Skip to content

Commit

Permalink
bugfix: remove unsupported algorithm in jwt plugin. (#2356)
Browse files Browse the repository at this point in the history
* bugfix: remove unsupported algorithm in jwt plugin.

support algorithm: https://github.com/SkyLothar/lua-resty-jwt/blob/master/lib/resty/jwt.lua#L505

* revert doc auto-format

Signed-off-by: yiyiyimu <wosoyoung@gmail.com>

Co-authored-by: yiyiyimu <wosoyoung@gmail.com>
  • Loading branch information
moonming and Yiyiyimu authored Oct 4, 2020
1 parent 3e95903 commit a4e3526
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 9 deletions.
11 changes: 4 additions & 7 deletions apisix/plugins/jwt-auth.lua
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ local schema = {
secret = {type = "string"},
algorithm = {
type = "string",
enum = {"HS256", "HS384", "HS512", "RS256", "ES256"}
enum = {"HS256", "HS512", "RS256"},
default = "HS256"
},
exp = {type = "integer", minimum = 1},
base64_secret = {
Expand Down Expand Up @@ -85,10 +86,6 @@ function _M.check_schema(conf)
conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
end

if not conf.algorithm then
conf.algorithm = "HS256"
end

if not conf.exp then
conf.exp = 60 * 60 * 24
end
Expand Down Expand Up @@ -207,11 +204,11 @@ local function gen_token()
local jwt_token = jwt:sign(
auth_secret,
{
header={
header = {
typ = "JWT",
alg = consumer.auth_conf.algorithm
},
payload={
payload = {
key = key,
exp = ngx_time() + consumer.auth_conf.exp
}
Expand Down
2 changes: 1 addition & 1 deletion doc/plugins/jwt-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/) for more informatio
| ------------- | ------- | ----------- | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| key | string | required | | | different `consumer` have different value, it's unique. different `consumer` use the same `key`, and there will be a request matching exception. |
| secret | string | optional | | | encryption key. if you do not specify, the value is auto-generated in the background. |
| algorithm | string | optional | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | encryption algorithm. |
| algorithm | string | optional | "HS256" | ["HS256", "HS512", "RS256"] | encryption algorithm. |
| exp | integer | optional | 86400 | [1,...] | token's expire time, in seconds |
| base64_secret | boolean | optional | false | | whether secret is base64 encoded |

Expand Down
2 changes: 1 addition & 1 deletion doc/zh-cn/plugins/jwt-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
| ------------- | ------- | ------ | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| key | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key` ,将会出现请求匹配异常。 |
| secret | string | 可选 | | | 加密秘钥。如果您未指定,后台将会自动帮您生成。 |
| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | 加密算法 |
| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] | 加密算法 |
| exp | integer | 可选 | 86400 | [1,...] | token 的超时时间 |
| base64_secret | boolean | 可选 | false | | 密钥是否为 base64 编码 |

Expand Down

0 comments on commit a4e3526

Please sign in to comment.