lua-resty-auth

A Lua resty module for HTTP Authentication (both basic and digest scheme supported, referring to RFC 2617)

Account

duhoobo

Repo

https://github.com/duhoobo/lua-resty-auth

$ opm get duhoobo/lua-resty-auth

lua-resty-auth

A Lua resty module for HTTP Authentication (both basic and digest scheme supported, referring to RFC 2617).

TODO

md5crpyt for scheme basic
crypt for scheme basic
test case
stress test
security audit

Missing Features

qop option auth-int
algorithm MD5-sess

Example Usage

    lua_shared_dict nonce 2m;

    init_by_lua '
        local auth = require("resty.auth")

        local ok, msg = auth.setup {
            scheme= "digest", 
            shm= "nonce", 
            user_file= "htdigest",
            expires= 10,
            replays= 5,
            timeout= 10,
        }
        if not ok then error(msg) end

        local ok, msg = auth.setup {
            scheme= "basic", 
            user_file= "htpasswd"
        )
        if not ok then print msg end
    ';

    server {
        location /auth_basic/ {
            access_by_lua '
                local auth = require("resty.auth")
                auth.new("basic", "you@site"):auth()
            ';
        }

        location /auth_digest/ {
            access_by_lua '
                local auth = require("resty.auth")
                auth.new("digest", "you@site"):auth()
            ';
        }
    }

Thanks

The idea and some of the code are borrowed from here
The module parameters mimic the directives of ngx_http_auth_digest

Authors

Hungpu DU (duhoobo)

License

2bsd

Dependencies

nginx

Versions

duhoobo/lua-resty-auth 0.0.1 by duhoobo

A Lua resty module for HTTP Authentication (both basic and digest scheme supported, referring to RFC 2617) 2016-09-30 05:59:47