From cfa01fec13e5e429c4cb8327a57a92b02742fb4b Mon Sep 17 00:00:00 2001 From: WenMing Date: Sun, 4 Oct 2020 15:46:57 +0800 Subject: [PATCH 1/2] bugfix: remove unsupported algorithm in jwt plugin. support algorithm: https://github.com/SkyLothar/lua-resty-jwt/blob/master/lib/resty/jwt.lua#L505 --- apisix/plugins/jwt-auth.lua | 11 ++++------- doc/plugins/jwt-auth.md | 15 +++++++++------ doc/zh-cn/plugins/jwt-auth.md | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua index 0d33346e759c..8209aa5e293a 100644 --- a/apisix/plugins/jwt-auth.lua +++ b/apisix/plugins/jwt-auth.lua @@ -35,7 +35,8 @@ local schema = { secret = {type = "string"}, algorithm = { type = "string", - enum = {"HS256", "HS384", "HS512", "RS256", "ES256"} + enum = {"HS256", "HS512", "RS256"}, + default = "HS256" }, exp = {type = "integer", minimum = 1}, base64_secret = { @@ -85,10 +86,6 @@ function _M.check_schema(conf) conf.secret = ngx_encode_base64(resty_random.bytes(32, true)) end - if not conf.algorithm then - conf.algorithm = "HS256" - end - if not conf.exp then conf.exp = 60 * 60 * 24 end @@ -207,11 +204,11 @@ local function gen_token() local jwt_token = jwt:sign( auth_secret, { - header={ + header = { typ = "JWT", alg = consumer.auth_conf.algorithm }, - payload={ + payload = { key = key, exp = ngx_time() + consumer.auth_conf.exp } diff --git a/doc/plugins/jwt-auth.md b/doc/plugins/jwt-auth.md index 03b6c9232e37..8a98b629e8ed 100644 --- a/doc/plugins/jwt-auth.md +++ b/doc/plugins/jwt-auth.md @@ -20,11 +20,14 @@ - [中文](../zh-cn/plugins/jwt-auth.md) # Summary -- [**Name**](#name) -- [**Attributes**](#attributes) -- [**How To Enable**](#how-to-enable) -- [**Test Plugin**](#test-plugin) -- [**Disable Plugin**](#disable-plugin) +- [Summary](#summary) + - [Name](#name) + - [Attributes](#attributes) + - [How To Enable](#how-to-enable) + - [Test Plugin](#test-plugin) + - [get the token in `jwt-auth` plugin:](#get-the-token-in-jwt-auth-plugin) + - [try request with token](#try-request-with-token) + - [Disable Plugin](#disable-plugin) ## Name @@ -41,7 +44,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/) for more informatio | ------------- | ------- | ----------- | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | key | string | required | | | different `consumer` have different value, it's unique. different `consumer` use the same `key`, and there will be a request matching exception. | | secret | string | optional | | | encryption key. if you do not specify, the value is auto-generated in the background. | -| algorithm | string | optional | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | encryption algorithm. | +| algorithm | string | optional | "HS256" | ["HS256", "HS512", "RS256"] | encryption algorithm. | | exp | integer | optional | 86400 | [1,...] | token's expire time, in seconds | | base64_secret | boolean | optional | false | | whether secret is base64 encoded | diff --git a/doc/zh-cn/plugins/jwt-auth.md b/doc/zh-cn/plugins/jwt-auth.md index aa7126c41fb7..2d431e421815 100644 --- a/doc/zh-cn/plugins/jwt-auth.md +++ b/doc/zh-cn/plugins/jwt-auth.md @@ -42,7 +42,7 @@ | ------------- | ------- | ------ | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | | key | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key` ,将会出现请求匹配异常。 | | secret | string | 可选 | | | 加密秘钥。如果您未指定,后台将会自动帮您生成。 | -| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | 加密算法 | +| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] | 加密算法 | | exp | integer | 可选 | 86400 | [1,...] | token 的超时时间 | | base64_secret | boolean | 可选 | false | | 密钥是否为 base64 编码 | From c12f0bfa7c1966c691761a3af8d912143bc79932 Mon Sep 17 00:00:00 2001 From: yiyiyimu Date: Sun, 4 Oct 2020 23:34:30 +0800 Subject: [PATCH 2/2] revert doc auto-format Signed-off-by: yiyiyimu --- doc/plugins/jwt-auth.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/doc/plugins/jwt-auth.md b/doc/plugins/jwt-auth.md index 8a98b629e8ed..1f5aa1e1cfc0 100644 --- a/doc/plugins/jwt-auth.md +++ b/doc/plugins/jwt-auth.md @@ -20,14 +20,11 @@ - [中文](../zh-cn/plugins/jwt-auth.md) # Summary -- [Summary](#summary) - - [Name](#name) - - [Attributes](#attributes) - - [How To Enable](#how-to-enable) - - [Test Plugin](#test-plugin) - - [get the token in `jwt-auth` plugin:](#get-the-token-in-jwt-auth-plugin) - - [try request with token](#try-request-with-token) - - [Disable Plugin](#disable-plugin) +- [**Name**](#name) +- [**Attributes**](#attributes) +- [**How To Enable**](#how-to-enable) +- [**Test Plugin**](#test-plugin) +- [**Disable Plugin**](#disable-plugin) ## Name