feat: cluster-key-rate-limit support setting global rate limit thresholds for routes​

[hanxiantao]

Ⅰ. Describe what this PR did

feat: cluster-key-rate-limit supports setting global rate limit thresholds for routes

Other fixes:

1. Bugfix for parsing the rejected_msg configuration in cluster-key-rate-limit and ai-token-ratelimit
2. Adjustment of the ext-auth plugin to the new API

Ⅱ. Does this pull request fix one issue?

fixes #2251
fixes #2326

Ⅲ. Why don't you add test cases (unit test/integration test)?

Ⅳ. Describe how to verify it

测试用例如下：

1）、global_threshold

apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
  name: test
  namespace: higress-system
spec:
  defaultConfig:
    rule_name: default_rule
    global_threshold:
      query_per_minute: 10
    redis:
      service_name: "redis.default.svc.cluster.local"
      service_port: 6379
    show_limit_quota_header: true
  url: oci://registry.cn-hangzhou.aliyuncs.com/wasm-plugin/wasm-plugin:cluster-key-rate-limit-0.0.1
  imagePullSecret: aliyun

一分钟内请求三次：

curl -kvv -X GET 'http://localhost:8082/foo'

2）、limit_by_param和limit_by_per_param

wasmplugin.yam：

apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
  name: test
  namespace: higress-system
spec:
  defaultConfig:
    rule_name: default_rule
    rule_items:
      - limit_by_param: apikey
        limit_keys:
          - key: 9a342114-ba8a-11ec-b1bf-00163e1250b5
            query_per_minute: 10
          - key: a6a6d7f2-ba8a-11ec-bec2-00163e1250b5
            query_per_hour: 100
      - limit_by_per_param: apikey
        limit_keys:
          # 正则表达式，匹配以a开头的所有字符串，每个apikey对应的请求10qds
          - key: "regexp:^a.*"
            query_per_second: 10
          # 正则表达式，匹配以b开头的所有字符串，每个apikey对应的请求100qd
          - key: "regexp:^b.*"
            query_per_minute: 100
          # 兜底用，匹配所有请求，每个apikey对应的请求1000qdh
          - key: "*"
            query_per_hour: 1000
    redis:
      service_name: "redis.default.svc.cluster.local"
      service_port: 6379
    show_limit_quota_header: true
  url: oci://registry.cn-hangzhou.aliyuncs.com/wasm-plugin/wasm-plugin:cluster-key-rate-limit-0.0.1
  imagePullSecret: aliyun

1）根据第一个apikey进行限流

一分钟内请求三次：

curl -kvv -X GET 'http://localhost:8082/foo?apikey=9a342114-ba8a-11ec-b1bf-00163e1250b5'

响应头中x-ratelimit-limit为10（限制的总请求数），x-ratelimit-remaining为7（剩余还可以发送的请求数）

2）根据第二个apikey限流

请求三次：

curl -kvv -X GET 'http://localhost:8082/foo?apikey=a6a6d7f2-ba8a-11ec-bec2-00163e1250b5'

3）正则表达式以b开头的字符串

一分钟内请求三次：

curl -kvv -X GET 'http://localhost:8082/foo?apikey=b123456777'

响应头中x-ratelimit-limit为100（限制的总请求数），x-ratelimit-remaining为97（剩余还可以发送的请求数）s

4）*

请求三次：

curl -kvv -X GET 'http://localhost:8082/foo?apikey=1234567777'

3）、limit_by_header和limit_by_per_header

wasmplugin.yam：

apiVersion: extensions.higress.io/v1alpha1
kind: WasmPlugin
metadata:
  name: test
  namespace: higress-system
spec:
  defaultConfig:
    rule_name: default_rule
    rule_items:
      - limit_by_header: x-ca-key
        limit_keys:
          - key: 102234
            query_per_minute: 10
          - key: 308239
            query_per_hour: 10
      - limit_by_per_header: x-ca-key
        limit_keys:
          # 正则表达式，匹配以a开头的所有字符串，每个apikey对应的请求10qds
          - key: "regexp:^a.*"
            query_per_second: 10
          # 正则表达式，匹配以b开头的所有字符串，每个apikey对应的请求100qd
          - key: "regexp:^b.*"
            query_per_minute: 100
          # 兜底用，匹配所有请求，每个apikey对应的请求1000qdh
          - key: "*"
            query_per_hour: 1000
    redis:
      service_name: "redis.default.svc.cluster.local"
      service_port: 6379
    show_limit_quota_header: true
  url: oci://registry.cn-hangzhou.aliyuncs.com/wasm-plugin/wasm-plugin:cluster-key-rate-limit-0.0.1
  imagePullSecret: aliyun

1）根据第一个请求头进行限流

一分钟内请求三次：

curl -kvv -X GET 'http://localhost:8082/foo' -H 'x-ca-key: 102234'

响应头中x-ratelimit-limit为10（限制的总请求数），x-ratelimit-remaining为7（剩余还可以发送的请求数）

2）根据第二个请求头进行限流

请求三次：

curl -kvv -X GET 'http://localhost:8082/foo' -H 'x-ca-key: 308239'

3）正则表达式以b开头的字符串

一分钟内请求三次：

curl -kvv -X GET 'http://localhost:8082/foo' -H 'x-ca-key: b12345689'

响应头中x-ratelimit-limit为100（限制的总请求数），x-ratelimit-remaining为97（剩余还可以发送的请求数）

4）*

请求三次：

curl -kvv -X GET 'http://localhost:8082/foo' -H 'x-ca-key: 123456'

Ⅴ. Special notes for reviews

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.06%. Comparing base (ef31e09) to head (adf6c34).
Report is 528 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2262       +/-   ##
===========================================
+ Coverage   35.91%   46.06%   +10.15%     
===========================================
  Files          69       81       +12     
  Lines       11576    13010     +1434     
===========================================
+ Hits         4157     5993     +1836     
+ Misses       7104     6671      -433     
- Partials      315      346       +31     

see 78 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[johnlanni]

LGTM

[johnlanni]

LGTM