@xeioex @drsm
I'm wondering if njs is able to do the sign and verify of jwt.
I've tried in Lua, it works well. I want to test if njs works well in verifying APIs.
https://github.com/SkyLothar/lua-resty-jwt
I found a nodejs module that does the things, but some tiny code can't work in njs.
https://github.com/hokaccha/node-jwt-simple/blob/master/lib/jwt.js
https://github.com/hokaccha/node-jwt-simple/blob/master/lib/jwt.js#L194
https://github.com/hokaccha/node-jwt-simple/blob/master/lib/jwt.js#L203
It thrown in njs
ReferenceError: "Buffer" is not defined in jwt.js:194
How to fix it?
BTW, other modules are also welcome.
Thanks.
@xeioex There are some good examples written by you.
https://github.com/xeioex/njs-examples/blob/master/njs/http/authorization/
But it seems there is no example that describes the complete sign/veriry of jwt?
@hongzhidao
ReferenceError: "Buffer" is not defined in jwt.js:194
currently @lexborisov is on Buffer implementation. Also see this.
Also among the examples: https://github.com/xeioex/njs-examples#generating-jwt-token-httpauthorizationgen_hs_jwt.
With crypto module all building blocks for JWT are in place.
@xeioex Take a look, please.
js_import main from example.js;
server {
listen 80;
location / {
if ($request_method = 'GET') {
# It's bad that the if block is added.
}
js_content main.hello;
}
}
I can't find the reason. It's curious that this thrown an error.
> curl http://127.1:80
2020/08/10 06:09:00 [error] 1850#0: *1 js function "" not found, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.1:80"
With crypto module all building blocks for JWT are in place.
Do you mean after implementing Buffer by @lexborisov jwt example will be complete( I mean sign and verify)?
Also among the examples: https://github.com/xeioex/njs-examples#generating-jwt-token-httpauthorizationgen_hs_jwt.
I checked it but it seems there is only the way of generating token with a secret key (the sign what I said).
How to verify the generated token with the same secret key?
BTW, it's OK for me to use njs jwt until the final implementation of Buffer is done.
@hongzhidao
Do you mean after implementing Buffer by @lexborisov jwt example will be complete( I mean sign and verify)?
For HS256 yes. and for other algos if you have sign/verify in njs.
How to verify the generated token with the same secret key?
verify is just sign in reverse:), pretty straightforward.
@hongzhidao
Take a look, please.
looks like a broken config: https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
If directive basically switches a location config to the config inside If block. Because there is no any content directives (like proxy_pass or js_content), you get js function "" not found.
@xeioex Good reminder.
merge location. In Perl.static char *
ngx_http_perl_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_http_perl_loc_conf_t *prev = parent;
ngx_http_perl_loc_conf_t *conf = child;
if (conf->sub == NULL) {
conf->sub = prev->sub;
conf->handler = prev->handler;
}
return NGX_CONF_OK;
}
What about doing the similar thing in NJS.
diff --git a/nginx/ngx_http_js_module.c b/nginx/ngx_http_js_module.c
index f825c61..9da992d 100644
--- a/nginx/ngx_http_js_module.c
+++ b/nginx/ngx_http_js_module.c
@@ -3363,5 +3363,12 @@ ngx_http_js_create_loc_conf(ngx_conf_t *cf)
static char *
ngx_http_js_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
+ ngx_http_js_loc_conf_t *prev = parent;
+ ngx_http_js_loc_conf_t *conf = child;
+
+ if (conf->content.data == NULL) {
+ conf->content = prev->content;
+ }
+
return NGX_CONF_OK;
}
web to manage UNIT configuration.web way. (I call it dashboard)server {
listen 8080;
location / {
auth_request /auth;
# reference to https://enable-cors.org/server_nginx.html
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
...
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
...
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
...
}
proxy_pass http://127.0.0.1:8000; # UNIT HTTP API
}
location /login {
# I have to copy the same CORS headers setting here
js_content jwt.sign; # generate jwt token
}
location = /auth {
js_content jwt.verify; # verify generated token
}
}
@xeioex Is NJS able to process CORS for all the locations?
@VBart welcome to your suggestions.
BTW, I've implemented it in Lua. I want to try it in NJS, I think it will be a good example for NJS.
@hongzhidao
I use the following:
server {
#...
error_page 451 = @cors;
if ($request_method = OPTIONS) {
return 451;
}
location @cors {
internal;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 600;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Authorization, Content-Type, Origin, X-Requested-With, X-Captcha, X-TFA-Code';
return 204;
}
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Expose-Headers 'Date';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location /api/info/ {
proxy_pass http://localhost:8080;
}
#...
}
@hongzhidao
What about doing the similar thing in NJS
Good idea, will do.
@hongzhidao
Thanks, committed in https://github.com/nginx/njs/commit/713787d6e090e0f28762c17c46e22e0be808887b.
@xeioex @lexborisov
Buffer works well, thanks for your great work.
https://github.com/hokaccha/node-jwt-simple
BTW, I'm not familiar with it.
Why Buffer is necessary for js language?
What is it used for?
@hongzhidao Hi!
Why Buffer is necessary for js language?
What is it used for?
Is is taken from node. It is an ancient API from the times when there no TypedArrays/DataView in V8.
@hongzhidao
BTW, I'm not familiar with it.
Why Buffer is necessary for js language?
Basically, Buffer is an extension for TypedArray and solves the issue similar to python str vs bytes.
Native JS String type is a sequence of characters, not bytes. But in njs, we want to work with data sometimes as with bytes, and sometimes as with characters. Buffer is a sequence of bytes, but it can be easily converted to a string when necessary.
Previously, in njs, the byte issue was solved using two types of strings, byte-strings, normal-
strings, they feel and look almost identical, but may differ in tricky situations. So Buffer is a well known type that is familiar to JS programmers.
It also simplifies, porting of existing node.js modules.
The plan it to replace current-byte strings with Buffer.
@xeioex @drsm
An example works well with njs jwt.
https://github.com/hongzhidao/nginx-unit-dashboard/blob/master/conf/js/http.js
Thanks for your help.
Most helpful comment
@hongzhidao
Basically, Buffer is an extension for TypedArray and solves the issue similar to python str vs bytes.
Native JS String type is a sequence of characters, not bytes. But in njs, we want to work with data sometimes as with bytes, and sometimes as with characters. Buffer is a sequence of bytes, but it can be easily converted to a string when necessary.
Previously, in njs, the byte issue was solved using two types of strings, byte-strings, normal-
strings, they feel and look almost identical, but may differ in tricky situations. So Buffer is a well known type that is familiar to JS programmers.
It also simplifies, porting of existing node.js modules.
The plan it to replace current-byte strings with Buffer.