jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-02-26 05:30:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e6168a644c0c9c625fbe29331d83e00a48da2fd
higress/plugins/wasm-go/extensions/simple-jwt-auth/main.go

77 lines
2.3 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package main
import (
"encoding/json"
"net/http"
"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
jwt "github.com/dgrijalva/jwt-go"
"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
"github.com/tidwall/gjson"
)
// 自定义插件配置
func main() {
wrapper.SetCtx(
"simple-jwt-auth", // 配置插件名称
wrapper.ParseConfigBy(parseConfig),
wrapper.ProcessRequestHeadersBy(onHttpRequestHeaders),
)
}
type Config struct {
TokenSecretKey string // 解析Token SecretKey
TokenHeaders string // 定义获取Token请求头名称
}
type Res struct {
Code int `json:"code"` // 返回状态码
Msg string `json:"msg"` // 返回信息
}
func parseConfig(json gjson.Result, config *Config, log wrapper.Log) error {
// 解析出配置更新到config中
config.TokenSecretKey = json.Get("token_secret_key").String()
config.TokenHeaders = json.Get("token_headers").String()
return nil
}
func onHttpRequestHeaders(ctx wrapper.HttpContext, config Config, log wrapper.Log) types.Action {
var res Res
if config.TokenHeaders == "" || config.TokenSecretKey == "" {
res.Code = http.StatusBadRequest
res.Msg = "token or secret 不允许为空"
data, _ := json.Marshal(res)
_ = proxywasm.SendHttpResponseWithDetail(http.StatusUnauthorized, "simple-jwt-auth.bad_config", nil, data, -1)
return types.ActionContinue
}
token, err := proxywasm.GetHttpRequestHeader(config.TokenHeaders)
if err != nil {
res.Code = http.StatusUnauthorized
res.Msg = "认证失败"
data, _ := json.Marshal(res)
_ = proxywasm.SendHttpResponseWithDetail(http.StatusUnauthorized, "simple-jwt-auth.auth_failed", nil, data, -1)
return types.ActionContinue
}
valid := ParseTokenValid(token, config.TokenSecretKey)
if valid {
return types.ActionContinue
}
res.Code = http.StatusUnauthorized
res.Msg = "认证失败"
data, _ := json.Marshal(res)
_ = proxywasm.SendHttpResponseWithDetail(http.StatusUnauthorized, "simple-jwt-auth.auth_failed", nil, data, -1)
return types.ActionContinue
}
func ParseTokenValid(tokenString, TokenSecretKey string) bool {
token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
// 在这里提供用于验证签名的密钥
return []byte(TokenSecretKey), nil
})
return token.Valid
}
Reference in New Issue View Git Blame Copy Permalink