Integrate with https://github.com/tsuru/lua-resty-libjwt

Co-authored-by: Ezequiel Lopes dos Reis Junior <[email protected]>

Author: wpjunior

Dockerfile

@@ -8,7 +8,11 @@ RUN set -x \
     && apt-get install -y --no-install-suggests \
        libluajit-5.1-dev libpam0g-dev zlib1g-dev libpcre3-dev libpcre2-dev \
        libexpat1-dev git curl build-essential lsb-release libxml2 libxslt1.1 libxslt1-dev autoconf libtool libssl-dev \
-       unzip libmaxminddb-dev libbrotli-dev
+       unzip libmaxminddb-dev libbrotli-dev cmake pkg-config libjansson-dev
+
+RUN git clone --depth 1 --branch v3.2.0 https://github.com/benmcollins/libjwt.git && \
+       mkdir libjwt/build && \
+       cd libjwt/build && cmake .. && make && make install
 
 ARG openresty_package_version=1.27.1.1-1~bookworm1
 RUN set -x \
@@ -86,6 +90,8 @@ COPY --from=build /usr/local/lib      /usr/local/lib
 COPY --from=build /usr/local/etc      /usr/local/etc
 COPY --from=build /usr/local/share    /usr/local/share
 COPY --from=build /usr/lib/nginx/modules /usr/lib/nginx/modules
+COPY --from=build /usr/local/lib/libjwt.so /usr/local/lib/libjwt.so
+
 
 ENV LUAJIT_LIB=/usr/local/lib \
     LUAJIT_INC=/usr/local/include/luajit-2.1

Makefile

@@ -38,6 +38,7 @@ test: check-required-vars
 
 	$(DOCKER) cp ./test/nginx-$(flavor).conf test-tsuru-nginx-$(flavor)-$(nginx_version):/etc/nginx/
 	$(DOCKER) cp ./test/nginx-$(flavor).bash test-tsuru-nginx-$(flavor)-$(nginx_version):/bin/test-nginx
+	$(DOCKER) cp ./test/jwks.json test-tsuru-nginx-$(flavor)-$(nginx_version):/etc/nginx/
 
 	$(DOCKER) cp $$PWD/test/GeoIP2-Country-Test.mmdb test-tsuru-nginx-$(flavor)-$(nginx_version):/etc/nginx; \
 

flavors.json

@@ -21,7 +21,8 @@
         "tsuru-rpaasv2 INOTIFY_INCDIR=/usr/include/linux-gnu",
         "lua-resty-http 0.17.2-0",
         "lua-resty-balancer 0.04",
-        "lua-resty-cookie 0.4.0-1"
+        "lua-resty-cookie 0.4.0-1",
+        "lua-resty-libjwt 0.1.0-1"
       ]
     },
     {

test/nginx-tsuru.bash

@@ -37,11 +37,23 @@ test_brotli() {
     assert 'BQmAPGI+QnJvdGxpIHBhZ2U8L2I+CgM=' "$response" "/brotli with brotli compression response"
 }
 
+test_libjwt_no_token() {
+    response=$(curl --silent --show-error http://localhost:8080/libjwt)
+    assert '{"message":"token not found"}' "$response" "/libjwt with expected response"
+}
+
+test_libjwt_with_token() {
+    response=$(curl --fail --silent --show-error http://localhost:8080/libjwt -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImtpZC10c3VydSIsInR5cCI6IkpXVCJ9.eyJhZG1pbiI6dHJ1ZSwiZW1haWwiOiJ0c3VydUB0c3VydS5jb20iLCJleHAiOjIwNTY5OTA3ODEsImlhdCI6MTc0MTYzMDc4MSwibmFtZSI6IlRzdXJ1Iiwic3ViIjoiMTIzNDU2Nzg5MCJ9.osEVAXF1ysV3pwoeOwaPSZK97AzMDMqCD-cyZ4ALHhLatBHszXrPqn6sJxUQdvET_RK0IJyJd15mw-Y1EMZ6WLKBjeV_iWuapQ9-7gh6sQoloZZ0V0ZNfXlbqCGoTXHb-xInFsGEgV6rj4R-5Sl1r96UiYpLdav8GmT3lKrRPILCLvihXFtiuhrUX1rmNhbiKqlIDyAPtG8rjqQzqEDqKkYH2bApjSrgsyevG9do31vbnEljukON-Hc5MgQK7zr4ZF3Ozi4m0JRy3jeIWVzpsWm9dRnTb9mcOfuY5EQP7NhFBXu-H4H-RwvStfZhfN8J9FbOR8jGEEDhUYHsLaRXNQ")
+    assert 'OK' "$response" "/libjwt with expected response"
+}
+
 echo "Running tests"
 
 test_nginx_serving_request
 test_lua_content
 test_lua_http_resty
 test_brotli
+test_libjwt_with_token
+test_libjwt_no_token
 
 echo "✅ SUCESS: All tests passed"

test/nginx-tsuru.conf

@@ -79,6 +79,21 @@ http {
             }
         }
 
+        location /libjwt {
+            content_by_lua_block {
+                local libjwt = require("resty.libjwt")
+                local claim, err = libjwt.validate({
+                    ["jwks_files"] = {"/etc/nginx/jwks.json"},
+                })
+                if claim then
+                    ngx.status = ngx.HTTP_OK
+                    return ngx.say("OK")
+                end
+                ngx.status = ngx.HTTP_UNAUTHORIZED
+                return ngx.say("Unauthorized")
+            }
+        }
+
         location /brotli {
             brotli on;
             default_type 'text/html';