Merge pull request #31 from xiaolitongxue666/add_hty_sudoer_token_check

add hty sudoer token chek
2021-11-25 22:15:18 +08:00
parent 2a5c21d4ed f0333eeafe
commit d102591cf3
2 changed files with 77 additions and 4 deletions
@@ -44,3 +44,6 @@ luac.out

 # IDEA dir
 .idea/
+
+# Local deploy bash script
+auto_copy_config_and_lua_macos.sh
@@ -1,6 +1,7 @@
-local upload = require "resty.upload"
+local upload    = require "resty.upload"
 local uuid      = require "resty.jit-uuid"
 local cjson     = require "cjson"
+local jwt       = require "resty.jwt"

 local chunk_size = 4096
 local form = upload:new(chunk_size)
@@ -17,6 +18,55 @@ local file
 local file_name
 local files = {}

+function LuaReomve(str,remove)
+    local lcSubStrTab = {}
+    while true do
+        local lcPos = string.find(str,remove)
+        if not lcPos then
+            lcSubStrTab[#lcSubStrTab+1] =  str
+            break
+        end
+        local lcSubStr  = string.sub(str,1,lcPos-1)
+        lcSubStrTab[#lcSubStrTab+1] = lcSubStr
+        str = string.sub(str,lcPos+1,#str)
+    end
+    local lcMergeStr =""
+    local lci = 1
+    while true do
+        if lcSubStrTab[lci] then
+            lcMergeStr = lcMergeStr .. lcSubStrTab[lci]
+            lci = lci + 1
+        else
+            break
+        end
+    end
+    return lcMergeStr
+end
+
+function DecoderJwtToken(encrypted_token)
+    local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
+    local jwt_obj = jwt:verify(jwt_key, encrypted_token)
+    if jwt_obj.verified == false then
+        ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+        ngx.status = ngx.HTTP_UNAUTHORIZED
+        ngx.header.content_type = "application/json; charset=utf-8"
+        ngx.say(cjson.encode(jwt_obj))
+        ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+
+    ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+    ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_obj.payload.sub)
+
+    local htytoken = cjson.decode(jwt_obj.payload.sub)
+    ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id)
+    ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id)
+    --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id)
+    ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts)
+    --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles)
+
+    return htytoken
+end
+
 while true do
    local typ, res, err = form:read()

@@ -25,6 +75,26 @@ while true do
        return
    end

+    local authorization = ngx.req.get_headers().Authorization
+    if authorization then
+        ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', authorization)
+        DecoderJwtToken(authorization)
+    else
+        ngx.log(ngx.ERR, 'Request header no authorization ! ')
+        ngx.status = 500
+        ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+    end
+
+    local authorization = ngx.req.get_headers()["HtySudoerToken"]
+    if authorization then
+        ngx.log(ngx.INFO, 'Check request authorization HtySudoerToken -> ', authorization)
+        DecoderJwtToken(authorization)
+    else
+        ngx.log(ngx.ERR, 'Request header no hty sudoer token ! ')
+        ngx.status = 500
+        ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+    end
+
    if typ == "header" then

        --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\""