修改token验证使用jsonschema进行验证

2025-11-01 23:00:27 +08:00 · 2025-11-01 23:00:27 +08:00 · 1cf799c51b
commit 1cf799c51b
parent b0967b428c
3 changed files with 37 additions and 16 deletions
--- a/src/auth/jwt-auth.lua
+++ b/src/auth/jwt-auth.lua
@ -5,9 +5,10 @@ local jsonschema = require("jsonschema")

 -- 定义一个JSON Schema
 local schema = {
-    {type = "object", properties = {
-        {name = "Authorization", type = "string", pattern = "^Bearer\\s+(.+)$"},
-    }, required = {"Authorization"}}
+    type = 'object',
+    properties = {
+        Authorization = {type = 'string', minLength = 8, pattern = 'Bearer\\s+(.+)$'},
+    }, required = {"Authorization"}
 }

 --获取用户认证数据信息
@ -20,15 +21,18 @@ if auth_header == nil or auth_header == "" then
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end

--查找令牌中的Bearer前缀字符，并进行截取 todo 使用jsonscheme进行匹配
+--查找令牌中的Bearer前缀字符
 local validator = jsonschema.generate_validator(schema)
-local result = validator(auth_header)
-if not result then
+local data = {}
+data.Authorization = auth_header
+local ok = validator(data)
+if not ok then
    ngx.log(ngx.WARN, "令牌格式不正确")
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
-
+--获取token的数据值
+local token = string.sub(auth_header,8)
 --校验令牌
 local jwt_obj = jwt:verify(conf.secret_key, token)
 --如果校验结果中的verified==false，则表示令牌无效
--- a/src/test/test.lua
+++ b/src/test/test.lua
@ -34,20 +34,25 @@ ngx.say("pageNum:", pageNum, " pageSize:", pageSize)
 --]]

 local schema = {
-    {type = "object", properties = {
-        {name = "token", type = "string", pattern = "^Bearer\\s+(.+)$"},
-    }, required = {"token"}}
+    type = 'object',
+    properties = {
+        Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'},
+    }, required = {"Authorization"}
 }

+--获取用户认证数据信息
+local data = {}
+local auth_header = ngx.var.http_Authorization
+data.Authorization = auth_header
 local validator = jsonschema.generate_validator(schema)
-local result = validator(auth_header)
+local result = validator(data)
 if not result then
    ngx.log(ngx.WARN, "令牌格式不正确")
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
-
-ngx.say(result.token)
+local token = string.sub(auth_header,8)
+ngx.say(token)

 --local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]]
 ----解析json字符串
--- a/src/util/token.lua
+++ b/src/util/token.lua
@ -6,9 +6,17 @@

 local jwt = require("resty.jwt")
 local conf = require("config")
+local jsonschema = require("jsonschema")

 local _M = {}

+local schema = {
+    type = 'object',
+    properties = {
+        Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'},
+    }, required = {"Authorization"}
+}
+
 --设置JWT的有效载荷
 local obj = {
    header = {typ="JWT", alg="HS256"},
@ -46,15 +54,19 @@ function _M.authorizationToken(auth_header)
        return response
    end

-    --查找令牌中的Bearer前缀字符，并进行截取
-    local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+    local validator = jsonschema.generate_validator(schema)
+    local data = {}
+    data.Authorization = auth_header
+    local ok = validator(data)
    --如果没有Bearer，则表示令牌无效
-    if token == nil then
+    if not ok then
        response["code"] = 401
        response["message"] = "令牌格式不正确"
        return response
    end

+    --查找令牌中的Bearer前缀字符，并进行截取
+    local token = string.sub(auth_header,8)
    --校验令牌
    local jwt_obj = jwt:verify(conf.secret_key, token)
    --如果校验结果中的verified==false，则表示令牌无效