From fb068ead3e8cb6f70bb97838fde06f28f3d48921 Mon Sep 17 00:00:00 2001
From: wanglei <34475144@qqcom>
Date: Sat, 1 Nov 2025 08:20:23 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9jwt=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E9=98=B2=E6=8A=A4=E4=BB=A3=E7=A0=81=EF=BC=8C=E5=8E=BB=E6=8E=89?=
 =?UTF-8?q?=E4=B8=8D=E9=9C=80=E8=A6=81=E7=9A=84=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/auth/jwt-auth.lua | 28 +++-------------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/src/auth/jwt-auth.lua b/src/auth/jwt-auth.lua
index 0dbb070..c74dfaa 100644
--- a/src/auth/jwt-auth.lua
+++ b/src/auth/jwt-auth.lua
@@ -7,31 +7,6 @@ ngx.log(ngx.INFO, auth_header)
 ----定义响应数据
 local response = {}
 ----如果请求头中没有令牌，则直接返回401
---if auth_header == nil then
---    ngx.log(ngx.WARN, "No Authorization header")
---    ngx.exit(ngx.HTTP_UNAUTHORIZED)
---end
---
---ngx.log(ngx.INFO, "Authorization: " .. auth_header)
---
----- require Bearer token
---local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
---
---if token == nil then
---    ngx.log(ngx.WARN, "Missing token")
---    ngx.exit(ngx.HTTP_UNAUTHORIZED)
---end
---ngx.log(ngx.INFO, "Token: " .. token)
---local jwt_obj = jwt:verify(ngx.decode_base64(secret), token)
---if jwt_obj.verified == false then
---    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
---    ngx.status = ngx.HTTP_UNAUTHORIZED
---    ngx.header.content_type = "application/json; charset=utf-8"
---    ngx.say(cjson.encode(jwt_obj))
---    ngx.exit(ngx.HTTP_UNAUTHORIZED)
---end
---ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
-
 if auth_header == nil or auth_header == "" then
     ngx.log(ngx.WARN, "没有找到令牌数据")
     response["code"] = ngx.HTTP_UNAUTHORIZED
@@ -55,6 +30,7 @@ if token == nil then
     ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
 --]]
+
 --校验令牌
 local jwt_obj = jwt:verify(conf.secret_key, auth_header)
 --如果校验结果中的verified==false，则表示令牌无效
@@ -67,6 +43,7 @@ if jwt_obj.verified == false then
     ngx.body = response
     ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
+
 --判断token是否超时
 if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then
     ngx.log(ngx.WARN, "token timeout ".. jwt_obj.reason)
@@ -77,5 +54,6 @@ if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then
     ngx.body = response
     ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
+
 --全部校验完成后，说明令牌有效，返回令牌数据
 ngx.log(ngx.INFO, "令牌校验通过 JWT: " .. cjson.encode(jwt_obj))
\ No newline at end of file