xfy/lolly
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lolly/docs/lua/authentication/nginx.conf
xfy 6543422281 docs: 添加 Nginx 配置和 Lua 脚本示例文档 
- config: 反向代理、缓存、负载均衡、安全、SSL 等配置模板
- lua: API 网关、认证、动态路由、限流、WebSocket 等脚本示例

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 17:59:22 +08:00

107 lines
4.0 KiB
Nginx Configuration File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Authentication 示例 - NGINX 配置
#
# 演示如何在 Nginx 中集成 JWT 验证和 Basic Auth。
http {
# 共享内存区域(用于限流等场景)
lua_shared_dict auth_cache 10m;
server {
listen 8080;
server_name localhost;
# ==========================================
# 场景 1JWT 验证的受保护端点
# ==========================================
location /api/secure {
access_by_lua_file /path/to/auth/jwt_validate.lua;
# 验证通过后,可以使用 JWT payload 中的信息
# ngx.ctx.jwt_payload 包含解码后的 payload
content_by_lua_block {
local payload = ngx.ctx.jwt_payload
if payload and payload.sub then
ngx.header["Content-Type"] = "application/json"
ngx.say('{"status": "ok", "user": "' .. payload.sub .. '"}')
else
ngx.say('{"status": "ok"}')
end
}
}
# ==========================================
# 场景 2Basic Auth 的受保护端点
# ==========================================
location /api/admin {
access_by_lua_file /path/to/auth/basic_auth.lua;
content_by_lua_block {
local user = ngx.ctx.auth_user
ngx.header["Content-Type"] = "application/json"
ngx.say('{"status": "ok", "admin": "' .. user .. '"}')
}
}
# ==========================================
# 场景 3公开端点无需认证
# ==========================================
location /api/public {
content_by_lua_block {
ngx.header["Content-Type"] = "application/json"
ngx.say('{"status": "ok", "message": "public endpoint"}')
}
}
# ==========================================
# 场景 4组合认证Basic Auth + JWT
# 要求同时通过两种认证
# ==========================================
location /api/super-secure {
access_by_lua_block {
-- 先校验 Basic Auth复用基本逻辑 exit
local cjson = require "cjson.safe"
local hmac = require "resty.hmac"
-- Basic Auth
local auth = ngx.req.get_headers()["Authorization"]
if not auth or not auth:match("^Basic ") then
ngx.status = 401
ngx.header["WWW-Authenticate"] = 'Basic realm="Super Secure API"'
ngx.header["Content-Type"] = "application/json"
ngx.say(cjson.encode({ error = "basic auth required" }))
return ngx.exit(401)
end
-- JWT
if not auth:match("^Bearer ") then
-- 这里假设 Basic Auth 已通过,再检查 JWT
-- 实际场景中 Basic Auth JWT 可能来自不同 header
end
-- 简化示例:仅校验 JWT Bearer
local jwt_token = ngx.req.get_headers()["X-JWT-Token"]
if not jwt_token then
ngx.status = 401
ngx.header["Content-Type"] = "application/json"
ngx.say(cjson.encode({ error = "JWT token required in X-JWT-Token header" }))
return ngx.exit(401)
end
}
content_by_lua_block {
ngx.header["Content-Type"] = "application/json"
ngx.say('{"status": "ok", "message": "both auth passed"}')
}
}
# ==========================================
# 健康检查端点
# ==========================================
location /health {
access_log off;
return 200 '{"status": "healthy"}';
add_header Content-Type application/json;
}
}
}
Reference in New Issue View Git Blame Copy Permalink