From 727e7a401b6b9c7e34d618d2706eca0e94d6cf97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=8B=87?= Date: Wed, 24 Nov 2021 20:08:31 +0800 Subject: [PATCH 1/3] add hty sudoer token chek --- .gitignore | 5 ++++- upload.lua | 22 ++++++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 128c89e..0a5c6eb 100644 --- a/.gitignore +++ b/.gitignore @@ -43,4 +43,7 @@ luac.out .DS_Store # IDEA dir -.idea/ \ No newline at end of file +.idea/ + +# Local deploy bash script +auto_copy_config_and_lua_macos.sh \ No newline at end of file diff --git a/upload.lua b/upload.lua index 49b2bb1..1c5b077 100644 --- a/upload.lua +++ b/upload.lua @@ -25,6 +25,24 @@ while true do return end + local authorization = ngx.req.get_headers()["Authorization"] + if authorization then + ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', ngx.req.get_headers().Authorization) + else + ngx.log(ngx.ERR, 'Request header no authorization ! ') + ngx.status = 500 + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + end + + local authorization = ngx.req.get_headers()["HtySudoerToken"] + if authorization then + ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', ngx.req.get_headers().HtySudoerToken) + else + ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ') + ngx.status = 500 + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + end + if typ == "header" then --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\"" @@ -63,11 +81,11 @@ while true do local http = require "resty.http" local httpc = http.new() local remote_url = string.format("%s/api/v1/ts/create_task", task_server) - + ngx.log(ngx.INFO, 'remote_url -> ', remote_url) ngx.log(ngx.INFO, 'Authorization -> ', ngx.req.get_headers().Authorization) ngx.log(ngx.INFO, 'HtySudoerToken -> ', ngx.req.get_headers().HtySudoerToken) - + local body_text = cjson.encode({task_type = TaskTypes.UPLOAD_PICTURE, data = {images = files}}) ngx.log(ngx.INFO, 'UPLOAD_PICTURE *body_text* ->', body_text) From a19a96f13a5cf3ef911ff4fe5ccee9964b7a520c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=8B=87?= Date: Thu, 25 Nov 2021 00:29:25 +0800 Subject: [PATCH 2/3] decoder hty token --- upload.lua | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/upload.lua b/upload.lua index 1c5b077..95ecbf1 100644 --- a/upload.lua +++ b/upload.lua @@ -1,6 +1,9 @@ -local upload = require "resty.upload" +local upload = require "resty.upload" local uuid = require "resty.jit-uuid" local cjson = require "cjson" +local jwt = require "resty.jwt" + + local chunk_size = 4096 local form = upload:new(chunk_size) @@ -17,6 +20,34 @@ local file local file_name local files = {} +local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" + +function LuaReomve(str,remove) + local lcSubStrTab = {} + while true do + local lcPos = string.find(str,remove) + if not lcPos then + lcSubStrTab[#lcSubStrTab+1] = str + break + end + local lcSubStr = string.sub(str,1,lcPos-1) + lcSubStrTab[#lcSubStrTab+1] = lcSubStr + str = string.sub(str,lcPos+1,#str) + end + local lcMergeStr ="" + local lci = 1 + while true do + if lcSubStrTab[lci] then + lcMergeStr = lcMergeStr .. lcSubStrTab[lci] + lci = lci + 1 + else + break + end + end + return lcMergeStr +end + + while true do local typ, res, err = form:read() @@ -28,6 +59,35 @@ while true do local authorization = ngx.req.get_headers()["Authorization"] if authorization then ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', ngx.req.get_headers().Authorization) + + local jwt_obj = jwt:verify(jwt_key, authorization) + if jwt_obj.verified == false then + ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) + + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.say(cjson.encode(jwt_obj)) + ngx.exit(ngx.HTTP_UNAUTHORIZED) + end + + ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj)) + + local jwt_payload_sub = jwt_obj.payload.sub + + ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_payload_sub) + + local temp_string = LuaReomve(jwt_payload_sub,"\\") + + ngx.log(ngx.INFO, "temp_string is " .. temp_string) + + local htytoken = cjson.decode(temp_string) + + ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id) + ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id) + --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id) + ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts) + --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles) + else ngx.log(ngx.ERR, 'Request header no authorization ! ') ngx.status = 500 From f0333eeafe1800e185b19509c57693c46dc851a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=8B=87?= Date: Thu, 25 Nov 2021 22:14:20 +0800 Subject: [PATCH 3/3] Finish HytSudoerToken login check --- upload.lua | 64 ++++++++++++++++++++++++------------------------------ 1 file changed, 28 insertions(+), 36 deletions(-) diff --git a/upload.lua b/upload.lua index 95ecbf1..f9f734b 100644 --- a/upload.lua +++ b/upload.lua @@ -3,8 +3,6 @@ local uuid = require "resty.jit-uuid" local cjson = require "cjson" local jwt = require "resty.jwt" - - local chunk_size = 4096 local form = upload:new(chunk_size) uuid.seed() @@ -20,8 +18,6 @@ local file local file_name local files = {} -local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" - function LuaReomve(str,remove) local lcSubStrTab = {} while true do @@ -47,6 +43,29 @@ function LuaReomve(str,remove) return lcMergeStr end +function DecoderJwtToken(encrypted_token) + local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" + local jwt_obj = jwt:verify(jwt_key, encrypted_token) + if jwt_obj.verified == false then + ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) + ngx.status = ngx.HTTP_UNAUTHORIZED + ngx.header.content_type = "application/json; charset=utf-8" + ngx.say(cjson.encode(jwt_obj)) + ngx.exit(ngx.HTTP_UNAUTHORIZED) + end + + ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj)) + ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_obj.payload.sub) + + local htytoken = cjson.decode(jwt_obj.payload.sub) + ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id) + ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id) + --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id) + ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts) + --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles) + + return htytoken +end while true do local typ, res, err = form:read() @@ -56,38 +75,10 @@ while true do return end - local authorization = ngx.req.get_headers()["Authorization"] + local authorization = ngx.req.get_headers().Authorization if authorization then - ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', ngx.req.get_headers().Authorization) - - local jwt_obj = jwt:verify(jwt_key, authorization) - if jwt_obj.verified == false then - ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason) - - ngx.status = ngx.HTTP_UNAUTHORIZED - ngx.header.content_type = "application/json; charset=utf-8" - ngx.say(cjson.encode(jwt_obj)) - ngx.exit(ngx.HTTP_UNAUTHORIZED) - end - - ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj)) - - local jwt_payload_sub = jwt_obj.payload.sub - - ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_payload_sub) - - local temp_string = LuaReomve(jwt_payload_sub,"\\") - - ngx.log(ngx.INFO, "temp_string is " .. temp_string) - - local htytoken = cjson.decode(temp_string) - - ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id) - ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id) - --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id) - ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts) - --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles) - + ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authorization) + DecoderJwtToken(authorization) else ngx.log(ngx.ERR, 'Request header no authorization ! ') ngx.status = 500 @@ -96,7 +87,8 @@ while true do local authorization = ngx.req.get_headers()["HtySudoerToken"] if authorization then - ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', ngx.req.get_headers().HtySudoerToken) + ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', authorization) + DecoderJwtToken(authorization) else ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ') ngx.status = 500