kingmouse-yx commented on issue #6564:
URL: https://github.com/apache/apisix/issues/6564#issuecomment-1063987354
@soulbird
I don't quite agree with this statement.
Because I often encounter invalid tokens. The information it returns is only
a part of the token.
In order to verify my statement, I added a log in jwt-auth.
```lua
function _M.rewrite(conf, ctx)
local jwt_token, err = fetch_jwt_token(ctx)
-- The following two lines of code were added by me.
local uuid = uuid.generate_v4()
core.log.warn("uuid:",uuid,"jwt_token: ",tostring(jwt_token))
if not jwt_token then
if err and err:sub(1, #"no cookie") ~= "no cookie" then
core.log.error("failed to fetch JWT token: ", err)
end
return 401, {message = "Missing JWT token in request"}
end
local jwt_obj = jwt:load_jwt(jwt_token)
core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
if not jwt_obj.valid then
return 401, {message = jwt_obj.reason}
end
local user_key = jwt_obj.payload and jwt_obj.payload.key
if not user_key then
return 401, {message = "missing user key in JWT token"}
end
local consumer_conf = consumer_mod.plugin(plugin_name)
if not consumer_conf then
return 401, {message = "Missing related consumer"}
end
local consumers = lrucache("consumers_key", consumer_conf.conf_version,
create_consume_cache, consumer_conf)
local consumer = consumers[user_key]
if not consumer then
return 401, {message = "Invalid user key in JWT token"}
end
core.log.info("consumer: ", core.json.delay_encode(consumer))
local _, auth_secret = algorithm_handler(consumer)
jwt_obj = jwt:verify_jwt_obj(auth_secret, jwt_obj)
core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
if not jwt_obj.verified then
-- The following line of code was added by me.
core.log.warn("uuid:",uuid,"jwt_obj.reason:
",tostring(jwt_obj.reason))
return 401, {message = jwt_obj.reason}
end
consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
core.log.info("hit jwt-auth rewrite")
end
```
After testing, I found many similar logs in my log.
```log
2022/03/10 11:49:42 [warn] 43#43: *1220630 [lua] jwt-auth.lua:258:
phase_func(): uuid:4b958404-45e8-4596-a1b0-58c423673705jwt_token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDY5OTkwNjEsImtleSI6InRlc3QwMSJ9.kB25Qzxf7gB5IJ8MYgf9EOWKHaC8BtIWdOYk-Oc39YQ,
client: 172.18.0.1, server: _, request: "POST /get04 HTTP/1.1", host:
"127.0.0.1:9080"
2022/03/10 11:49:42 [warn] 43#43: *1220630 [lua] jwt-auth.lua:300:
phase_func(): uuid:4b958404-45e8-4596-a1b0-58c423673705jwt_obj.reason:
signature mismatch: kB25Qzxf7gB5IJ8MYgf9EOWKHaC8BtIWdOYk-Oc39YQ, client:
172.18.0.1, server: _, request: "POST /get04 HTTP/1.1", host: "127.0.0.1:9080"
```
Obviously, this is the result of one request, and apisik received the
complete token
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
