Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to use Nginx and Lua for JWT checking. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Lua script

I ran into a big hole in secret here. At first, the key was copied directly from the Java back-end project, but it was always prompted that signature mismatch:, later found that base64decode-related methods were used in the back-end application, and ngx.decode_base64 (secret) was added to the Lua script to deal with secret to solve the problem. In fact, the problem has not been solved so far. In the backend debug code, it is found that the backend key is decode and the result is a string of garbled codes. In order to avoid the problem of garbled codes, the problem is finally solved by regenerating secret through https://www.base64encode.org/.

If you also encounter this signature mismatch: error in your project, you need to check whether the backend does decode or other processing to the secret when generating the token, and deal with it in the lua script.

Nignx.conf configuration-- nginx-jwt.lualocal cjson = require "cjson" local jwt = require "resty.jwt"-- your secretlocal secret = "yoursecrethere"-- No authentication api list local no_need_token_api_list = {'/ api/register','/ api/login'} local function ignore_url (val) for index Value in ipairs (no_need_token_api_list) do if (value = = val) then return true end end return falseendlocal M = {} function M.auth () if ignore_url (ngx.var.request_uri) then return else end-- require Authorization request header local auth_header = ngx.var.http_Authorization if auth_header = = nil then ngx.log (ngx.WARN "No Authorization header") ngx.exit (ngx.HTTP_UNAUTHORIZED) end-- require Bearer token local _, token = string.find (auth_header, "Bearer%s+ (. +)") if token = = nil then ngx.log (ngx.ERR) "Missing token") ngx.exit (ngx.HTTP_UNAUTHORIZED) end-- decode_base64 is consistent with the backend local jwt_obj = jwt:verify (ngx.decode_base64 (secret), token) if jwt_obj.verified = = false then ngx.log (ngx.ERR, "Invalid token:". Jwt_obj.reason) ngx.status = ngx.HTTP_UNAUTHORIZED ngx.say (cjson.encode (jwt_obj)) ngx.header.content_type = "application/json; charset=utf-8" ngx.exit (ngx.HTTP_UNAUTHORIZED) endendreturn MDockerfile configuration worker_processes 1 scene events {worker_connections 1024;} http {lua_package_path "/ opt/lua-resty-jwt/lib/?.lua;;" Upstream backend {server 192.168.1.1 local obj 8080;} access_log / logs/nginx_access.log; error_log / logs/nginx_error.log; server {listen 80; # backend api interface agent location / api/ {access_by_lua_block {local obj = require ('nginx-jwt') obj.auth ()} proxy_pass http://backend; Proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for } this is the end of the article on "how to use Nginx and Lua for JWT check". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.