From 70b308f041522525ebcbac9a87b036a8a41e7bca Mon Sep 17 00:00:00 2001 From: wanglei <34475144@qqcom> Date: Fri, 31 Oct 2025 21:34:33 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0jwt=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=EF=BC=8C=E5=AF=B9=E9=9C=80=E8=A6=81=E4=BD=BF=E7=94=A8=E7=9A=84?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E8=BF=9B=E8=A1=8C=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/auth/jwt-auth.lua | 81 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 src/auth/jwt-auth.lua diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua new file mode 100644 index 0000000..0dbb070 --- /dev/null +++ b/src/auth/jwt-auth.lua @@ -0,0 +1,81 @@ +local jwt = require "resty.jwt" +local validators = require "resty.jwt-validators" +local conf = require("config") + +local auth_header = ngx.var.http_Authorization +ngx.log(ngx.INFO, auth_header) +----定义响应数据 +local response = {} +----如果请求头中没有令牌,则直接返回401 +--if auth_header == nil then +-- ngx.log(ngx.WARN, "No Authorization header") +-- ngx.exit(ngx.HTTP_UNAUTHORIZED) +--end +-- +--ngx.log(ngx.INFO, "Authorization: " .. auth_header) +-- +---- require Bearer token +--local _, _, token = string.find(auth_header, "Bearer%s+(.+)") +-- +--if token == nil then +-- ngx.log(ngx.WARN, "Missing token") +-- ngx.exit(ngx.HTTP_UNAUTHORIZED) +--end +--ngx.log(ngx.INFO, "Token: " .. token) +--local jwt_obj = jwt:verify(ngx.decode_base64(secret), token) +--if jwt_obj.verified == false then +-- ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) +-- ngx.status = ngx.HTTP_UNAUTHORIZED +-- ngx.header.content_type = "application/json; charset=utf-8" +-- ngx.say(cjson.encode(jwt_obj)) +-- ngx.exit(ngx.HTTP_UNAUTHORIZED) +--end +--ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj)) + +if auth_header == nil or auth_header == "" then + ngx.log(ngx.WARN, "没有找到令牌数据") + response["code"] = ngx.HTTP_UNAUTHORIZED + response["message"] = "没有找到令牌数据" + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.body = response + ngx.exit(ngx.HTTP_UNAUTHORIZED) +end +--[[ +--查找令牌中的Bearer前缀字符,并进行截取 +local _, _, token = string.find(auth_header, "Bearer%s+(.+)") +--如果没有Bearer,则表示令牌无效 +if token == nil then + response["code"] = ngx.HTTP_UNAUTHORIZED + response["message"] = "令牌格式不正确" + ngx.log(ngx.WARN, "令牌格式不正确") + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.body = response + ngx.exit(ngx.HTTP_UNAUTHORIZED) +end +--]] +--校验令牌 +local jwt_obj = jwt:verify(conf.secret_key, auth_header) +--如果校验结果中的verified==false,则表示令牌无效 +if jwt_obj.verified == false then + ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) + response["code"] = ngx.HTTP_UNAUTHORIZED + response["message"] = "令牌无效" + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.body = response + ngx.exit(ngx.HTTP_UNAUTHORIZED) +end +--判断token是否超时 +if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then + ngx.log(ngx.WARN, "token timeout ".. jwt_obj.reason) + response["code"] = ngx.HTTP_UNAUTHORIZED + response["message"] = "令牌已过期" + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.body = response + ngx.exit(ngx.HTTP_UNAUTHORIZED) +end +--全部校验完成后,说明令牌有效,返回令牌数据 +ngx.log(ngx.INFO, "令牌校验通过 JWT: " .. cjson.encode(jwt_obj)) \ No newline at end of file