该文章描述了使用Lua脚本在Nginx中进行token验证、权限检查以及依赖请求的过程。通过检查请求头的token,向/gateway/checkToken和/gateway/checkRolePermission发送POST请求来确定用户访问权限。如果验证失败,返回相应的错误代码和信息。
单个参数判断及发送请求
check_or_uncheck.lua
token = ngx.req.get_headers()['token']
if (token ~= nil and token ~= '') then
res = ngx.location.capture(
'/gateway/checkToken',
{
method = ngx.HTTP_POST,
body = '{"channel":"1"}'
}
)
if (res ~= nil
and res.status ~= nil
and res.status == ngx.HTTP_OK) then
ngx.req.set_header('userId', res.header['userId'])
ngx.req.set_header('channel', res.header['channel'])
else
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.print('{"errorCode":"401","value":"无访问权限!","data":null}')
ngx.exit(ngx.OK)
end
endcheck_token_and_role_permission.lua
token = ngx.req.get_headers()['token']
if (token == nil or token == '') then
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.print('{"errorCode":"401","value":"无访问权限!","data":null}')
ngx.exit(ngx.OK)
end
res = ngx.location.capture(
'/gateway/checkToken',
{
method = ngx.HTTP_POST,
body = '{"channel":"1"}'
}
)
ngx.log(ngx.ERR,"++++++++++++++++++++++++++++++++++++++++++++++")
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.log(ngx.ERR, res.body)
ngx.log(ngx.ERR, res.status)
if (res ~= nil
and res.status ~= nil
and res.status == ngx.HTTP_OK) then
ngx.req.set_header('userId', res.header['userId'])
ngx.req.set_header('channel', res.header['channel'])
check_res = ngx.location.capture(
'/gateway/checkRolePermission',
{
method = ngx.HTTP_POST,
--获取请求接口路径,ngx.var.request_uri
body = '{"userId": "' .. res.header['userId'] .. '","roleId":"' .. res.header['roleId'] .. '","requestUri":"' .. ngx.var.request_uri .. '"}'
}
)
ngx.log(ngx.ERR,"-----------------------------------------")
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.log(ngx.ERR, check_res.body)
ngx.log(ngx.ERR, check_res.status)
if (check_res ~= nil
and check_res.status ~= nil
and check_res.status ~= ngx.HTTP_OK) then
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.print('{"errorCode":"402","value":"角色权限不足!","data":null}')
else
ngx.header['Content-Type'] = 'application/json; charset=utf-8'
ngx.print('{"errorCode":"401","value":"无访问权限!","data":null}')
ngx.exit(ngx.OK)
end
多个参数获取及发送依赖请求
前端验证码登录访问这个配置的接口,指向lua脚本
location /login/api/code/login {
access_by_lua_file /usr/local/openresty/lualib/code_login.lua;
}
lua脚本里的/gateway/code/login指向login项目里的codeLogin内网地址,不需要验证的
location /gateway/code/login {
proxy_pass http://inner-login/api/code/login;
}
code_login.lua
--从header获取参数,可以避免拆包
login_body = '{"phone":"' .. ngx.var.http_phone .. '","code":"' .. ngx.var.http_code .. '"}'
login_res = ngx.location.capture(
'/gateway/code/login',
{
method = ngx.HTTP_POST,
body = login_body
}
)
if (login_res ~= nil and login_res.status ~= nil and login_res.status == ngx.HTTP_OK) then
login_user_id = login_res.header['userId']
login_channel = login_res.header['channel']
if (login_user_id ~= nil and login_channel ~= nil) then
ngx.req.set_header('userId', login_user_id)
ngx.req.set_header('channel', login_channel)
token_res = ngx.location.capture('/gateway/getToken')
if (token_res ~= nil and token_res.status ~= nil and token_res.status == ngx.HTTP_OK) then
token_token = token_res.header['token']
token_user_id = token_res.header['userId']
token_channel = token_res.header['channel']
if (token_token ~= nil and token_user_id ~= nil and token_channel_id ~= nil) then
ngx.header['userId'] = token_user_id
ngx.header['channel'] = token_channel
ngx.header['token'] = token_token
ngx.header['Content-Type'] = 'application/json'
--返回response
ngx.say(login_res.body)
--退出nginx
ngx.exit(ngx.OK)
end
end
else
ngx.header['Content-Type'] = 'application/json'
ngx.say(login_res.body)
ngx.exit(ngx.OK)
end
else
ngx.log(ngx.ERR, 'login failed')
end
ngx.header['Content-Type'] = 'application/json'
--返回错误信息
ngx.say('{"errorCode":"500","value":"系统错误!","data":null}')
ngx.exit(ngx.OK)
扫一扫
1121
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
