增加jwt认证，对需要使用的接口进行过滤

2025-10-31 21:34:33 +08:00 · 2025-10-31 21:34:33 +08:00 · 70b308f041
commit 70b308f041
parent 38c8a4cc92
1 changed files with 81 additions and 0 deletions
--- a/src/auth/jwt-auth.lua
+++ b/src/auth/jwt-auth.lua
@ -0,0 +1,81 @@
+local jwt = require "resty.jwt"
+local validators = require "resty.jwt-validators"
+local conf = require("config")
+
+local auth_header = ngx.var.http_Authorization
+ngx.log(ngx.INFO, auth_header)
+----定义响应数据
+local response = {}
+----如果请求头中没有令牌，则直接返回401
+--if auth_header == nil then
+--    ngx.log(ngx.WARN, "No Authorization header")
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--
+--ngx.log(ngx.INFO, "Authorization: " .. auth_header)
+--
+---- require Bearer token
+--local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+--
+--if token == nil then
+--    ngx.log(ngx.WARN, "Missing token")
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--ngx.log(ngx.INFO, "Token: " .. token)
+--local jwt_obj = jwt:verify(ngx.decode_base64(secret), token)
+--if jwt_obj.verified == false then
+--    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+--    ngx.status = ngx.HTTP_UNAUTHORIZED
+--    ngx.header.content_type = "application/json; charset=utf-8"
+--    ngx.say(cjson.encode(jwt_obj))
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+
+if auth_header == nil or auth_header == "" then
+    ngx.log(ngx.WARN, "没有找到令牌数据")
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "没有找到令牌数据"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--[[
+--查找令牌中的Bearer前缀字符，并进行截取
+local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+--如果没有Bearer，则表示令牌无效
+if token == nil then
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌格式不正确"
+    ngx.log(ngx.WARN, "令牌格式不正确")
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--]]
+--校验令牌
+local jwt_obj = jwt:verify(conf.secret_key, auth_header)
+--如果校验结果中的verified==false，则表示令牌无效
+if jwt_obj.verified == false then
+    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌无效"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--判断token是否超时
+if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then
+    ngx.log(ngx.WARN, "token timeout ".. jwt_obj.reason)
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌已过期"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--全部校验完成后，说明令牌有效，返回令牌数据
+ngx.log(ngx.INFO, "令牌校验通过 JWT: " .. cjson.encode(jwt_obj))