Merge pull request #31 from xiaolitongxue666/add_hty_sudoer_token_check

add hty sudoer token chek

.gitignore

@@ -43,4 +43,7 @@ luac.out
 .DS_Store
 
 # IDEA dir
-.idea/
+.idea/
+
+# Local deploy bash script
+auto_copy_config_and_lua_macos.sh

upload.lua

@@ -1,6 +1,7 @@
-local upload = require "resty.upload"
+local upload    = require "resty.upload"
 local uuid      = require "resty.jit-uuid"
 local cjson     = require "cjson"
+local jwt       = require "resty.jwt"
 
 local chunk_size = 4096
 local form = upload:new(chunk_size)
@@ -17,6 +18,55 @@ local file
 local file_name
 local files = {}
 
+function LuaReomve(str,remove)
+    local lcSubStrTab = {}
+    while true do
+        local lcPos = string.find(str,remove)
+        if not lcPos then
+            lcSubStrTab[#lcSubStrTab+1] =  str
+            break
+        end
+        local lcSubStr  = string.sub(str,1,lcPos-1)
+        lcSubStrTab[#lcSubStrTab+1] = lcSubStr
+        str = string.sub(str,lcPos+1,#str)
+    end
+    local lcMergeStr =""
+    local lci = 1
+    while true do
+        if lcSubStrTab[lci] then
+            lcMergeStr = lcMergeStr .. lcSubStrTab[lci]
+            lci = lci + 1
+        else
+            break
+        end
+    end
+    return lcMergeStr
+end
+
+function DecoderJwtToken(encrypted_token)
+    local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
+    local jwt_obj = jwt:verify(jwt_key, encrypted_token)
+    if jwt_obj.verified == false then
+        ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+        ngx.status = ngx.HTTP_UNAUTHORIZED
+        ngx.header.content_type = "application/json; charset=utf-8"
+        ngx.say(cjson.encode(jwt_obj))
+        ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+
+    ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+    ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_obj.payload.sub)
+
+    local htytoken = cjson.decode(jwt_obj.payload.sub)
+    ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id)
+    ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id)
+    --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id)
+    ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts)
+    --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles)
+
+    return htytoken
+end
+
 while true do
     local typ, res, err = form:read()
 
@@ -25,6 +75,26 @@ while true do
         return
     end
 
+    local authorization = ngx.req.get_headers().Authorization
+    if authorization then
+        ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authorization)
+        DecoderJwtToken(authorization)
+    else
+        ngx.log(ngx.ERR, 'Request header no authorization ! ')
+        ngx.status = 500
+        ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+    end
+
+    local authorization = ngx.req.get_headers()["HtySudoerToken"]
+    if authorization then
+        ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', authorization)
+        DecoderJwtToken(authorization)
+    else
+        ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ')
+        ngx.status = 500
+        ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+    end
+
     if typ == "header" then
 
         --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\""
@@ -63,11 +133,11 @@ while true do
         local http = require "resty.http"
         local httpc = http.new()
         local remote_url = string.format("%s/api/v1/ts/create_task", task_server)
-        
+
         ngx.log(ngx.INFO, 'remote_url -> ', remote_url)
         ngx.log(ngx.INFO, 'Authorization -> ', ngx.req.get_headers().Authorization)
         ngx.log(ngx.INFO, 'HtySudoerToken -> ', ngx.req.get_headers().HtySudoerToken)
-        
+
         local body_text = cjson.encode({task_type = TaskTypes.UPLOAD_PICTURE, data = {images = files}})
 
         ngx.log(ngx.INFO, 'UPLOAD_PICTURE *body_text* ->', body_text)