feat: support hide the authentication header in basic-auth with a config

apisix/plugins/basic-auth.lua

@@ -30,15 +30,20 @@ local consumers_lrucache = core.lrucache.new({
 local schema = {
     type = "object",
     title = "work with route or service object",
-    properties = {},
+    properties = {
+        hide_credentials = {
+            type = "boolean",
+            default = false,
+        }
+    },
 }
 
 local consumer_schema = {
     type = "object",
     title = "work with consumer object",
     properties = {
         username = { type = "string" },
-        password = { type = "string" },
+        password = { type = "string" }
     },
     required = {"username", "password"},
 }
@@ -161,6 +166,11 @@ function _M.rewrite(conf, ctx)
         return 401, { message = "Password is error" }
     end
 
+    -- 5. hide `Authentication` request header if `hide_credentials` is `true`
+    if conf.hide_credentials == true then
+        core.request.set_header(ctx, "Authentication", nil)
+    end
+
     consumer.attach_consumer(ctx, cur_consumer, consumer_conf)
 
     core.log.info("hit basic-auth access")

docs/en/latest/plugins/basic-auth.md

@@ -39,10 +39,18 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped
 
 ## Attributes
 
-| Name     | Type   | Requirement | Default | Valid | Description                                                                                                                                                      |
-| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| username | string | required    |         |       | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
-| password | string | required    |         |       | the user's password                                                                                                                                              |
+For consumer side:
+
+| Name             | Type    | Requirement | Default | Valid | Description                                                                                                                                                      |
+| --------         | ------  | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| username         | string  | required    |         |       | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
+| password         | string  | required    |         |       | the user's password                                                                                                                                              |
+
+For route side:
+
+| Name             | Type    | Requirement | Default | Valid | Description                                                                                                                                                      |
+| --------         | ------  | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| hide_credentials | boolean | optional    | false   |       | Whether to return the Authentication request headers to the upstream.                                                                                            |
 
 ## How To Enable
 
@@ -129,8 +137,8 @@ hello, world
 ## Disable Plugin
 
 When you want to disable the `basic-auth` plugin, it is very simple,
- you can delete the corresponding json configuration in the plugin configuration,
-  no need to restart the service, it will take effect immediately:
+you can delete the corresponding json configuration in the plugin configuration,
+no need to restart the service, it will take effect immediately:
 
 ```shell
 $ curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d '

docs/zh/latest/plugins/basic-auth.md

@@ -39,11 +39,19 @@ title: basic-auth
 
 ## 属性
 
+consumer 端配置：
+
 | 名称     | 类型   | 必选项 | 默认值 | 有效值 | 描述                                                                                                               |
 | -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ |
 | username | string | 必须   |        |        | 不同的 `consumer` 对象应有不同的值，它应当是唯一的。不同 consumer 使用了相同的 `username` ，将会出现请求匹配异常。 |
 | password | string | 必须   |        |        | 用户的密码                                                                                                         |
 
+router 端配置：
+
+| 名称     | 类型   | 必选项 | 默认值 | 有效值 | 描述                                                                                                               |
+| -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ |
+| hide_credentials | boolean | 可选    | false   |       | 是否将 Authentication 请求头传递给 upstream。                                                                                             |
+
 ## 如何启用
 
 ### 1. 创建一个 consumer 对象，并设置插件 `basic-auth` 的值。