worker_processes  1;

#worker_rlimit_nofile 65535;

events {
    worker_connections 1024;
}

http {
    lua_package_path 'src/?/?.lua;src/?.lua;src/share/?/?.lua;src/share/?.lua;/home/frankly/work/AuthPlatform/src/share/lib/?/?.lub;/home/frankly/work/AuthPlatform/src/share/lib/ngx-oauth/?.lua;/home/frankly/work/AuthPlatform/src/share/?/?.lub;/home/frankly/work/AuthPlatform/src/share/?.lua;;';
    lua_package_cpath 'src/share/lib/?.so;;';

    # Path of the file with trusted CA certificates.
    #lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

    # The verification depth in the server certificates chain.
    #lua_ssl_verify_depth 3;

    server {
        listen       9080;
        server_name  127.0.0.1;
        default_type text/html;
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        #API接口文件
        location /api {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/api/api.lua';
        }

        #测试相关插件接口
        location /testTree {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testRadixtree.lua';
        }
        location /testSQL {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testPostgres.lua';
        }
        location /testRedis {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testRedis.lua';
        }
        location /testObj {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testObjClass.lua';
        }
        location /testWsdl {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testWebService.lua';
        }
        location /wsdl {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testWsdl.lua';
        }
        location /jsonSchema {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testJsonSchema.lua';
        }
        location /testOrm {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/test/testOrm.lua';
        }
        location /checkip {
            content_by_lua_block {
                local ipmatcher = require("resty.ipmatcher")
                local client_ip = ngx.var.remote_addr
                ngx.say(ipmatcher.new({"127.0.0.1", "192.168.0.11/16"}).match(client_ip))
            }
        }

        location /t {
            rewrite_by_lua_block  {

                local aes = require "resty.aes"
                local str = require "resty.string"
                local cjson = require('cjson')
                local key = "aaaaaaaaaaaaaaaa"
                local text  = "7614463 1574189821 175.168.224.225"
                local  length = 16
                local count = string.len(text)
                local add = length - (count % length)
                local tail_str='\0'
                for i=1,add-1 do
                     tail_str=tail_str .. '\0'
                end
                text = text .. tail_str
                ngx.say(text)
                -- 创建 AES 对象
                local aes_128_cbc = aes:new(key, nil, aes.cipher(128, "cbc"), {iv=key})
                -- 加密数据
                local encrypted, err = aes_128_cbc:encrypt(text)
                if not encrypted then
                    ngx.log(ngx.ERR, "Failed to encrypt: ", err)
                    return ngx.exit(500)
                end
                ngx.say(str.to_hex(encrypted))

                local crc_32s, crc_32l
                crc_32s = ngx.crc32_short(str)
                crc_32l = ngx.crc32_long(str)
                --local hmac = ngx.hmac_sha1(key, str)
                local md5 = ngx.md5(str)
                local md5_bin = ngx.md5_bin(str)
                local sha1_bin = ngx.sha1_bin(str)
                ngx.say("crc_32_short: ", crc_32s, ", crc_32_long: ", crc_32l)
                ngx.say("hmac: ", ngx.encode_base64(hmac))
                ngx.say("md5: ", md5, ", md5_bin: ", ngx.encode_base64(md5_bin))
                ngx.say("sha1_bin: ", ngx.encode_base64(sha1_bin))

                -- 将加密后的数据转换为十六进制字符串以便于查看或传输
                local encrypted_hex = cjson.encode({iv = ngx.encode_base64(iv), ciphertext = ngx.encode_base64(encrypted)})
                ngx.say("Encrypted: ", encrypted_hex)
            }
        }
    }
    server {
        listen 1443 ssl;    #修改端口443
        server_name 127.0.0.1;

        set $oauth_client_id '01234567-89ab-cdef-0123-456789abcdef';
        set $oauth_client_secret 'very-top-secret-password';
        set $oauth_redirect_uri '/_oauth/callback';
        set $oauth_oaas_uri 'https://127.0.0.1/oauth';

        ssl_certificate      /home/frankly/work/server.crt;
        ssl_certificate_key  /home/frankly/work/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #֧支持TLS协议

        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #支持的加密算法
        ssl_prefer_server_ciphers  on;

        location /_oauth/login {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/share/lib/ngx-oauth-login.lua';
        }

        location /_oauth/callback {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/share/lib/ngx-oauth-redirect-handler.lua';
        }

        location /_oauth/logout {
            content_by_lua_file '/home/frankly/work/AuthPlatform/src/share/lib/ngx-oauth-logout.lua';
        }

        location /_proxy {
            access_by_lua_file '/home/frankly/work/AuthPlatform/src/share/lib/ngx-oauth-proxy.lua';

            rewrite ^/_proxy/(.*)$ /$1 break;
            ##proxy_pass https://resource-provider;
        }

	    # 错误页处理
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}