local jwt = require "resty.jwt"
local validators = require "resty.jwt-validators"
local conf = require("config")

local auth_header = ngx.var.http_Authorization
ngx.log(ngx.INFO, auth_header)
----定义响应数据
local response = {}
----如果请求头中没有令牌，则直接返回401
--if auth_header == nil then
--    ngx.log(ngx.WARN, "No Authorization header")
--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
--end
--
--ngx.log(ngx.INFO, "Authorization: " .. auth_header)
--
---- require Bearer token
--local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
--
--if token == nil then
--    ngx.log(ngx.WARN, "Missing token")
--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
--end
--ngx.log(ngx.INFO, "Token: " .. token)
--local jwt_obj = jwt:verify(ngx.decode_base64(secret), token)
--if jwt_obj.verified == false then
--    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
--    ngx.status = ngx.HTTP_UNAUTHORIZED
--    ngx.header.content_type = "application/json; charset=utf-8"
--    ngx.say(cjson.encode(jwt_obj))
--    ngx.exit(ngx.HTTP_UNAUTHORIZED)
--end
--ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))

if auth_header == nil or auth_header == "" then
    ngx.log(ngx.WARN, "没有找到令牌数据")
    response["code"] = ngx.HTTP_UNAUTHORIZED
    response["message"] = "没有找到令牌数据"
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.header.content_type = "application/json; charset=utf-8"
    ngx.body = response
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--[[
--查找令牌中的Bearer前缀字符，并进行截取
local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
--如果没有Bearer，则表示令牌无效
if token == nil then
    response["code"] = ngx.HTTP_UNAUTHORIZED
    response["message"] = "令牌格式不正确"
    ngx.log(ngx.WARN, "令牌格式不正确")
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.header.content_type = "application/json; charset=utf-8"
    ngx.body = response
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--]]
--校验令牌
local jwt_obj = jwt:verify(conf.secret_key, auth_header)
--如果校验结果中的verified==false，则表示令牌无效
if jwt_obj.verified == false then
    ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
    response["code"] = ngx.HTTP_UNAUTHORIZED
    response["message"] = "令牌无效"
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.header.content_type = "application/json; charset=utf-8"
    ngx.body = response
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--判断token是否超时
if jwt_obj.payload.exp and os.time() > jwt_obj.payload.exp then
    ngx.log(ngx.WARN, "token timeout ".. jwt_obj.reason)
    response["code"] = ngx.HTTP_UNAUTHORIZED
    response["message"] = "令牌已过期"
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.header.content_type = "application/json; charset=utf-8"
    ngx.body = response
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
--全部校验完成后，说明令牌有效，返回令牌数据
ngx.log(ngx.INFO, "令牌校验通过 JWT: " .. cjson.encode(jwt_obj))