Lua Envoy上游代理

Question

我希望替换kong上的一些登录逻辑，以便对istio中的特使筛选器的特定URL（例如上游）进行权限检查。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
  metadata:
   name: api-auth
   namespace: api
spec:
  workloadLabels:
    app: api
  filters:
  - listenerMatch:
  listenerType: SIDECAR_INBOUND
  listenerProtocol: HTTP
filterName: envoy.lua
filterType: HTTP
filterConfig:
  inlineCode: |
    function version()
        return "v1"
    end

    function log(handle, value)
        handle:logInfo(version() .. ": " .. value)
    end

    function dump(o)
       if type(o) == 'table' then
          local s = '{ '
          for k,v in pairs(o) do
             if type(k) ~= 'number' then k = '"'..k..'"' end
             s = s .. '['..k..'] = ' .. dump(v) .. ','
          end
          return s .. '} '
       else
          return tostring(o)
       end
    end

    function is_empty(value)
        return value == nil or value == ""
    end

    function get_header(handle, header)
        return handle:headers():get(header)
    end

    function envoy_on_request(request_handle)

      local auth_host = "auth-service.services.svc.cluster.local"
      local path = "/api/v1/has-permission"

      local cluster = "outbound|8080||" .. auth_host

      local request_headers = {
          [":method"] = "POST",
          [":path"] = path,
          [":authority"] = auth_host,
          ["Authorization"] = get_header(request_handle, "Authorization")
      }

      local request_body = ""

      local timeout = 5000 --ms

      log(request_handle, "Sending auth request, headers: " .. dump(request_headers) .. ", request_body: " .. request_body .. ", timeout: " .. timeout)

      local response_headers, response_body = request_handle:httpCall(
          tostring(cluster),
          request_headers,
          request_body,
          timeout
      )

      log(request_handle, "response_headers: " .. dump(response_headers))
      log(request_handle, "response_body: " .. dump(response_body))

      if tonumber(response_headers[":status"]) ~= 200 then
          log(request_handle, "Key Authentication Failed")
          request_handle:respond(
                          {[":status"] = response_headers[":status"]},
                          response_body
                  )
          do return end
      end
    end

所以这是我的愿望，但是我仍然缺少一些东西，我需要在请求后发送额外的参数。

工作卷曲示例：

curl -i 'https://foo-api.com/list' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'AuthCode: cmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept-Language: en' \
-H 'Authorization: Bearer 6InNlcmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Sec-Fetch-Dest: empty' \
-H 'application: COMPANYCODE'

我应该如何使用lua在帖子中发送此类内容？

感谢和问候