diff --git a/upload.lua b/upload.lua index c385de3..e90d422 100644 --- a/upload.lua +++ b/upload.lua @@ -20,7 +20,6 @@ local htyuc = ngx.var.htyuc ngx.log(ngx.INFO, "TASK_SERVER -> ", task_server) ngx.log(ngx.INFO, "HTYUC -> ", htyuc) - local file_dir = ngx.var.tmp_file_dir local file local file_name @@ -54,14 +53,14 @@ local function cleanupString(str, remove) return lcMergeStr end -local function verifyJwtToken(encrypted_token) +local function verifyJwtToken(token) local http = require "resty.http" local httpc = http.new() local remote_url = string.format("%s/api/v1/uc/verify_jwt_token", htyuc) ngx.log(ngx.INFO, 'HTYUC REMOTE_URL -> ', remote_url) - ngx.log(ngx.INFO, 'Authorization -> ', encrypted_token) + ngx.log(ngx.INFO, 'Authorization -> ', token) local res, err = httpc:request_uri( remote_url, @@ -69,7 +68,7 @@ local function verifyJwtToken(encrypted_token) method = "POST", headers = { ["Host"] = "test.localhost", - ["Authorization"] = encrypted_token, + ["Authorization"] = token, }, } ) @@ -90,30 +89,49 @@ local function verifyJwtToken(encrypted_token) end -local function decodeJwtToken(encrypted_token) - local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" - local jwt_obj = jwt:verify(jwt_key, encrypted_token) - if jwt_obj.verified == false then - ngx.log(ngx.WARN, "Invalid token: " .. jwt_obj.reason) +local function decodeJwtClaim(jwtClaim) + local jwtKey = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" + local jwtObj = jwt:verify(jwtKey, jwtClaim) + + if jwtObj.verified == false then + ngx.log(ngx.WARN, "INVALID TOKEN -> " .. jwtObj.reason) ngx.status = ngx.HTTP_UNAUTHORIZED ngx.header.content_type = "application/json; charset=utf-8" - ngx.say(cjson.encode(jwt_obj)) + ngx.say(cjson.encode(jwtObj)) ngx.exit(ngx.HTTP_UNAUTHORIZED) end - ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj)) + ngx.log(ngx.INFO, "DECODED JWT CLAIM -> " .. jwtObj) - local htytoken = cjson.decode(jwt_obj.payload.sub) - - ngx.log(ngx.INFO, "HTY_TOKEN : token_id " .. htytoken.token_id) - ngx.log(ngx.INFO, "HTY_TOKEN : hty_id " .. htytoken.hty_id) - ngx.log(ngx.INFO, "HTY_TOKEN : app_id " .. htytoken.app_id) - ngx.log(ngx.INFO, "HTY_TOKEN : ts " .. htytoken.ts) - ngx.log(ngx.INFO, "HTY_TOKEN : roles " .. htytoken.roles) - - return htytoken + local htyToken = cjson.decode(jwtObj.payload.sub) + ngx.log(ngx.INFO, "DECODED JWT TOKEN -> " .. htyToken) + return htyToken end +local authHeader = ngx.req.get_headers().Authorization +local sudoerToken = ngx.req.get_headers().HtySudoerToken + +-- if authHeader then +-- ngx.log(ngx.INFO, 'CHECK_AUTH_HEADER -> ', authHeader) +-- local token = decodeJwtClaim(authHeader) +-- verifyJwtToken(token) +-- else +-- ngx.log(ngx.ERR, 'Request header no authorization ! ') +-- ngx.status = 500 +-- ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) +-- end + +-- +-- if sudoerToken then +-- ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', sudoerToken) +-- -- local htyToken = DecoderJwtToken(authorization) +-- --verifyJwtToken(sudoerToken) +-- else +-- ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ') +-- ngx.status = 500 +-- ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) +-- end + while true do local type, res, err = form:read() @@ -122,32 +140,6 @@ while true do return end - local authHeader = ngx.req.get_headers().Authorization - local sudoerToken = ngx.req.get_headers().HtySudoerToken - -- - --if authHeader then - -- ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authHeader) - -- -- local htytoken = DecoderJwtToken(authorization) - -- --verifyJwtToken(authHeader) - --else - -- ngx.log(ngx.ERR, 'Request header no authorization ! ') - -- ngx.status = 500 - -- ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) - --end - - - -- - --if sudoerToken then - -- ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', sudoerToken) - -- -- local htytoken = DecoderJwtToken(authorization) - -- --verifyJwtToken(sudoerToken) - -- - --else - -- ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ') - -- ngx.status = 500 - -- ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) - --end - if type == "header" then --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\"" --"Content-Type","image\/png"