Introduction to JWT Verification Using Nginx and Lua

Preface
Lua Script
nignx.conf configuration
Dockerfile configuration

Preface

Because it does not involve dependencies on databases and other resources, jwt itself is also stateless. Therefore, the authentication service is no longer based on Java or other languages. Instead, we use the Lua script to enhance nginx: we use the Lua script to verify whether the token is valid. If it is invalid, we return 401 directly. If it is valid, we forward it as is.

Lua Script

I encountered a big pit with the secret here. At first, I copied the key directly from the Java backend project, but it kept prompting signature mismatch: Later, I found that the backend application used base64decode related methods. I added ngx.decode_base64(secret) to the Lua script to process the secret and solved the problem. In fact, the problem has not been solved yet. When debugging the backend code, it was found that the result of the backend key being decoded was a string of garbled characters. In order to avoid the problem of garbled characters, the secret was regenerated through https://www.base64encode.org/, which finally solved the problem.
If you also encounter this signature mismatch: error in your project, you need to check whether the backend decodes or otherwise processes the secret when generating the token, and perform corresponding processing in the Lua script.

insert image description here

nignx.conf configuration

--nginx-jwt.lua


local cjson = require "cjson"
local jwt = require "resty.jwt"

--your secret
local secret = "yoursecrethere"
--No authentication required API list local no_need_token_api_list = {'/api/register', '/api/login'}

local function ignore_url (val)
    for index, value in ipairs(no_need_token_api_list) do
        if (value == val) then
            return true
        end
    end

    return false
end

local M = {}


function M.auth()

    if ignore_url(ngx.var.request_uri) then
        return
    else
    end
	
    -- require Authorization request header
    local auth_header = ngx.var.http_Authorization

    if auth_header == nil then
        ngx.log(ngx.WARN, "No Authorization header")
        ngx.exit(ngx.HTTP_UNAUTHORIZED)
    end

    --require Bearer token
    local _, _, token = string.find(auth_header, "Bearer%s+(.+)")

    if token == nil then
        ngx.log(ngx.ERR, "Missing token")
        ngx.exit(ngx.HTTP_UNAUTHORIZED)
    end

    --decode_base64 is consistent with the backend local jwt_obj = jwt:verify(ngx.decode_base64(secret), token)

    if jwt_obj.verified == false then
        ngx.log(ngx.ERR, "Invalid token: ".. jwt_obj.reason)
        ngx.status = ngx.HTTP_UNAUTHORIZED
        ngx.say(cjson.encode(jwt_obj))
        ngx.header.content_type = "application/json; charset=utf-8"
        ngx.exit(ngx.HTTP_UNAUTHORIZED)
    end

end

return M

Dockerfile configuration

worker_processes 1;

events
{
  worker_connections 1024;
}
http
{

  lua_package_path "/opt/lua-resty-jwt/lib/?.lua;;";

  upstream backend
  {
    server 192.168.1.1:8080;
  }
  
  access_log /logs/nginx_access.log;
  error_log /logs/nginx_error.log;

  server
  {

    listen 80;

    #Backend api interface proxy location /api/
    {
      access_by_lua_block
      {
        local obj = require('nginx-jwt')
        obj.auth()
      }
      proxy_pass http://backend;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }

}

This is the end of this article about using Nginx and Lua for JWT verification. For more information about Nginx and Lua for JWT verification, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

In golang, gin framework accesses jwt and uses token to verify identity
Go gin+token (JWT) verification to achieve login verification
Golang web development based on gin authentication tool jwt
Definition requirements and analysis of using JWT in gin framework

<<: Detailed explanation of small state management based on React Hooks

>>: Deep understanding of the use of ::before/:before and ::after/:after

Introduction to JWT Verification Using Nginx and Lua

Table of contents

Preface

Lua Script

nignx.conf configuration

Dockerfile configuration

How to view and set the mysql time zone

Detailed explanation of using Docker to build externally accessible MySQL

How to quickly log in to MySQL database without password under Shell

A brief discussion on the synchronization solution between MySQL and redis cache

Nginx installation detailed tutorial

Tutorial on installing GreasyFork js script on mobile phone

Detailed explanation of MySQL Strict Mode knowledge points

Detailed introduction to linux host name configuration

HTML table markup tutorial (10): cell padding attribute CELLPADDING

Docker-compose installation db2 database operation

Recommend

MySQL transaction autocommit automatic commit operation

In-depth understanding of MySQL slow query log

4 Practical Tips for Web Page Design

Reference SVG images in CSS to support dynamic color switching implementation code

Detailed explanation of CSS3 Flex elastic layout example code

Example code for implementing beautiful clock animation effects with CSS

How to solve the problem "Unknown column 'password" when resetting MySQL root password

Are you still Select *?

MySQL 5.7.17 winx64 free installation version configuration method graphic tutorial

A brief discussion on the problem of Docker run container being in created state

How to view Docker container application logs

2017 latest version of windows installation mysql tutorial

Vue implements the right slide-out layer animation

Use of LRU algorithm in Vue built-in component keep-alive

The whole process of realizing website internationalization using Vite2 and Vue3