diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua index 3ba3bb9..263d5ab 100644 --- a/src/auth/jwt-auth.lua +++ b/src/auth/jwt-auth.lua @@ -1,12 +1,13 @@ local jwt = require "resty.jwt" local cjson = require("cjson.safe") local conf = require("config") +local jsonschema = require("jsonschema") -- 定义一个JSON Schema local schema = { {type = "object", properties = { - {name = "username", type = "string", minLength = 8, maxLength = 20}, - }, required = {"username", "phone", "email", "idcard"}} + {name = "Authorization", type = "string", pattern = "^Bearer\\s+(.+)$"}, + }, required = {"Authorization"}} } --获取用户认证数据信息 @@ -20,9 +21,9 @@ if auth_header == nil or auth_header == "" then end --查找令牌中的Bearer前缀字符,并进行截取 todo 使用jsonscheme进行匹配 -local _, _, token = string.find(auth_header, "Bearer%s+(.+)") ---如果没有Bearer,则表示令牌格式不正确 -if token == nil then +local validator = jsonschema.generate_validator(schema) +local result = validator(auth_header) +if not result then ngx.log(ngx.WARN, "令牌格式不正确") ngx.status = ngx.HTTP_UNAUTHORIZED ngx.exit(ngx.HTTP_UNAUTHORIZED) diff --git a/src/test/test.lua b/src/test/test.lua index 80395d5..b31724a 100644 --- a/src/test/test.lua +++ b/src/test/test.lua @@ -5,6 +5,8 @@ --- --local snowflake = require("util.snowflake") local helpers = require("share.helpers") +local jsonschema = require("jsonschema") +local cjson = require("cjson.safe") -- --local workerId = 0 -- 假设当前机器的ID是1,范围在[0, 31]之间 --local datacenterId = 0 -- 数据中心ID,范围在[0, 31]之间 @@ -14,7 +16,6 @@ local helpers = require("share.helpers") --max =a and b or c--a?b:c -local cjson = require("cjson.safe") --[[ local uuid = require("resty.jit-uuid") uuid.seed() @@ -32,16 +33,29 @@ local pageSize = args["pagesize"] or 10 ngx.say("pageNum:", pageNum, " pageSize:", pageSize) --]] +local schema = { + {type = "object", properties = { + {name = "token", type = "string", pattern = "^Bearer\\s+(.+)$"}, + }, required = {"token"}} +} -local cjson = require "cjson" ---local sampleJson = [[{"age":"23","testArray":{"array":[8,9,11,14,25]},"Himi":"himigame.com"}]] -local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]] ---解析json字符串 -local data = cjson.decode(sampleJson); ---打印json字符串中的age字段 -ngx.say(data["raw_header"]); ---打印数组中的第一个值(lua默认是从0开始计数) -ngx.say(data["payload"]["userid"]); +local validator = jsonschema.generate_validator(schema) +local result = validator(auth_header) +if not result then + ngx.log(ngx.WARN, "令牌格式不正确") + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.exit(ngx.HTTP_UNAUTHORIZED) +end + +ngx.say(result.token) + +--local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]] +----解析json字符串 +--local data = cjson.decode(sampleJson); +----打印json字符串中的age字段 +--ngx.say(data["raw_header"]); +----打印数组中的第一个值(lua默认是从0开始计数) +--ngx.say(data["payload"]["userid"]); --[[ local jwttoken = require("util.token") @@ -92,6 +106,7 @@ else end --]] +--[[ --用于接收前端数据的对象 local args=nil --获取前端的请求方式 并获取传递的参数 @@ -112,6 +127,7 @@ end local name = --响应前端 ngx.say("linux hello:"..name) +--]] --[[ local M = {}