diff --git a/conf/nginx.conf b/conf/nginx.conf index 0a48745..c1b38ed 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -56,32 +56,10 @@ http { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; - if ($request_method = 'OPTIONS') { return 204; } - #OP端点配置 - location /yum/v1/.well-known/openid-configuration { - content_by_lua_block { - local cjson = require "cjson" - local config = { - issuer = "http://localhost:9080", - authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize", - token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token", - userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo", - --jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选) - grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token - response_types_supported = { "code" }, - subject_types_supported = { "public" }, - id_token_signing_alg_values_supported = { "HS256" }, - refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token - } - ngx.header["Content-Type"] = "application/json" - ngx.say(cjson.encode(config)) - } - } - #数据列表配置 include 'system/system.conf'; @@ -95,20 +73,6 @@ http { location /test { content_by_lua_file '${APP_PATH}/src/test/test.lua'; } - location = /testSM { - content_by_lua_block { - cjson = require "cjson.safe" - ngx.say(cjson.encode({a = 1, b = 2})) - local dict_a = ngx.shared.dict_a; - ngx.say("abc=",dict_a:get("abc")) - - -- 访问全局变量 - ngx.say("Global variable: ", global_var) - - -- 访问共享字典 - ngx.say("Shared dict value: ", dict_a:get("key")) - } - } } #server { diff --git a/conf/system/system.conf b/conf/system/system.conf index 70b8994..6b31c27 100644 --- a/conf/system/system.conf +++ b/conf/system/system.conf @@ -51,6 +51,11 @@ location /yum/v1/system/users { ###################################################### ### oauth2.0 + openIDC 接口文件处理 ### ###################################################### +#OP认证端点相关 +location /yum/v1/.well-known/openid-configuration { + content_by_lua_file '${APP_PATH}/src/api/oidc/config.lua'; +} + #用户认证登陆相关 location /yum/v1/oauth/v2 { content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua'; diff --git a/src/api/oauth/oauth.lua b/src/api/oauth/oauth.lua index e61ee90..49effb4 100644 --- a/src/api/oauth/oauth.lua +++ b/src/api/oauth/oauth.lua @@ -11,8 +11,14 @@ local oauthService = require("service.oauth.oauth") --定义相关路由,前端接口url地址 local routes = { -------------------------------------------- - ------------ OAuth2.0认证相关路由配置 --------- + ------------ OIDC OAuth2.0认证相关路由配置 --- -------------------------------------------- + --OP端点配置 + { + paths = { "/yum/v1/.well-known/openid-configuration" }, + methods = { "GET", "POST" }, + handler = oauthService.openidConfig, + }, --获取授权码 { paths = { "/yum/v1/oauth/v2/authorize" }, diff --git a/src/api/oidc/config.lua b/src/api/oidc/config.lua new file mode 100644 index 0000000..83ef9c2 --- /dev/null +++ b/src/api/oidc/config.lua @@ -0,0 +1,21 @@ +--- +--- Generated by EmmyLua(https://github.com/EmmyLua) +--- Created by admin. +--- DateTime: 2025/11/19 11:48 +--- openID Connect 认证端点配置文件 + +local cjson = require "cjson.safe" +local config = { + issuer = "http://localhost:9080", + authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize", + token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token", + userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo", + --jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选) + grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token + response_types_supported = { "code" }, + subject_types_supported = { "public" }, + id_token_signing_alg_values_supported = { "HS256" }, + refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token +} +ngx.header["Content-Type"] = "application/json" +ngx.say(cjson.encode(config)) \ No newline at end of file