout)
local res, err = httpc:request_uri(endpoint, params)
if not res then
core.log.error("failed to process OPA decision, err: ", err)
return 403
end
local data, err = core.json.decode(res.body)
if not data then
core.log.error("invalid response body: ", res.body, " err: ", err)
return 503
end
if not data.result then
core.log.error("invalid OPA decision format: ", res.body,
" err: `result` field does not exist")
return 503
end
local result = data.result
if not result.allow then
if result.headers then
core.response.set_header(result.headers)
end
local status_code = 403
if result.status_code then
status_code = result.status_code
end
local reason = nil
if result.reason then
reason = type(result.reason) == "table"
and core.json.encode(result.reason)
or result.reason
end
return status_code, reason
else if result.headers and conf.send_headers_upstream then
for _, name in ipairs(conf.send_headers_upstream) do
local value = result.headers[name]
if value then
core.request.set_header(ctx, name, value)
end
end
end
end
end