Shulou(Shulou.com)06/01 Report--

This article mainly introduces the Openresty RBAC, sql and redis module tool class example analysis, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian with you to understand.

RBAC introduction

RBAC (Role-Based Access Control, role-based access control), user role-based access control. To put it simply, a user has several roles, and each role has several permissions. In this way, the authorization model of "user-role-permission" is constructed. In this model, there is generally a many-to-many relationship between users and roles and between roles and permissions. As shown in the figure:

Sql_tool

In this case, the permissions are designed in this way. The specific sql statement script is as follows:

CREATE TABLE `user` (`id` int (11) NOT NULL AUTO_INCREMENT, `name` varchar (255) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDBDEFAULT CHARACTER SET=latin1 COLLATE=latin1_swedish_ciAUTO_INCREMENT=2ROW_FORMAT=COMPACT;CREATE TABLE role (`id` int (11) NOT NULL AUTO_INCREMENT, `name` varchar (255) CHARACTER SET latin5 NULL DEFAULT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDBDEFAULT CHARACTER SET=latin1 COLLATE=latin1_swedish_ciAUTO_INCREMENT=2ROW_FORMAT=COMPACT CREATE TABLE permission (`id` int (11) NOT NULL AUTO_INCREMENT, `permission` varchar (255) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDBDEFAULT CHARACTER SET=latin1 COLLATE=latin1_swedish_ciAUTO_INCREMENT=3ROW_FORMAT=COMPACT;CREATE TABLE user_role (`id`int (11) NOT NULL AUTO_INCREMENT, `user_ id` int (11) NULL DEFAULT NULL, `role_ id` int (11) NULL DEFAULT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDBDEFAULT CHARACTER SET=latin1 COLLATE=latin1_swedish_ciAUTO_INCREMENT=2ROW_FORMAT=COMPACT CREATE TABLE role_permission (`id` int (11) NOT NULL AUTO_INCREMENT, `role_ id` int (11) NULL DEFAULT NULL, `permission_ id` int (11) NULL DEFAULT NULL, PRIMARY KEY (`id`) ENGINE=InnoDBDEFAULT CHARACTER SET=latin1 COLLATE=latin1_swedish_ciAUTO_INCREMENT=3ROW_FORMAT=COMPACT

Initialize the following sql script to associate roles, roles, and permissions to a user with an id of 1:

INSERT INTO `permission`VALUES ('1century,' / user/orgs'); INSERT INTO `role` VALUES ('1VALUES,' user'); INSERT INTO `permission`VALUES ('1levels,' 1cycles,'1'); INSERT INTO `user`VALUES ('1customers,' forezp'); INSERT INTO `role`VALUES ('1levels,' 1customers,'1')

In this case, you need to obtain the corresponding permissions for the Id according to the Id in the user table. First of all, according to the userId to obtain the corresponding role of the user, and then according to the role to obtain the corresponding permissions, often a user has multiple roles, and the role has multiple permissions. For example, the sql statement to query the permissions of a user whose userId is 1 is as follows:

SELECT a.idjina.movie from permission a, role_permission bjorn role cmagnum username role dwrech user e WHERE a.id=b.permission_id and c.id=b.role_id and d.role_id=c.id and d.user_id=e.id and e.id=1 "

How to connect to the database in Openresty and how to query sql statements have been described in previous articles. The ability to obtain user permissions based on user id is a highly utilized feature, so consider modularizing this feature.

Vim / usr/example/lualib/sql_tool.lua, add the following code to the editor:

Local mysql = require ("resty.mysql") local function close_db (db) if not db then return end db:close () end local function select_user_permission (user_id) local db, err = mysql:new () if not db then ngx.say ("new mysql error:", err) return end db:set_timeout (1000) local props = {host = "127.0.0.1" Port = 3306, database = "test", user = "root", password = "123"} local res, err, errno, sqlstate = db:connect (props) if not res then ngx.say (" connect to mysql error: ", err,", errno: ", errno,", sqlstate: ", sqlstate) close_db (db) end local select_sql =" SELECT a.idjas. Role_permission bforce role c username role dje WHERE a.id=b.permission_id and c.id=b.role_id and d.role_id=c.id and d.user_id=e.id and e.id = ".. user _ id res, err, errno, sqlstate = db:query (select_sql) if not res then ngx.say (" select error: ", err,", errno: ", errno,", sqlstate: " Sqlstate) return close_db (db) endlocal permissions= {} for I, row in ipairs (res) do for name, value in pairs (row) do if name = = "permission" then table.insert (permissions, 1, value) end return permissions endlocal _ M = {select_user_permission= select_user_permission} return _ M

In the above code, there is a select_user_permission (user_id) method that obtains the user's permissions based on the user name. It is found that there is a local permissions= {} of type table.

Vim / usr/example/example.conf plus the following code:

Location ~ / sql_tool {default_type 'text/html'; content_by_lua_file / usr/example/lua/test_sql_tool.lua;}

Access http://116.196.177.123/sql_tool on the browser, and the browser displays the following:

/ user/orgs

Tokentool

The previous article described how to use Openresty to connect to redis and manipulate redis. This section describes how to use openresty to connect to redis, and write several methods to store the user's token, etc., and modularize this information, mainly in the following ways:

Close_redis (red) releases a connection through connection pooling

Connect () connects to redis

Whether there is token in has_token (token) redis or not

Get_user_id (token) obtains the user's id according to token

Set_permissions (user_id,permissions) sets permissions according to userid

Get_permissions (user_id) acquires permissions according to userid

Vim / usr/example/lualib/tokentool.lua edit the content:

Module ("tokentool", package.seeall) local redis = require "resty.redis" local str = require "resty.string" local cjson = require ("cjson") local redis_host = "127.0.0.1" local redis_port = 6379local function close_redis (red) if not red then return end local pool_max_idle_time = 10000-millisecond local pool_size = 100-connection pool size local ok Err = red:set_keepalive (pool_max_idle_time, pool_size) if not ok then ngx.say ("set keepalive error:", err) end end local function connect () local red = redis:new () red:set_timeout (1000) local ok, err = red:connect (redis_host, redis_port) if not ok then return false end-local res Err = red:auth ("xiaoantimes")-if not res then-- ngx.say ("failed to authenticate:", err)-- return false-- end-- ok, err = red:select (1)-- if not ok then-- return false-- end return redendfunction has_token (token) local red = connect () if red = false then return false end local res Err = red:get (token) if not res then return false end close_redis (red) return trueendfunction set_permissions (user_id,permissions) if (permissions==null) or (permissions==ngx.null) then return false end local str = cjson.encode (permissions) ngx.log (ngx.ERR, "set redis p:".. str) local red=connect () if red== false then return false end local ok, err = red:set (user_id) Str) if not ok then return false end return true endfunction get_permissions (user_id) local red=connect () if red== false then return false end local res, err = red:get (user_id) if (not res) or (res = = ngx.null) then return end ngx.log (ngx.ERR, "get redis p:".. res) Local permissions=cjson.decode (res) return permissionsendfunction get_user_id (token) local red = connect () local resp, err = red:get (token) if not resp then ngx.say ("get msg error:", err) return close_redis (red) end close_redis (red) return respend

Vim / usr/example/lua/test_token_tool.lua, plus the following:

Local tokentool= require "tokentool" local ret = tokentool.has_token ("msg") ngx.log (ngx.ERR,ret) if ret = = true then ngx.say ("ok") else ngx.say ("oops,error") end

Add the following to / usr/example/example.conf:

Location ~ / token_tool {default_type 'text/html'; lua_code_cache on; content_by_lua_file / usr/example/lua/test_token_tool.lua;}

Open a browser to access http://116.196.177.123/token_tool, and the browser displays:

Ok

Thank you for reading this article carefully. I hope the article "sample Analysis of RBAC, sql and redis Module tools in Openresty" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.