-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-jwt.lua
65 lines (48 loc) · 1.87 KB
/
nginx-jwt.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
local jwt = require "resty.jwt"
local cjson = require "cjson"
--your secret
local secret = (os.getenv("secret") and os.getenv("secret") ~= '') and os.getenv("secret") or "eO5zESo8livHiDWxwn+J5U7h5cAZPgWZr4JymG94zB0="
-- local secret = "5pil6aOO5YaN576O5Lmf5q+U5LiN5LiK5bCP6ZuF55qE56yR"
local M = {}
function M.auth(claim_specs)
if secret ~= nil then
ngx.log(ngx.INFO, "Using secret to validate: " .. secret)
end
-- require Authorization request header
local auth_header = ngx.var.http_Authorization
local cookie_token = ngx.var.cookie_token
-- aborting if both is empty
if auth_header == nil and cookie_token == nil then
ngx.log(ngx.WARN, "No Authorization header")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
-- require Bearer token
local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
-- writing auth header if used
if token ~= nil and auth_header ~= nil then
ngx.log(ngx.INFO, "Authorization: " .. auth_header)
end
-- if token is null, check cookie
if token == nil and cookie_token ~= nil then
_, _, token = string.find(auth_header, "Bearer%s+(.+)")
if token ~= nil and cookie_token ~= nil then
ngx.log(ngx.INFO, "Cookie: " .. cookie_token)
end
end
if token == nil then
ngx.log(ngx.WARN, "Missing token")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
ngx.log(ngx.INFO, "Token: " .. token)
local jwt_obj = jwt:verify(secret, token)
if jwt_obj.verified == false then
ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
-- setting header -- if used later and cookie is passed
ngx.req.set_header("Authorization", "Bearer " .. token)
-- write the uid variable
ngx.var.uid = jwt_obj.payload.sub
end
return M