weli/resty_functions
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add hty sudoer token check (#34)

Browse Source 
* add jwt token verify

* add jwt sudoer token chek
This commit is contained in:
XiaoLi
2021-11-27 09:07:11 +08:00
committed by GitHub
parent d102591cf3
commit 75fb44a268
2 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
music-room-test.conf
+1
View File
@@ -49,6 +49,7 @@ server {
# ➤ sudo chown (whoami) /usr/local/file_upload
set $tmp_file_dir "/usr/local/file_upload"; # 文件存储路径
set $task_server "http://127.0.0.1:8080"; # task server host
set $hty_uc_host "http://127.0.0.1:8088"; #htyuc host
#set $resty_loc "/usr/local/openresty";
upload.lua
+62 -5
View File
@@ -2,6 +2,7 @@ local upload = require "resty.upload"
local uuid = require "resty.jit-uuid"
local cjson = require "cjson"
local jwt = require "resty.jwt"
local redis = require "resty.redis"
local chunk_size = 4096
local form = upload:new(chunk_size)
@@ -13,11 +14,27 @@ TaskTypes = {
}
local task_server = ngx.var.task_server
local hty_uc_host = ngx.var.hty_uc_host
local file_dir = ngx.var.tmp_file_dir
local file
local file_name
local files = {}
local http = require "resty.http"
local httpc = http.new()
---- Redis init
------ Connect to redis
-- local redis_task_database = redis:new()
-- redis_task_database:set_timeouts(1000, 1000, 1000)
-- local ok, error = redis_task_database:connect("127.0.0.1", 6379)
-- if not ok then
-- ngx.log(ngx.ERR, "Fail to connect redis: ", error)
-- ngx.exit(500)
-- end
function LuaReomve(str,remove)
local lcSubStrTab = {}
while true do
@@ -43,7 +60,45 @@ function LuaReomve(str,remove)
return lcMergeStr
end
function VerifyJwtToken(encrypted_token)
local http = require "resty.http"
local httpc = http.new()
local remote_url = string.format( "%s/api/v1/uc/verify_jwt_token", hty_uc_host)
ngx.log(ngx.INFO, 'htyuc remote_url -> ', remote_url)
-- ngx.log(ngx.INFO, 'Authorization -> ', encrypted_token)
local res, err = httpc:request_uri(
remote_url,
{
method = "POST",
headers = {
["Host"] = "test.localhost",
["Authorization"] = encrypted_token,
},
}
)
if not res then
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.header.content_type = "application/json; charset=utf-8"
ngx.log(ngx.ERR, "Jwt token verify request error ! ")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
else
if 200 ~= res.status then
ngx.log(ngx.ERR, "Jwt token verify error ! ", err)
ngx.exit(res.status)
end
end
ngx.log(ngx.INFO, "Jwt token verify ok .")
end
function DecoderJwtToken(encrypted_token)
local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
local jwt_obj = jwt:verify(jwt_key, encrypted_token)
if jwt_obj.verified == false then
@@ -78,17 +133,20 @@ while true do
local authorization = ngx.req.get_headers().Authorization
if authorization then
ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authorization)
DecoderJwtToken(authorization)
-- local htytoken = DecoderJwtToken(authorization)
VerifyJwtToken(authorization)
else
ngx.log(ngx.ERR, 'Request header no authorization ! ')
ngx.status = 500
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
local authorization = ngx.req.get_headers()["HtySudoerToken"]
local authorization = ngx.req.get_headers().HtySudoerToken
if authorization then
ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', authorization)
DecoderJwtToken(authorization)
-- local htytoken = DecoderJwtToken(authorization)
VerifyJwtToken(authorization)
else
ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ')
ngx.status = 500
@@ -130,8 +188,7 @@ while true do
file_name = nil
file = nil
elseif typ == "eof" then
local http = require "resty.http"
local httpc = http.new()
local remote_url = string.format("%s/api/v1/ts/create_task", task_server)
ngx.log(ngx.INFO, 'remote_url -> ', remote_url)