fix

upload.lua

@@ -20,7 +20,6 @@ local htyuc = ngx.var.htyuc
 ngx.log(ngx.INFO, "TASK_SERVER -> ", task_server)
 ngx.log(ngx.INFO, "HTYUC -> ", htyuc)
 
-
 local file_dir = ngx.var.tmp_file_dir
 local file
 local file_name
@@ -54,14 +53,14 @@ local function cleanupString(str, remove)
     return lcMergeStr
 end
 
-local function verifyJwtToken(encrypted_token)
+local function verifyJwtToken(token)
 
     local http = require "resty.http"
     local httpc = http.new()
     local remote_url = string.format("%s/api/v1/uc/verify_jwt_token", htyuc)
 
     ngx.log(ngx.INFO, 'HTYUC REMOTE_URL -> ', remote_url)
-    ngx.log(ngx.INFO, 'Authorization -> ', encrypted_token)
+    ngx.log(ngx.INFO, 'Authorization -> ', token)
 
     local res, err = httpc:request_uri(
             remote_url,
@@ -69,7 +68,7 @@ local function verifyJwtToken(encrypted_token)
                 method = "POST",
                 headers = {
                     ["Host"] = "test.localhost",
-                    ["Authorization"] = encrypted_token,
+                    ["Authorization"] = token,
                 },
             }
     )
@@ -90,30 +89,49 @@ local function verifyJwtToken(encrypted_token)
 
 end
 
-local function decodeJwtToken(encrypted_token)
+local function decodeJwtClaim(jwtClaim)
-    local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
+    local jwtKey = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
-    local jwt_obj = jwt:verify(jwt_key, encrypted_token)
+    local jwtObj = jwt:verify(jwtKey, jwtClaim)
-    if jwt_obj.verified == false then
+
-        ngx.log(ngx.WARN, "Invalid token: " .. jwt_obj.reason)
+    if jwtObj.verified == false then
+        ngx.log(ngx.WARN, "INVALID TOKEN -> " .. jwtObj.reason)
         ngx.status = ngx.HTTP_UNAUTHORIZED
         ngx.header.content_type = "application/json; charset=utf-8"
-        ngx.say(cjson.encode(jwt_obj))
+        ngx.say(cjson.encode(jwtObj))
         ngx.exit(ngx.HTTP_UNAUTHORIZED)
     end
 
-    ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+    ngx.log(ngx.INFO, "DECODED JWT CLAIM -> " .. jwtObj)
 
-    local htytoken = cjson.decode(jwt_obj.payload.sub)
+    local htyToken = cjson.decode(jwtObj.payload.sub)
-
+    ngx.log(ngx.INFO, "DECODED JWT TOKEN -> " .. htyToken)
-    ngx.log(ngx.INFO, "HTY_TOKEN : token_id " .. htytoken.token_id)
+    return htyToken
-    ngx.log(ngx.INFO, "HTY_TOKEN : hty_id " .. htytoken.hty_id)
-    ngx.log(ngx.INFO, "HTY_TOKEN : app_id " .. htytoken.app_id)
-    ngx.log(ngx.INFO, "HTY_TOKEN : ts " .. htytoken.ts)
-    ngx.log(ngx.INFO, "HTY_TOKEN : roles " .. htytoken.roles)
-
-    return htytoken
 end
 
+local authHeader = ngx.req.get_headers().Authorization
+local sudoerToken = ngx.req.get_headers().HtySudoerToken
+
+-- if authHeader then
+--    ngx.log(ngx.INFO, 'CHECK_AUTH_HEADER -> ', authHeader)
+--    local token = decodeJwtClaim(authHeader)
+--    verifyJwtToken(token)
+-- else
+--    ngx.log(ngx.ERR, 'Request header no authorization ! ')
+--    ngx.status = 500
+--    ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+-- end
+
+--
+-- if sudoerToken then
+--    ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', sudoerToken)
+--    -- local htyToken = DecoderJwtToken(authorization)
+--    --verifyJwtToken(sudoerToken)
+-- else
+--    ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ')
+--    ngx.status = 500
+--    ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+-- end
+
 while true do
     local type, res, err = form:read()
 
@@ -122,32 +140,6 @@ while true do
         return
     end
 
-    local authHeader = ngx.req.get_headers().Authorization
-    local sudoerToken = ngx.req.get_headers().HtySudoerToken
-    --
-    --if authHeader then
-    --    ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authHeader)
-    --    -- local htytoken = DecoderJwtToken(authorization)
-    --    --verifyJwtToken(authHeader)
-    --else
-    --    ngx.log(ngx.ERR, 'Request header no authorization ! ')
-    --    ngx.status = 500
-    --    ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
-    --end
-
-
-    --
-    --if sudoerToken then
-    --    ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', sudoerToken)
-    --    -- local htytoken = DecoderJwtToken(authorization)
-    --    --verifyJwtToken(sudoerToken)
-    --
-    --else
-    --    ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ')
-    --    ngx.status = 500
-    --    ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
-    --end
-
     if type == "header" then
         --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\""
         --"Content-Type","image\/png"