增加jwt认证，对需要使用的接口进行过滤

conf/auth/auth.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/auth {
-    content_by_lua_file '${APP_PATH}/src/api/auth/auth.lua';
-}

conf/nginx.conf

@@ -33,15 +33,10 @@ http {
         ## 应用路径
         set $APP_PATH '/home/frankly/work/AuthPlatform';
 
-        #登录认证配置
+
-        include 'auth/auth.conf';
+        #access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua';
         #数据列表配置
-        include 'system/account.conf';
+        include 'system/system.conf';
-        include 'system/application.conf';
-        include 'system/department.conf';
-        include 'system/permission.conf';
-        include 'system/role.conf';
-        include 'system/user.conf';
 
         #测试接口配置
         location /testSQL {
@@ -52,7 +47,7 @@ http {
         }
         #jwt验证进行测试
         location /api/test {
-            access_by_lua_file '${APP_PATH}/src/util/jwt-auth.lua';
+            access_by_lua_file '${APP_PATH}/src/auth/jwt-auth.lua';
             proxy_pass http://192.168.147.1:3000;
         }
     }

conf/system/account.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/accounts {
-    content_by_lua_file '${APP_PATH}/src/api/system/account.lua';
-}

conf/system/application.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/applications {
-    content_by_lua_file '${APP_PATH}/src/api/system/application.lua';
-}

conf/system/department.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/organizations {
-    content_by_lua_file '${APP_PATH}/src/api/system/organization.lua';
-}

conf/system/permission.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/permissions {
-    content_by_lua_file '${APP_PATH}/src/api/system/permission.lua';
-}

conf/system/role.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/roles {
-    content_by_lua_file '${APP_PATH}/src/api/system/role.lua';
-}

conf/system/user.conf

@@ -1,4 +0,0 @@
-#API接口文件
-location /api/system/users {
-    content_by_lua_file '${APP_PATH}/src/api/system/user.lua';
-}

src/auth/jwt-auth.lua

@@ -0,0 +1,81 @@
+local jwt = require "resty.jwt"
+local validators = require "resty.jwt-validators"
+local conf = require("config")
+
+local auth_header = ngx.var.http_Authorization
+ngx.log(ngx.INFO, auth_header)
+----定义响应数据
+local response = {}
+----如果请求头中没有令牌，则直接返回401
+--if auth_header == nil then
+--    ngx.log(ngx.WARN, "No Authorization header")
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--
+--ngx.log(ngx.INFO, "Authorization: " .. auth_header)
+--
+---- require Bearer token
+--local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+--
+--if token == nil then
+--    ngx.log(ngx.WARN, "Missing token")
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--ngx.log(ngx.INFO, "Token: " .. token)
+--local jwt_obj = jwt:verify(ngx.decode_base64(secret), token)
+--if jwt_obj.verified == false then
+--    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+--    ngx.status = ngx.HTTP_UNAUTHORIZED
+--    ngx.header.content_type = "application/json; charset=utf-8"
+--    ngx.say(cjson.encode(jwt_obj))
+--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+--end
+--ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+
+if auth_header == nil or auth_header == "" then
+    ngx.log(ngx.WARN, "没有找到令牌数据")
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "没有找到令牌数据"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--[[
+--查找令牌中的Bearer前缀字符，并进行截取
+local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+--如果没有Bearer，则表示令牌无效
+if token == nil then
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌格式不正确"
+    ngx.log(ngx.WARN, "令牌格式不正确")
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--]]
+--校验令牌
+local jwt_obj = jwt:verify(conf.secret_key, auth_header)
+--如果校验结果中的verified==false，则表示令牌无效
+if jwt_obj.verified == false then
+    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌无效"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--判断token是否超时
+if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then
+    ngx.log(ngx.WARN, "token timeout ".. jwt_obj.reason)
+    response["code"] = ngx.HTTP_UNAUTHORIZED
+    response["message"] = "令牌已过期"
+    ngx.status = ngx.HTTP_UNAUTHORIZED
+    ngx.header.content_type = "application/json; charset=utf-8"
+    ngx.body = response
+    ngx.exit(ngx.HTTP_UNAUTHORIZED)
+end
+--全部校验完成后，说明令牌有效，返回令牌数据
+ngx.log(ngx.INFO, "令牌校验通过 JWT: " .. cjson.encode(jwt_obj))

src/dao/account.lua

@@ -61,9 +61,8 @@ function _M.addSystemAccount(jsonData)
 
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个账户
-    return accountModel:create('{'..ret..'}')
+    return accountModel:create(jsonData)
 end
 
 --删除账户信息到数据表

src/dao/application.lua

@@ -76,9 +76,8 @@ function _M.addSystemApplication(jsonData)
     end
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个应用
-    return applicationModel:create('{'..ret..'}')
+    return applicationModel:create(jsonData)
 end
 
 --删除应用信息到数据表

src/dao/department.lua

@@ -60,9 +60,8 @@ function _M.addSystemDepartment(jsonData)
     end
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个组织架构
-    return departmentModel:create('{'..ret..'}')
+    return departmentModel:create(jsonData)
 end
 
 --删除组织架构信息到数据表

src/dao/permission.lua

@@ -68,9 +68,8 @@ function _M.addSystemPermission(jsonData)
 
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个权限
-    return permissionModel:create('{'..ret..'}')
+    return permissionModel:create(jsonData)
 end
 
 --删除权限信息到数据表

src/dao/role.lua

@@ -61,9 +61,8 @@ function _M.addSystemRole(jsonData)
 
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个角色
-    return roleModel:create('{'..ret..'}')
+    return roleModel:create(jsonData)
 end
 
 --删除角色信息到数据表

src/dao/user.lua

@@ -42,13 +42,16 @@ end
 
 --增加用户信息到数据表
 function _M.addSystemUser(jsonData)
+    if jsonData == nil or jsonData == "" then
+        return 0x000001, nil
+    end
     --解析json中的键和数据值
     local userName = jsonData['username']
     local phone = jsonData['phone']
     local email = jsonData['email']
 
     --根据用户、手机号、邮箱进行验证用户是否存在
-    local code, res = userModel:where("username", "=", userName):where("phone", "=", phone):where("email", "=", email):get()
+    local  code, res = userModel:where("username", "=", userName):orwhere("phone", "=", phone):orwhere("email", "=", email):get()
     if code ~= 0 then
         return 0x000001,res
     end
@@ -63,9 +66,8 @@ function _M.addSystemUser(jsonData)
 
     --键值为id产生uuid数据值，增加到json中
     jsonData.id = helpers.getUuid()
-    local ret = helpers.convert_json(jsonData)
     -- 创建一个用户
-    return userModel:create('{'..ret..'}')
+    return userModel:create(jsonData)
 end
 
 --删除用户信息到数据表

src/service/system/user.lua

@@ -43,7 +43,9 @@ function _M.addSystemUser()
         return
     end
     --ngx.say(body_data)
-    local code, ret = userDao.addSystemUser(cjson.decode(body_data))
+    local jsonData = cjson.decode(body_data)
+    --ngx.say(jsonData)
+    local code, ret = userDao.addSystemUser(jsonData)
     local result = resp:json(code, ret)
     resp:send(result)
 end

src/util/response.lua

@@ -16,13 +16,13 @@ function _M:json(status, message, data, http_status)
 		--end
         msg = error_code[status]
 	end
-	local response = {status=status, msg=msg, data=data,timestamp=os.time()}
+	local response = {code=status, msg=msg, result=data,timestamp=os.time()}
-	if not response.status then
+	if not response.code then
-		response.status = -1
+		response.code = -1
 		response.message = 'not find status code'
 	end
 	return {
-		status = response_status,
+		code = response_status,
 		headers = {content_type = 'application/json; charset=UTF-8'},
 		body = cjson.encode(response)
 	}
@@ -34,13 +34,13 @@ function _M:json(status, data, http_status)
     local response_status = http_status or ngx.OK
     msg = error_code[status]
 
-    local response = {status=status, msg=msg, data=data,timestamp=os.time()}
+    local response = {code=status, msg=msg, result=data,timestamp=os.time()}
-    if not response.status then
+    if not response.code then
-        response.status = -1
+        response.code = -1
         response.message = 'not find status code'
     end
     return {
-        status = response_status,
+        code = response_status,
         headers = {content_type = 'application/json; charset=UTF-8'},
         body = cjson.encode(response)
     }
@@ -48,7 +48,7 @@ end
 
 function _M:raw(http_status, http_body)
 	return {
-		status = http_status,
+		code = http_status,
 		headers = {},
 		body = http_body,
         timestamp = os.time()
@@ -57,7 +57,7 @@ end
 
 function _M:error(http_status, http_headers, http_body)
 	return {
-		status = http_status,
+		code = http_status,
 		headers = http_headers,
 		body = http_body,
         timestamp = ngx.now()
@@ -65,7 +65,7 @@ function _M:error(http_status, http_headers, http_body)
 end
 
 function _M:send(response)
-	ngx.status = response.status
+	ngx.status = response.code
 	if response.headers ~= nil then
 		for name, value in pairs(response.headers) do
 			ngx.header[name] = value

src/util/status.lua

@@ -37,5 +37,6 @@ return {
     [0x010009] = '重置密码失败，用户不存在',
     [0x01000A] = '获取用户信息失败，用户未登录',
     [0x01000B] = '获取用户信息失败，用户不存在',
-    [0x01000C] = '修改用户信息失败，用户不存在',
+    [0x01000C] = '添加用户信息失败，用户已存在',
+    [0x01000D] = '修改用户信息失败，用户不存在',
 }