$ opm get supereldar/lua-resty-access

lua-resty-access

lua-resty-access - 基于无密码身份验证的 OpenResty Web 应用程序访问管理模块。

演示地址： https://luarestyaccess.site

安装

    $ opm get supereldar/lua-resty-access

要求和快速入门示例

您的 nginx 配置应如下所示

    http {
    #REQUIREMENT: module require temporary storage, please setup luarestyaccess dictionary.
      lua_shared_dict luarestyaccess 10m;
      
        server {
        listen 80;
        servername domain.local;
        
          location / {
    #REQUIREMENT: resolver and ca certificate directives are needed for external communication.
            resolver 8.8.8.8;
            lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
    #REQUIREMENT: Call method Protect of resty.access object using access_by_lua* directive to activate access restriction.
            access_by_lua_block {
              local access = require'resty.access'
              local site = access:new()
              
              #Add users one by one who can access this location. To pass authentication provide "username".
              site:permitUser({username="john", email="john@snow.winter"})
              
              #You can also permit a single email.
              site:permitEmail({email = "john@snow.winter"})
              
              #Or you can permit the whole domain. "*" - works as wildcard here.
              site:permitEmail({email = "*@snow.winter"})
              
              #Launch module
              site:protect()
             }
           proxy_pass http://app1.domain.local;
         }
       }
    }

可选配置

如果要更改访问时间和持久性或 cookie 名称前缀，可以使用 sessionConfig 方法。

    site:sessionConfig({cookie_prefix = "luarestyaccess_", access_persistent = false , access_time = 3600})

如果希望在配置重新加载后保持用户身份验证，请使用 access_secret 键指定静态密钥。

    site:sessionConfig({access_secret = 623q4hR325t36VsCD3g567922IC0073T})

如果要授予对整个域的访问权限，请使用 cookie_domain 键指定域名。

    site:sessionConfig({cookie_domain = "domain.local"})

如果要通过您自己的 smtp 服务器处理电子邮件，可以使用 emailConfig 方法。

    site:emailConfig({
      mode = "smtp", 
      host= "smtp.gmail.com", 
      port = 587, 
      tls = true,
      username = "user@gmail.com",
      password = "qwerty123"  
    })