Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Database Mysql Tutorial nginx+lua实现登陆验证

nginx+lua实现登陆验证

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 pm 03:05 PM
accomplish server Login verify

用于在多台服务器上单点登录SSO、无SESSION,用户身份的 验证 。 1、安装lua yum install readline.x86_64 readline-devel.x86_64 wget http://www.lua.org/ftp/lua-5.1.5.tar.gz make linux make install 注意:不要使用5.2版本,5.2版本的lua和nginx的整合

用于在多台服务器上单点登录SSO、无SESSION,用户身份的验证

1、安装lua

yum install readline.x86_64 readline-devel.x86_64

  1. wget http://www.lua.org/ftp/lua-5.1.5.tar.gz
  2. make linux
  3. make install
注意:不要使用5.2版本,5.2版本的lua和nginx的整合有问题,编译会报错:

  1. LUA_GLOBALSINDEX' undeclared (first use in this function)

参考:https://github.com/LuaLanes/lanes/issues/18


2、编译nginx

下载lua-nginx-module

  1. wget https://github.com/chaoslawful/lua-nginx-module/zipball/master
  2. file master
  3. unzip master
  4. mv chaoslawful-lua-nginx-module-06d654b/ lua-nginx-module

下载ngx_devel_kit

  1. https://github.com/simpl/ngx_devel_kit/zipball/master
  2. file master
  3. unzip master
  4. mv simpl-ngx_devel_kit-4192ba6/ simpl-ngx_devel_kit
编译nginx

  1. tar -xvzf nginx-1.2.1.tar.gz
  2. ./configure \
  3. --prefix=/usr/local/nginx \
  4. --with-http_stub_status_module \
  5. --without-poll_module \
  6. --without-select_module \
  7. --with-http_ssl_module \
  8. --with-http_realip_module \
  9. --with-http_perl_module \
  10. --add-module=../simpl-ngx_devel_kit \
  11. --add-module=../lua-nginx-module
make 

make install


2、测试lua

测试


  1. location = /lua {
  2. content_by_lua '
  3. ngx.say("Hello, Lua!")
  4. ';
  5. }


3、登录验证

nginx添加配置


  1. access_by_lua_file 'conf/access.lua';
access.lua:

可以根据需要添加更多的验证

  1. local secretkey='1234567890abcdefghi'
  2. if ngx.var.cookie_uid == nil or ngx.var.cookie_token == nil then
  3. ngx.req.set_header("Check-Login", "NULL")
  4. return
  5. end

  8. --local ctoken = ngx.md5('uid:' .. ngx.var.cookie_uid .. '&secretkey:' .. secretkey)
  9. local ctoken = ngx.md5(ngx.var.cookie_uid .. secretkey)
  11. if ctoken == ngx.var.cookie_token then
  12. ngx.req.set_header("Check-Login", "YES")
  13. else
  14. ngx.req.set_header("Check-Login", "NO")
  15. end
  17. return

如果uid+lua中的securekey的md5值和请求中的cookie的值一致,则设置request header中的HTTP_CHECK_LOGIN为YES,否则为No,如果不存在uid或token这两个cookie中的一个,则HTTP_CHECK_LOGIN设置为NULL。


关于Check-Login,HTTP_CHECK_LOGIN:

lua中设置的heaer为Check-Login,输出后就变成了HTTP_CHECK_LOGIN,即前面加了HTTP_,经过测试,有些会添加HTTP_,而有些则不会添加,如Content-Type。


详细信息查看:http://wiki.nginx.org/HttpLuaModule#ngx.req.set_header


4、测试

使用perl cgi

perl打印ENV


  1. #!/usr/bin/perl -w
  2. use strict;
  3. use CGI;
  4. use Data::Dumper;

  6. my $query = new CGI;
  7. print $query->header('text/html');

  9. print Dumper \%ENV;

  11. #if ($ENV{HTTP_CHECK_LOGIN} ne "YES"){
  12. # print "not auth";
  13. # exit;
  14. #}
打印\%ENV哈希可以看到我们添加的header。


注释部分是一个例子,针对认证的结果做更多的操作。


可以使用curl来带着cookie进行测试:

curl -b "uid=1234;token=8323d8c4a0533dc78c7051a074cdb286" http://127.0.0.1/7.cgi 


如果使用echo 打印md5值,需要使用-n参数去掉回车

echo -n 123456789|md5sum


如何查看lua生成的md5?

        location = /lua {

            content_by_lua '

                 local ctoken = ngx.md5("12345" .. "6789")

                ngx.say(ctoken)       

            ';

        }



关于查看access.lua生成的cookie


  1. local secretkey='cookiesecretKey'
  3. if ngx.var.cookie_uid == nil or ngx.var.cookie_token == nil then
  4. ngx.req.set_header("Check-Login", "NULL")
  5. return
  6. end
  8. --local ctoken = ngx.md5('uid:' .. ngx.var.cookie_uid .. '&secretkey:' .. secretkey)
  9. local ctoken = ngx.md5(ngx.var.cookie_uid .. secretkey)
  11. if ctoken == ngx.var.cookie_token then
  12. ngx.req.set_header("Check-Login", "YES")
  13. print (ctoken)
  14. print (ngx.var.cookie_token)
  15. else
  16. ngx.req.set_header("Check-Login", "NO")
  17. print (ctoken)
  18. print (ngx.var.cookie_token)
  19. end
  21. return

打开nginx的log到debug,从error里可以看到access.lua的输出



通过html种植cookie

  1. html xmlns="http://www.w3.org/1999/xhtml">
  2. head>
  3. meta http-equiv="Content-Type" content="text/html; charset=gbk">
  4. /head>

  6. body>
  7. p>
  8. script>
  9. document.cookie="domain=intercom.com.cn";
  10. document.cookie="uid=1234";
  11. document.cookie="token=dbd19902c04fdc68ee8b97510f454614";
  12. //document.cookie="expires=Sat, 31-Dec-39 23:59:59 GMT";
  13. document.write(document.cookie);
  14. /script>
  15. /p>
  16. /body>
  17. /html>

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

How to fix KB5055612 fails to install in Windows 10?
4 weeks ago By DDD
Roblox: Grow A Garden - Complete Mutation Guide
3 weeks ago By DDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Nordhold: Fusion System, Explained
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Java Tutorial
1670
14
CakePHP Tutorial
1428
52
Laravel Tutorial
1329
25
PHP Tutorial
1274
29
C# Tutorial
1256
24
Show More
Related knowledge
How to configure Dnsmasq as a DHCP relay server How to configure Dnsmasq as a DHCP relay server Mar 21, 2024 am 08:50 AM

The role of a DHCP relay is to forward received DHCP packets to another DHCP server on the network, even if the two servers are on different subnets. By using a DHCP relay, you can deploy a centralized DHCP server in the network center and use it to dynamically assign IP addresses to all network subnets/VLANs. Dnsmasq is a commonly used DNS and DHCP protocol server that can be configured as a DHCP relay server to help manage dynamic host configurations in the network. In this article, we will show you how to configure dnsmasq as a DHCP relay server. Content Topics: Network Topology Configuring Static IP Addresses on a DHCP Relay D on a Centralized DHCP Server

Detailed method to unblock using WeChat friend-assisted verification Detailed method to unblock using WeChat friend-assisted verification Mar 25, 2024 pm 01:26 PM

1. After opening WeChat, click the search icon, enter WeChat team, and click the service below to enter. 2. After entering, click the self-service tool option in the lower left corner. 3. After clicking, in the options above, click the option of unblocking/appealing for auxiliary verification.

How to log in to corporate WeChat email How to log in to corporate WeChat email Mar 10, 2024 pm 12:43 PM

How to log in to the email address of Enterprise WeChat? You can log in to the email address in the Enterprise WeChat APP, but most users don’t know how to log in to the email address. Next is the graphic tutorial on how to log in to the email address of Enterprise WeChat brought by the editor for interested users. Come and take a look! Enterprise WeChat usage tutorial How to log in to the Enterprise WeChat email 1. First open the Enterprise WeChat APP, go to the [Workbench] at the bottom of the main page and click to come to the special area; 2. Then in the workbench area, select the [Enterprise Mailbox] service; 3. Then jump to the corporate email function page, click [Bind] or [Change Email] at the bottom; 4. Finally, enter [QQ Account] and [Password] on the page shown below to log in to the email.

How to implement dual WeChat login on Huawei mobile phones? How to implement dual WeChat login on Huawei mobile phones? Mar 24, 2024 am 11:27 AM

How to implement dual WeChat login on Huawei mobile phones? With the rise of social media, WeChat has become one of the indispensable communication tools in people's daily lives. However, many people may encounter a problem: logging into multiple WeChat accounts at the same time on the same mobile phone. For Huawei mobile phone users, it is not difficult to achieve dual WeChat login. This article will introduce how to achieve dual WeChat login on Huawei mobile phones. First of all, the EMUI system that comes with Huawei mobile phones provides a very convenient function - dual application opening. Through the application dual opening function, users can simultaneously

Best Practice Guide for Building IP Proxy Servers with PHP Best Practice Guide for Building IP Proxy Servers with PHP Mar 11, 2024 am 08:36 AM

In network data transmission, IP proxy servers play an important role, helping users hide their real IP addresses, protect privacy, and improve access speeds. In this article, we will introduce the best practice guide on how to build an IP proxy server with PHP and provide specific code examples. What is an IP proxy server? An IP proxy server is an intermediate server located between the user and the target server. It acts as a transfer station between the user and the target server, forwarding the user's requests and responses. By using an IP proxy server

PHP Programming Guide: Methods to Implement Fibonacci Sequence PHP Programming Guide: Methods to Implement Fibonacci Sequence Mar 20, 2024 pm 04:54 PM

The programming language PHP is a powerful tool for web development, capable of supporting a variety of different programming logics and algorithms. Among them, implementing the Fibonacci sequence is a common and classic programming problem. In this article, we will introduce how to use the PHP programming language to implement the Fibonacci sequence, and attach specific code examples. The Fibonacci sequence is a mathematical sequence defined as follows: the first and second elements of the sequence are 1, and starting from the third element, the value of each element is equal to the sum of the previous two elements. The first few elements of the sequence

How to solve the problem of too frequent login operations on Wegame? How to solve the problem of too frequent login operations on Wegame? Mar 14, 2024 pm 07:40 PM

Wegame is a software used with Tencent games. You can use it to start games and gain acceleration. Recently, many users have experienced prompts that login operations are too frequent when using it. Faced with this prompt, many users do not know How can we solve it successfully? In this software tutorial, we will share the solution with you. Let’s learn about it together. What should I do if Wegame login operations are too frequent? Method 1: 1. First, make sure our network connection is normal. (You can try opening the browser to see if you can access the Internet) 2. If it is a network failure, then try restarting the router, reconnecting the network cable, and restarting the computer to solve the problem. Method 2: 1. If there is no problem with the network, then select &

What should I do if I can't enter the game when the epic server is offline? Solution to why Epic cannot enter the game offline What should I do if I can't enter the game when the epic server is offline? Solution to why Epic cannot enter the game offline Mar 13, 2024 pm 04:40 PM

What should I do if I can’t enter the game when the epic server is offline? This problem must have been encountered by many friends. When this prompt appears, the genuine game cannot be started. This problem is usually caused by interference from the network and security software. So how should it be solved? The editor of this issue will explain I would like to share the solution with you, I hope today’s software tutorial can help you solve the problem. What to do if the epic server cannot enter the game when it is offline: 1. It may be interfered by security software. Close the game platform and security software and then restart. 2. The second is that the network fluctuates too much. Try restarting the router to see if it works. If the conditions are OK, you can try to use the 5g mobile network to operate. 3. Then there may be more

See all articles