GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → k8scat → lua-resty-feishu-auth

k8scat / lua-resty-feishu-auth

Licence: MIT license
适用于 OpenResty / ngx_lua 的基于飞书组织架构的登录认证

Programming Languages

lua
6591 projects
Makefile
30231 projects

Labels

nginxjwtloginauthopenrestylua-resty-jwtlua-resty-httpfeishu

Projects that are alternatives of or similar to lua-resty-feishu-auth

auth-flow-react-apollo-saga
Full stack login/register flow with React, Apollo, Redux, Redux-saga and MongoDB.
Stars: ✭ 22 (-21.43%)
Mutual labels:  login, auth
Kratos Selfservice Ui React Native
A reference implementation of an app using ORY Kratos for auth (login), sign up (registration), profile settings (update password), MFA/2FA, account recovery (password reset), and more for React Native. This repository is available as an expo template!
Stars: ✭ 24 (-14.29%)
Mutual labels:  login, auth
laravel-magiclink
Create link for authenticate in Laravel without password or get private content
Stars: ✭ 135 (+382.14%)
Mutual labels:  login, auth
supabase-ui-svelte
Supabase authentication UI for Svelte
Stars: ✭ 83 (+196.43%)
Mutual labels:  login, auth
lua-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (OpenResty)
Stars: ✭ 43 (+53.57%)
Mutual labels:  auth, openresty
hapi-doorkeeper
User authentication for web servers
Stars: ✭ 14 (-50%)
Mutual labels:  login, auth
Fastify Esso
The easiest authentication plugin for Fastify, with built-in support for Single sign-on
Stars: ✭ 20 (-28.57%)
Mutual labels:  login, auth
react-apple-signin-auth
 Apple signin for React using the official Apple JS SDK
Stars: ✭ 58 (+107.14%)
Mutual labels:  login, auth
Django Rest Registration
User-related REST API based on the awesome Django REST Framework
Stars: ✭ 240 (+757.14%)
Mutual labels:  login, auth
Laravel Adminless Ldap Auth
Authenticate users in Laravel against an adminless LDAP server
Stars: ✭ 199 (+610.71%)
Mutual labels:  login, auth
EasyFirebase
No description or website provided.
Stars: ✭ 48 (+71.43%)
Mutual labels:  login, auth
identifo
Universal authentication framework for web, created with go
Stars: ✭ 58 (+107.14%)
Mutual labels:  login, auth
Php Auth
Authentication for PHP. Simple, lightweight and secure.
Stars: ✭ 713 (+2446.43%)
Mutual labels:  login, auth
Flask simplelogin
Simple Login - Login Extension for Flask - maintainer @cuducos
Stars: ✭ 133 (+375%)
Mutual labels:  login, auth
rocket auth
An implementation for an authentication API for Rocket applications.
Stars: ✭ 65 (+132.14%)
Mutual labels:  login, auth
authorize-me
Authorization with social networks
Stars: ✭ 44 (+57.14%)
Mutual labels:  login, auth
ionic-login-component
Free sample of Premium Ionic Login Component
Stars: ✭ 17 (-39.29%)
Mutual labels:  login
react-signin-form
Concept for Sign in / Sign Up form
Stars: ✭ 109 (+289.29%)
Mutual labels:  login
sign-in-with-ethereum
Minimal example of sign in with Ethereum. Compatible with web3 browsers.
Stars: ✭ 25 (-10.71%)
Mutual labels:  auth
hasura-simple-auth
Simple Auth Server For Signup & Login Mutation
Stars: ✭ 32 (+14.29%)
Mutual labels:  auth
View All Similar Projects ➔

lua-resty-feishu-auth

适用于 OpenResty / ngx_lua 的基于飞书组织架构的登录认证

使用

安装 OpenResty

参考: https://k8scat.com/posts/linux/install-openresty-on-ubuntu-from-source-code/

下载

cd /usr/local/openresty/site/lualib
git clone https://github.com/k8scat/lua-resty-http.git
git clone https://github.com/k8scat/lua-resty-jwt.git
git clone https://github.com/k8scat/lua-resty-feishu-auth.git

配置

http 配置

http {
    lua_package_path "/usr/local/openresty/site/lualib/lua-resty-feishu-auth/lib/?.lua;/usr/local/openresty/site/lualib/lua-resty-jwt/lib/?.lua;/usr/local/openresty/site/lualib/lua-resty-jwt/vendor/?.lua;/usr/local/openresty/site/lualib/lua-resty-http/lib/?.lua;;";
}

server 配置

server {
    listen 443 ssl;
    server_name feishu-auth.example.com;
    resolver 8.8.8.8;
    
    ssl_certificate /usr/local/openresty/cert/feishu-auth.example.com.crt;
    ssl_certificate_key /usr/local/openresty/cert/feishu-auth.example.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    lua_ssl_verify_depth 2;
    lua_ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt;
    if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
        set $year $1;
        set $month $2;
        set $day $3;
    }
    access_log logs/feishu-auth.example.com_access_$year$month$day.log main;
    error_log logs/feishu-auth.example.com_error_$year$month$day.log;

    access_by_lua_block {
        local feishu_auth = require "resty.feishu_auth"
        feishu_auth.app_id = ""
        feishu_auth.app_secret = ""
        feishu_auth.callback_uri = "/feishu_auth_callback"
        feishu_auth.logout_uri = "/feishu_auth_logout"
        feishu_auth.app_domain = "feishu-auth.example.com"

        feishu_auth.jwt_secret = "thisisjwtsecret"

        feishu_auth.ip_blacklist = {"47.1.2.3"}
        feishu_auth.uri_whitelist = {"/"}
        feishu_auth.department_whitelist = {"0"}

        feishu_auth:auth()
    }
}

server {
    listen 80;
    server_name feishu-auth.example.com;

    location / {
        rewrite ^/(.*) https://$server_name/$1 redirect;
    }
}

配置说明

  • app_id 用于设置飞书企业自建应用的 App ID
  • app_secret 用于设置飞书企业自建应用的 App Secret
  • callback_uri 用于设置飞书网页登录后的回调地址(需在飞书企业自建应用的安全设置中设置重定向 URL)
  • logout_uri 用于设置登出地址
  • app_domain 用于设置访问域名(需和业务服务的访问域名一致)
  • jwt_secret 用于设置 JWT secret
  • ip_blacklist 用于设置 IP 黑名单
  • uri_whitelist 用于设置地址白名单,例如首页不需要登录认证
  • department_whitelist 用于设置部门白名单(字符串),默认不限制部门

应用权限说明

  • 获取部门基础信息
  • 获取部门组织架构信息
  • 以应用身份读取通讯录
  • 获取用户组织架构信息
  • 获取用户基本信息

依赖模块

相关项目

作者

K8sCat [email protected]

开源协议

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].