diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua index 263d5ab..702f9c6 100644 --- a/src/auth/jwt-auth.lua +++ b/src/auth/jwt-auth.lua @@ -5,9 +5,10 @@ local jsonschema = require("jsonschema") -- 定义一个JSON Schema local schema = { - {type = "object", properties = { - {name = "Authorization", type = "string", pattern = "^Bearer\\s+(.+)$"}, - }, required = {"Authorization"}} + type = 'object', + properties = { + Authorization = {type = 'string', minLength = 8, pattern = 'Bearer\\s+(.+)$'}, + }, required = {"Authorization"} } --获取用户认证数据信息 @@ -20,15 +21,18 @@ if auth_header == nil or auth_header == "" then ngx.exit(ngx.HTTP_UNAUTHORIZED) end ---查找令牌中的Bearer前缀字符,并进行截取 todo 使用jsonscheme进行匹配 +--查找令牌中的Bearer前缀字符 local validator = jsonschema.generate_validator(schema) -local result = validator(auth_header) -if not result then +local data = {} +data.Authorization = auth_header +local ok = validator(data) +if not ok then ngx.log(ngx.WARN, "令牌格式不正确") ngx.status = ngx.HTTP_UNAUTHORIZED ngx.exit(ngx.HTTP_UNAUTHORIZED) end - +--获取token的数据值 +local token = string.sub(auth_header,8) --校验令牌 local jwt_obj = jwt:verify(conf.secret_key, token) --如果校验结果中的verified==false,则表示令牌无效 diff --git a/src/test/test.lua b/src/test/test.lua index b31724a..1eb350f 100644 --- a/src/test/test.lua +++ b/src/test/test.lua @@ -34,20 +34,25 @@ ngx.say("pageNum:", pageNum, " pageSize:", pageSize) --]] local schema = { - {type = "object", properties = { - {name = "token", type = "string", pattern = "^Bearer\\s+(.+)$"}, - }, required = {"token"}} + type = 'object', + properties = { + Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'}, + }, required = {"Authorization"} } +--获取用户认证数据信息 +local data = {} +local auth_header = ngx.var.http_Authorization +data.Authorization = auth_header local validator = jsonschema.generate_validator(schema) -local result = validator(auth_header) +local result = validator(data) if not result then ngx.log(ngx.WARN, "令牌格式不正确") ngx.status = ngx.HTTP_UNAUTHORIZED ngx.exit(ngx.HTTP_UNAUTHORIZED) end - -ngx.say(result.token) +local token = string.sub(auth_header,8) +ngx.say(token) --local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]] ----解析json字符串 diff --git a/src/util/token.lua b/src/util/token.lua index 5d216b3..f9e5b25 100644 --- a/src/util/token.lua +++ b/src/util/token.lua @@ -6,9 +6,17 @@ local jwt = require("resty.jwt") local conf = require("config") +local jsonschema = require("jsonschema") local _M = {} +local schema = { + type = 'object', + properties = { + Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'}, + }, required = {"Authorization"} +} + --设置JWT的有效载荷 local obj = { header = {typ="JWT", alg="HS256"}, @@ -46,15 +54,19 @@ function _M.authorizationToken(auth_header) return response end - --查找令牌中的Bearer前缀字符,并进行截取 - local _, _, token = string.find(auth_header, "Bearer%s+(.+)") + local validator = jsonschema.generate_validator(schema) + local data = {} + data.Authorization = auth_header + local ok = validator(data) --如果没有Bearer,则表示令牌无效 - if token == nil then + if not ok then response["code"] = 401 response["message"] = "令牌格式不正确" return response end + --查找令牌中的Bearer前缀字符,并进行截取 + local token = string.sub(auth_header,8) --校验令牌 local jwt_obj = jwt:verify(conf.secret_key, token) --如果校验结果中的verified==false,则表示令牌无效