4390

利用lua + redis实现nginx的http auth认证

netxfly   发表于   2015 年 05 月 10 日

# nginx基于redis实现http auth 本文是昨天的文章([nginx登陆认证的几种方案](http://www.xsec.io/article/60/nginx-auth.html))的中的第3个方案,用nginx + lua + redis实现http auth方案。 # Radius API接口的实现 把方案2中的mongodb换成了redis,将密码过期的事交给了redis处理 ``` # Auth class # ---------------------------------------------------------------------------- class Auth2(tornado.web.RequestHandler): def initialize(self): self.radius_auth = None self.redis_client = None def get(self): self.render("auth2.html") def post(self): self.redis_client = redis.StrictRedis( host=CONST_REDIS.get('host'), port=CONST_REDIS.get('port'), db=CONST_REDIS.get('db'), password=CONST_REDIS.get('password') ) self.radius_auth = RadiusAuth(CONST_RADIUS) username = self.get_argument("username", "") or "" password = self.get_argument("password", "") or "" now = datetime.datetime.now() # print username.encode('utf-8'), password.encode('utf-8'), type(username.encode('utf-8')), type(password) ret_auth = self.radius_auth.auth(username.encode('utf-8'), password.encode('utf-8')) # print ret_auth expire = CONST_TIMEOUT * 60 if ret_auth: gen_secret = GenSecuret(username, password) secret = gen_secret.get_secret() values = dict( username=username, password=secret, time=now ) # insert to redis and set key expire self.redis_client.hmset(username, values) self.redis_client.expire(username, expire) # return value to client ret = dict( username=username, password=secret, status=True, expire=expire ) self.write(json.dumps(ret)) else: ret = dict( username=username, password="", status=False, expire=expire ) self.write(json.dumps(ret)) ``` # nginx 利用redis实现http auth ``` local p = "/usr/local/openresty/lualib" local m_package_path = package.path package.path = string.format("%s?.lua;%s?/init.lua;%s", p, p, m_package_path) -- http base auth function auth() local username = ngx.var.remote_user local password = ngx.var.remote_passwd -- if auth_monogodb(username, password) then -- return -- end if auth_redis(username, password) then return end ngx.header.www_authenticate = [[Basic realm="sinasec auth"]] ngx.exit(401) end -- auth by redis function auth_redis(username, password) local redis_info = { host="127.0.0.1", port=6379, db=0, password="mypass" } local redis = require "resty.redis" local red = redis:new() red:set_timeout(3000) -- 3 sec local ok, err = red:connect(redis_info["host"], redis_info["port"]) if not ok then ngx.log("failed to connect: ", err) return false end local res, err = red:auth(redis_info["password"]) if not res then ngx.log("failed to authenticate: ", err) return false end local res, err = red:hmget(username, "username", "password") -- for k, v in ipairs(res) do -- ngx.say(k) -- ngx.say(v) -- end if res and res ~= ngx.null then local user = res[1] or "" local pass = res[2] or "" -- ngx.say("username: " .. user .. " , password: " .. pass) if user ~="" and pass ~= "" and username == user and password == pass then -- ngx.log("username: " .. user .. " , password: " .. pass) return true end else return false end end -- call auth function auth() ```

标签:nginx redis lua

文章评论

1

ivonlee
回复

ivonlee

05 月 20 日 15 时 43 分

学习了