apache · gaoxingliang · May 21, 2025 · May 22, 2025 · May 22, 2025
diff --git a/apisix/plugins/wolf-rbac.lua b/apisix/plugins/wolf-rbac.lua
@@ -48,6 +48,10 @@ local schema = {
             type = "string",
             default = "X-"
         },
+        error_message = {
+            type = "string",
+            default = "request to wolf-server failed!"
+        },
     }
 }
 
@@ -356,33 +360,37 @@ local function request_to_wolf_server(method, uri, headers, body)
         }
     )
 
+    local consumer_conf = consumer.plugin(plugin_name)
+    local err_msg = consumer_conf and consumer_conf.error_message or "request to wolf-server failed!"
+
     core.log.info("request [", request_debug, "] ....")
     local res, err = http_req(method, uri, core.json.encode(body), headers, timeout)
     if not res then
         core.log.error("request [", request_debug, "] failed! err: ", err)
-        return core.response.exit(500,
-            fail_response("request to wolf-server failed!")
-        )
+        return core.response.exit(500, fail_response(err_msg))
     end
     core.log.info("request [", request_debug, "] status: ", res.status,
                   ", body: ", res.body)
 
     if res.status ~= 200 then
         core.log.error("request [", request_debug, "] failed! status: ",
                         res.status)
-        return core.response.exit(500,
-        fail_response("request to wolf-server failed!")
-        )
+        return core.response.exit(500, fail_response(err_msg))
     end
     local body, err = json.decode(res.body)
     if not body then
         core.log.error("request [", request_debug, "] failed! err:", err)
-        return core.response.exit(500, fail_response("request to wolf-server failed!"))
+        return core.response.exit(500, fail_response(err_msg))
     end
     if not body.ok then
         core.log.error("request [", request_debug, "] failed! response body:",
                        core.json.delay_encode(body))
-        return core.response.exit(200, fail_response("request to wolf-server failed!"))
+        local msg = err_msg
+        if body.reason == "ERR_USER_NOT_FOUND" or body.reason == "ERR_PASSWORD_ERROR" then
+            msg = "username or password is incorrect"
+            return core.response.exit(401, fail_response(msg))
+        end
+        return core.response.exit(200, fail_response(msg))
     end
 
     core.log.info("request [", request_debug, "] success! response body:",

diff --git a/docs/en/latest/plugins/wolf-rbac.md b/docs/en/latest/plugins/wolf-rbac.md
@@ -39,6 +39,7 @@ The `wolf-rbac` Plugin provides a [role-based access control](https://en.wikiped
 | server        | string | False    | "http://127.0.0.1:12180" | Service address of wolf server.                                                                                                                                                                                             |
 | appid         | string | False    | "unset"                  | App id added in wolf console. This field supports saving the value in Secret Manager using the [APISIX Secret](../terminology/secret.md) resource.            |
 | header_prefix | string | False    | "X-"                     | Prefix for a custom HTTP header. After authentication is successful, three headers will be added to the request header (for backend) and response header (for frontend) namely: `X-UserId`, `X-Username`, and `X-Nickname`. |
+| error_message | string | False    | "request to wolf-server failed!" | Custom error message when request to wolf server fails. Note that for username/password errors, a fixed message "username or password is incorrect" will be returned regardless of this setting. |
 
 ## API
 

diff --git a/docs/zh/latest/plugins/wolf-rbac.md b/docs/zh/latest/plugins/wolf-rbac.md
@@ -39,6 +39,7 @@ description: 本文介绍了关于 Apache APISIX `wolf-rbac` 插件的基本信
 | server        | string | 否     | "http://127.0.0.1:12180" |  `wolf-server` 的服务地址。                                                                                                                          |
 | appid         | string | 否     | "unset"                  | 在 `wolf-console` 中已经添加的应用 id。该字段支持使用 [APISIX Secret](../terminology/secret.md) 资源，将值保存在 Secret Manager 中。                                       |
 | header_prefix | string | 否     | "X-"                     | 自定义 HTTP 头的前缀。`wolf-rbac` 在鉴权成功后，会在请求头 (用于传给后端) 及响应头 (用于传给前端) 中添加 3 个 header：`X-UserId`, `X-Username`, `X-Nickname`。|
+| error_message | string | 否     | "request to wolf-server failed!" | 当请求 wolf server 失败时的自定义错误消息。注意：对于用户名/密码错误的情况，无论此设置如何，都会返回固定的错误消息 "username or password is incorrect"。 |
 
 ## 接口
 

diff --git a/t/plugin/wolf-rbac.t b/t/plugin/wolf-rbac.t
@@ -54,7 +54,7 @@ __DATA__
         }
     }
 --- response_body_like eval
-qr/\{"appid":"unset","header_prefix":"X-","server":"http:\/\/127\.0\.0\.1:12180"\}/
+qr/\{"appid":"unset","error_message":"request to wolf-server failed!","header_prefix":"X-","server":"http:\/\/127\.0\.0\.1:12180"\}/
 
 
 
@@ -247,9 +247,9 @@ POST /apisix/plugin/wolf-rbac/login
 appid=wolf-rbac-app&username=not-found&password=123456
 --- more_headers
 Content-Type: application/x-www-form-urlencoded
---- error_code: 200
+--- error_code: 401
 --- response_body
-{"message":"request to wolf-server failed!"}
+{"message":"username or password is incorrect"}
 --- grep_error_log eval
 qr/ERR_USER_NOT_FOUND/
 --- grep_error_log_out eval
@@ -263,9 +263,9 @@ POST /apisix/plugin/wolf-rbac/login
 appid=wolf-rbac-app&username=admin&password=wrong-password
 --- more_headers
 Content-Type: application/x-www-form-urlencoded
---- error_code: 200
+--- error_code: 401
 --- response_body
-{"message":"request to wolf-server failed!"}
+{"message":"username or password is incorrect"}
 --- grep_error_log eval
 qr/ERR_PASSWORD_ERROR/
 --- grep_error_log_out eval
@@ -735,3 +735,79 @@ X-Nickname: administrator
 consumer merge echo plugins
 --- no_error_log
 [error]
+
+
+
+=== TEST 38: add consumer with custom error message
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/consumers',
+                ngx.HTTP_PUT,
+                [[{
+                    "username": "wolf_rbac_custom_msg",
+                    "plugins": {
+                        "wolf-rbac": {
+                            "appid": "wolf-rbac-custom-msg",
+                            "server": "http://127.0.0.1:1982",
+                            "error_message": "custom error message"
+                        }
+                    }
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- response_body
+passed
+
+
+
+=== TEST 39: test error_message configuration
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            -- 创建 consumer
+            local code, body = t('/apisix/admin/consumers',
+                ngx.HTTP_PUT,
+                [[{
+                    "username": "wolf_rbac_error_msg_test",
+                    "plugins": {
+                        "wolf-rbac": {
+                            "appid": "wolf-rbac-error-msg",
+                            "server": "http://127.0.0.1:1982/500",
+                            "error_message": "custom error message for test"
+                        }
+                    }
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+                return ngx.say(body)
+            end
+
+            -- 测试 wolf server 请求失败时的错误消息
+            local code, body = t('/apisix/plugin/wolf-rbac/login',
+                ngx.HTTP_POST,
+                [[
+                {"appid": "wolf-rbac-error-msg", "username": "admin", "password": "123456"}
+                ]],
+                [[
+                {"message":"custom error message for test"}
+                ]],
+                {["Content-Type"] = "application/json"}
+                )
+            ngx.status = code
+            ngx.say(body)
+        }
+    }
+--- response_body
+passed
+{"message":"custom error message for test"}