5 changed files with 24 additions and 202 deletions
--- a/src/auth/jwt-auth.lua
+++ b/src/auth/jwt-auth.lua
@ -1,14 +1,12 @@
 local jwt = require "resty.jwt"
-local cjson = require("cjson.safe")
+local validators = require "resty.jwt-validators"
 local conf = require("config")
 local jsonschema = require("jsonschema")
 -- 定义一个JSON Schema
 local schema = {
-    type = 'object',
+    {type = "object", properties = {
-    properties = {
+        {name = "username", type = "string", minLength = 8, maxLength = 20},
-        Authorization = {type = 'string', minLength = 8, pattern = 'Bearer\\s+(.+)$'},
+    }, required = {"username", "phone", "email", "idcard"}}
    }, required = {"Authorization"}
 }
 --获取用户认证数据信息
@ -21,20 +19,17 @@ if auth_header == nil or auth_header == "" then
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
--查找令牌中的Bearer前缀字符
+--查找令牌中的Bearer前缀字符，并进行截取 todo 使用jsonscheme进行匹配
-local validator = jsonschema.generate_validator(schema)
+local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
-local data = {}
+--如果没有Bearer，则表示令牌格式不正确
-data.Authorization = auth_header
+if token == nil then
 local ok = validator(data)
 if not ok then
    ngx.log(ngx.WARN, "令牌格式不正确")
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
--获取token的数据值
+
 local token = string.sub(auth_header,8)
 --校验令牌
-local jwt_obj = jwt:verify(conf.secret_key, token)
+local jwt_obj = jwt:verify(conf.secret_key, auth_header)
 --如果校验结果中的verified==false，则表示令牌无效
 if jwt_obj.verified == false then
    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
--- a/src/test/test.lua
+++ b/src/test/test.lua
@ -5,8 +5,6 @@
 ---
 --local snowflake = require("util.snowflake")
 local helpers = require("share.helpers")
 local jsonschema = require("jsonschema")
 local cjson = require("cjson.safe")
 --
 --local workerId = 0 -- 假设当前机器的ID是1，范围在[0, 31]之间
 --local datacenterId = 0 -- 数据中心ID，范围在[0, 31]之间
@ -16,6 +14,7 @@ local cjson = require("cjson.safe")
 --max =a and b or c--a?b:c
 local cjson = require("cjson.safe")
 --[[
 local uuid = require("resty.jit-uuid")
 uuid.seed()
@ -33,34 +32,16 @@ local pageSize = args["pagesize"] or 10
 ngx.say("pageNum:", pageNum, " pageSize:", pageSize)
 --]]
 local schema = {
    type = 'object',
    properties = {
        Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'},
    }, required = {"Authorization"}
 }
--获取用户认证数据信息
+local cjson = require "cjson"
-local data = {}
+--local sampleJson = [[{"age":"23","testArray":{"array":[8,9,11,14,25]},"Himi":"himigame.com"}]]
-local auth_header = ngx.var.http_Authorization
+local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]]
-data.Authorization = auth_header
+--解析json字符串
-local validator = jsonschema.generate_validator(schema)
+local data = cjson.decode(sampleJson);
-local result = validator(data)
+--打印json字符串中的age字段
-if not result then
+ngx.say(data["raw_header"]);
-    ngx.log(ngx.WARN, "令牌格式不正确")
+--打印数组中的第一个值(lua默认是从0开始计数)
-    ngx.status = ngx.HTTP_UNAUTHORIZED
+ngx.say(data["payload"]["userid"]);
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
 end
 local token = string.sub(auth_header,8)
 ngx.say(token)
 --local sampleJson = [[{"raw_header":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9","signature":"zkKAmXifqWDrMaLpXe8hrA1JpDRbdlgwS-yxNnQUOBw","raw_payload":"eyJpYXQiOjE3NjE4OTIwNDMsImV4cCI6MTc2MTg5NTY0MywidXNlcmlkIjoiYWRtaW4iLCJyb2xlIjoiIn0","valid":true,"verified":true,"reason":"everything is awesome~ :p","header":{"alg":"HS256","typ":"JWT"},"payload":{"iat":1761892043,"userid":"admin","exp":1761895643,"role":""}}]]
 ----解析json字符串
 --local data = cjson.decode(sampleJson);
 ----打印json字符串中的age字段
 --ngx.say(data["raw_header"]);
 ----打印数组中的第一个值(lua默认是从0开始计数)
 --ngx.say(data["payload"]["userid"]);
 --[[
 local jwttoken = require("util.token")
@ -111,7 +92,6 @@ else
 end
 --]]
 --[[
 --用于接收前端数据的对象
 local args=nil
 --获取前端的请求方式 并获取传递的参数
@ -132,7 +112,6 @@ end
 local name =
 --响应前端
 ngx.say("linux hello:"..name)
 --]]
 --[[
 local M  = {}
--- a/src/test/testRBAC.lua
+++ b/src/test/testRBAC.lua
@ -1,62 +0,0 @@
 ---
 --- Generated by EmmyLua(https://github.com/EmmyLua)
 --- Created by admin.
 --- DateTime: 2025/11/3 11:38
 ---
 local rbac = require("util.rbac")
 -- 创建RBAC实例
 local permission_system = rbac.new()
 -- 定义权限
 permission_system:add_permission("read_users", "/users", "GET")
 permission_system:add_permission("create_users", "/users", "POST")
 permission_system:add_permission("delete_users", "/users", "DELETE")
 permission_system:add_permission("admin_panel", "/admin", "GET")
 -- 定义角色
 permission_system:add_role("guest", {"read_users"})
 permission_system:add_role("user_manager", {"read_users", "create_users"})
 permission_system:add_role("super_admin", {"read_users", "create_users", "delete_users", "admin_panel"})
 -- 分配角色给用户
 permission_system:assign_role("user001", "guest")
 permission_system:assign_role("user002", "user_manager")
 permission_system:assign_role("admin001", "super_admin")
 -- 测试权限验证
 print("=== RBAC权限验证测试 ===")
 -- 测试用户001（guest角色）
 local test_cases = {
    {user_id = "user001", resource = "/users", action = "GET", expected = true},
    {user_id = "user001", resource = "/users", action = "POST", expected = false},
    {user_id = "user001", resource = "/admin", action = "GET", expected = false},
    {user_id = "user002", resource = "/users", action = "GET", expected = true},
    {user_id = "user002", resource = "/users", action = "POST", expected = true},
    {user_id = "user002", resource = "/admin", action = "GET", expected = false},
    {user_id = "admin001", resource = "/users", action = "GET", expected = true},
    {user_id = "admin001", resource = "/users", action = "DELETE", expected = true},
    {user_id = "admin001", resource = "/admin", action = "GET", expected = true}
 }
 for _, test in ipairs(test_cases) do
    local result = permission_system:check_permission(test.user_id, test.resource, test.action)
    local status = result == test.expected and "✓ 通过" or "✗ 失败"
    print(string.format("%s 用户:%s 资源:%s 方法:%s 结果:%s",
            status, test.user_id, test.resource, test.action, tostring(result)))
 end
 -- 显示用户权限列表
 print("\n=== 用户权限列表 ===")
 local users = {"user001", "user002", "admin001"}
 for _, user_id in ipairs(users) do
    local permissions = permission_system:get_user_permissions(user_id)
    print(string.format("用户 %s 的权限:", user_id))
    for _, perm in ipairs(permissions) do
        print(string.format("  - %s %s", perm.action, perm.resource))
    end
 end
--- a/src/util/rbac.lua
+++ b/src/util/rbac.lua
@ -1,78 +0,0 @@
 ---
 --- Generated by EmmyLua(https://github.com/EmmyLua)
 --- Created by admin.
 --- DateTime: 2025/11/3 11:31
 ---
 local RBAC = {}
 RBAC.__index = RBAC
 -- RBAC模型初始化
 function RBAC.new()
    local self = setmetatable({}, RBAC)
    self.users = {}      -- 用户表: {user_id = {roles = {role1, role2}}}
    self.roles = {}      -- 角色表: {role_name = {permissions = {perm1, perm2}}}
    self.permissions = {} -- 权限表: {perm_name = {resource = "", action = ""}}
    return self
 end
 -- 添加权限
 function RBAC:add_permission(perm_name, resource, action)
    self.permissions[perm_name] = {
        resource = resource,
        action = action
    }
 end
 -- 添加角色并分配权限
 function RBAC:add_role(role_name, permissions)
    self.roles[role_name] = {
        permissions = permissions or {}
    }
 end
 -- 分配角色给用户
 function RBAC:assign_role(user_id, role_name)
    if not self.users[user_id] then
        self.users[user_id] = {roles = {}}
    end
    table.insert(self.users[user_id].roles, role_name)
 end
 -- 检查用户权限
 function RBAC:check_permission(user_id, resource, action)
    local user = self.users[user_id]
    if not user then return false end
    for _, role_name in ipairs(user.roles) do
        local role = self.roles[role_name]
        if role then
            for _, perm_name in ipairs(role.permissions) do
                local permission = self.permissions[perm_name]
                if permission and permission.resource == resource and permission.action == action then
                    return true
                end
            end
        end
    end
    return false
 end
 -- 获取用户所有权限
 function RBAC:get_user_permissions(user_id)
    local user_permissions = {}
    local user = self.users[user_id]
    if not user then return user_permissions end
    for _, role_name in ipairs(user.roles) do
        local role = self.roles[role_name]
        if role then
            for _, perm_name in ipairs(role.permissions) do
                table.insert(user_permissions, self.permissions[perm_name])
            end
        end
    end
    return user_permissions
 end
 return RBAC
--- a/src/util/token.lua
+++ b/src/util/token.lua
@ -6,17 +6,9 @@
 local jwt = require("resty.jwt")
 local conf = require("config")
 local jsonschema = require("jsonschema")
 local _M = {}
 local schema = {
    type = 'object',
    properties = {
        Authorization = {type = 'string', minLength = 10, pattern = 'Bearer\\s+(.+)$'},
    }, required = {"Authorization"}
 }
 --设置JWT的有效载荷
 local obj = {
    header = {typ="JWT", alg="HS256"},
@ -54,21 +46,17 @@ function _M.authorizationToken(auth_header)
        return response
    end
-    local validator = jsonschema.generate_validator(schema)
+    --查找令牌中的Bearer前缀字符，并进行截取
-    local data = {}
+    local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
    data.Authorization = auth_header
    local ok = validator(data)
    --如果没有Bearer，则表示令牌无效
-    if not ok then
+    if token == nil then
        response["code"] = 401
        response["message"] = "令牌格式不正确"
        return response
    end
    --查找令牌中的Bearer前缀字符，并进行截取
    local token = string.sub(auth_header,8)
    --校验令牌
-    local jwt_obj = jwt:verify(conf.secret_key, token)
+    local jwt_obj = jwt:verify(conf.secret_key, auth_header)
    --如果校验结果中的verified==false，则表示令牌无效
    if jwt_obj.verified == false then
        response["code"] = 401