wanglei/AuthPlatform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

对优化代码进行测试,并返回正确的数据内容

Browse Source
This commit is contained in:
wanglei 2025-11-13 23:01:04 +08:00
parent 03658c9004
commit a9718e0504
3 changed files with 22 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/api/oauth/oauth.lua
View File

@ -25,36 +25,18 @@ local routes = {
methods = { "GET", "POST" },
handler = oauthService.token,
},
--通过用户名和密码进行验证
{
paths = { "/yum/v1/oauth/v2/login" },
methods = { "POST" },
handler = oauthService.login,
},
--根据Access-Token获取相应用户的账户信息
{
paths = { "/yum/v1/oauth/v2/userinfo" },
methods = { "POST" },
handler = oauthService.userinfo,
},
--回收Access-Token
{
paths = { "/yum/v1/oauth/v2/logout" },
methods = { "POST" },
handler = oauthService.logout,
},
--根据Refresh-Token刷新Access-Token
{
paths = { "/yum/v1/oauth/v2/refresh" },
methods = { "GET", "POST" },
handler = oauthService.refresh,
},
--验证token是否有效
{
paths = { "/yum/v1/oauth/v2/checklogin" },
methods = { "POST" },
handler = oauthService.checklogin,
},
}
-- 初始化路由

31
src/service/oauth/oauth.lua
View File

@ -62,7 +62,7 @@ function _M:authorize()
return
end
-- 4. 生成授权码随机字符串确保唯一性用户ID、客户端ID、scope、生成时间
local auth_code, err = authcode.create("123456", args.client_id, ngx.var.request_uri, args.scope)
local auth_code, err = authcode.create("123456", args.client_id, args.redirect_uri, args.scope)
if not auth_code then
ngx.log(ngx.ERR, "生成授权码失败: ", err)
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
@ -72,7 +72,7 @@ function _M:authorize()
local redirect_url = args.redirect_uri .. "?code=" .. code .. "&state=" .. args.state
local rest = {}
rest.redirect_uri = args.redirect_uri
rest.code = code
rest.code = auth_code
rest.state = args.state
local result = resp:json(ngx.HTTP_OK, rest)
resp:send(result)
@ -112,7 +112,7 @@ function _M:token()
return
end
-- 3. 校验 code 有效性
local code_data, err = authcode.consume(args.code, args.client_id)
local code_data, err = authcode.consume(args.code)--, args.client_id)
if not code_data then
ngx.log(ngx.ERR, "授权码验证失败: ", err)
ngx.exit(ngx.HTTP_BAD_REQUEST)
@ -120,17 +120,17 @@ function _M:token()
-- 4、验证redirect_url地址的正确性
local request_uri = code_data.redirect_uri
print("token request_uri:", request_uri)
if request_uri ~= args.redirect_url then
--print("token redirect_url:", request_uri, args.redirect_url)
if request_uri ~= args.redirect_uri then
print("token redirect_url:", request_uri, args.redirect_uri)
local login_url = "/login?redirect=" .. ngx.escape_uri(request_uri)
local result = resp:json(ngx.HTTP_MOVED_TEMPORARILY, login_url)
resp:send(result)
return
end
-- 6. 生成密钥对
-- 5. 生成密钥对
local pub_key, priv_key, err = rsa.generate_rsa_keys(2048)
if err then
--print("密钥生成失败: ", err)
print("密钥生成失败: ", err)
local result = resp:json(0x00001)
resp:send(result)
return
@ -144,7 +144,7 @@ function _M:token()
--print("token scope:", scope)
local access_token_ttl = 10 * 60 --十分钟
local refresh_token_ttl = 7 * 24 * 3600 --7天
-- 7 生成新 Access Token
-- 6 生成新 Access Token
local access_payload = {
sub = user_id, -- 用户ID
client_id = client_id,
@ -157,7 +157,7 @@ function _M:token()
payload = access_payload
})
-- 8 生成新 Refresh Token滚动刷新
-- 7 生成新 Refresh Token滚动刷新
local refresh_payload = {
sub = user_id,
client_id = client_id,
@ -170,7 +170,7 @@ function _M:token()
payload = refresh_payload
})
-- 9、生存id_token
-- 8、生存id_token
-- 创建JWT的payload
local payload = {
iss = request_uri,
@ -193,7 +193,7 @@ function _M:token()
return
end
--ngx.say("Generated JWT: ", jwt_obj)
-- 10. 返回结果
-- 9. 返回结果
local ret = {}
ret.access_token = new_access_token
ret.token_type = "Bearer"
@ -209,13 +209,13 @@ function _M:userinfo()
--获取用户认证数据信息
local auth_header = ngx.var.http_Authorization
--如果请求头中没有令牌则直接返回401
-- 1.如果请求头中没有令牌则直接返回401
if auth_header == nil or auth_header == "" then
ngx.log(ngx.WARN, "没有找到令牌数据")
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--查找令牌中的Bearer前缀字符
-- 2.查找令牌中的Bearer前缀字符
local data = {}
data.Authorization = auth_header
local ok = validator.validateUserinfo(data)
@ -224,7 +224,7 @@ function _M:userinfo()
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--获取token的数据值
-- 3.获取token的数据值
local token = string.sub(auth_header,8)
--校验令牌
local pub_key, priv_key, err = rsa.generate_rsa_keys(2048)
@ -234,6 +234,7 @@ function _M:userinfo()
resp:send(result)
return
end
-- 5.对token进行验证
print("userinfo pubkey:", pub_key)
local jwt_obj = jwt:verify(pub_key, token)
--如果校验结果中的verified==false则表示令牌无效
@ -249,7 +250,7 @@ function _M:userinfo()
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--获取token中的信息进行所需用户的信息返回
-- 6.获取token中的信息进行所需用户的信息返回
local ret = {}
ret.sub = 248289761001
ret.name = "Jane Doe"

8
src/util/authcode.lua
View File

@ -6,18 +6,20 @@
local str = require "resty.string"
local random = require "resty.random"
local cjson = require("cjson.safe")
local _M = {}
-- 生成随机授权码(20字节)
-- 生成随机授权码(16字节)
local function generate_code()
local random_bytes = random.bytes(20, true)
local random_bytes = random.bytes(16)
return str.to_hex(random_bytes)
end
-- 存储授权码有效期5分钟
function _M.create(user_id, client_id, redirect_uri, scope)
local code = generate_code()
print("authorize code:", code)
local code_key = "auth_code-"..code
local code_data = cjson.encode({
user_id = user_id,
@ -45,9 +47,11 @@ function _M.consume(code, client_id)
shared_dict:delete(code_key)
local code_data = cjson.decode(data)
--[[
if code_data.client_id ~= client_id then
return nil, "客户端不匹配"
end
--]]
if code_data.expires_at < ngx.time() then
return nil, "授权码已过期"
end