Skip to content

weauth: 适用于 nginx-module-lua 的基于企业微信组织架构的登录认证

Installation

If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.

CentOS/RHEL 7 or Amazon Linux 2

yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm 
yum -y install lua-resty-weauth

CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023

dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install lua5.1-resty-weauth

To use this Lua library with NGINX, ensure that nginx-module-lua is installed.

This document describes lua-resty-weauth v0.0.3 released on Aug 11 2021.


适用于 OpenResty/ngx_lua 的基于企业微信组织架构的登录认证

使用

下载

cd /path/to
git clone [email protected]:ledgetech/lua-resty-http.git
git clone [email protected]:SkyLothar/lua-resty-jwt.git
git clone [email protected]:k8scat/lua-resty-weauth.git

配置

server {
    access_by_lua_block {
        local weauth = require "resty.weauth"
        weauth.corp_id = ""
        weauth.app_agent_id = ""
        weauth.app_secret = ""
        weauth.callback_uri = "/weauth_callback"
        weauth.logout_uri = "/weauth_logout"
        weauth.app_domain = "weauth.example.com"

        weauth.jwt_secret = "thisisjwtsecret"

        weauth.ip_blacklist = {"47.1.2.3"}
        weauth.uri_whitelist = {"/"}
        weauth.department_whitelist = {1, 2}

        weauth:auth()
    }
}

配置说明:

  • corp_id 用于设置企业 ID
  • app_agent_id 用于设置企业微信自建应用的 AgentId
  • app_secret 用于设置企业微信自建应用的 Secret
  • callback_uri 用于设置企业微信扫码登录后的回调地址(需设置企业微信授权登录中的授权回调域)
  • logout_uri 用于设置登出地址
  • app_domain 用于设置访问域名(需和业务服务的访问域名一致)
  • jwt_secret 用于设置 JWT secret
  • ip_blacklist 用于设置 IP 黑名单
  • uri_whitelist 用于设置地址白名单,例如首页不需要登录认证
  • department_whitelist 用于设置部门白名单(数字)

依赖模块

相关项目

作者

K8sCat k8scat@gmail.com

开源协议

MIT

GitHub

You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-weauth.