思路
1.用户请求携带token请求nginx
2.nginx反问后台服务token是否有效
3.token有效就返回静态资源 无效就返回权限不够
普通的nginx无法编写lua脚本
我们采用openresty版本可以编写lua脚本
lua包需要下载lua-resty-http工具包,地址lua-resty-http,解压后将.lua文件放到 lualib\resty目录下就行。
编写nginx的config的配置 server替换
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
rewrite_by_lua_block {
-- local cjson = require "cjson"
-- local http = require "resty.http"
local httpc = http.new()
local ngx = ngx
local headers = ngx.req.get_headers()
-- get请求参数中T就是token
local token = headers["token"]
local request_method = ngx.var.request_method
local args = nil
if "GET" == request_method then
args = ngx.req.get_uri_args()
elseif "POST" == request_method then
ngx.req.read_body()
args = ngx.req.get_post_args()
end
token = args["token"];
if not token then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say("You do not have permission to view the picture.")
ngx.exit(200)
end
-- 字符串拼接
-- 你要实现token鉴权的服务,header和参数都给你实现了,根据实际需要选择
local url = "http://127.0.0.1:8080/image/checkToken?token="..token;
local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
if not res then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));
ngx.exit(200)
end
if res.body == '0' then
ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
ngx.say("You do not have permission to view the picture.");
ngx.exit(200)
end
}
root D:\\project;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
编写后台对token进行鉴权即可成功返回1失败返回0
本文介绍了基于OpenResty和Lua实现Nginx的Token鉴权思路。用户携带token请求Nginx,Nginx反问后台服务验证token有效性,有效则返回静态资源,无效返回权限不够。采用OpenResty版本编写Lua脚本,下载lua - resty - http工具包并放置指定目录,编写Nginx配置和后台鉴权代码即可。

751

被折叠的 条评论
为什么被折叠?



