string: NGINX模块Lua和LuaJIT的字符串工具和常用哈希函数

安装

如果您尚未设置RPM仓库订阅，请注册。然后您可以继续以下步骤。

CentOS/RHEL 7或Amazon Linux 2

yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install lua-resty-string

CentOS/RHEL 8+、Fedora Linux、Amazon Linux 2023

dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install lua5.1-resty-string

要在NGINX中使用此Lua库，请确保已安装nginx-module-lua。

本文档描述了lua-resty-string v0.16，于2024年8月8日发布。

---

此库需要一个带有OpenSSL的nginx构建，ngx_lua模块和LuaJIT 2.0。

概述

    # nginx.conf:

    server {
        location = /test {
            content_by_lua_file conf/test.lua;
        }
    }

    -- conf/test.lua:

    local resty_sha1 = require "resty.sha1"

    local sha1 = resty_sha1:new()
    if not sha1 then
        ngx.say("创建sha1对象失败")
        return
    end

    local ok = sha1:update("hello, ")
    if not ok then
        ngx.say("添加数据失败")
        return
    end

    ok = sha1:update("world")
    if not ok then
        ngx.say("添加数据失败")
        return
    end

    local digest = sha1:final()  -- 二进制摘要

    local str = require "resty.string"
    ngx.say("sha1: ", str.to_hex(digest))
        -- 输出: "sha1: b7e23ec29af22b0b4e41da31e868d57226121c84"

    local resty_md5 = require "resty.md5"
    local md5 = resty_md5:new()
    if not md5 then
        ngx.say("创建md5对象失败")
        return
    end

    local ok = md5:update("hel")
    if not ok then
        ngx.say("添加数据失败")
        return
    end

        -- md5:update() 带可选的 "len" 参数
    ok = md5:update("loxxx", 2)
    if not ok then
        ngx.say("添加数据失败")
        return
    end

    local digest = md5:final()

    local str = require "resty.string"
    ngx.say("md5: ", str.to_hex(digest))
        -- 输出 "md5: 5d41402abc4b2a76b9719d911017c592"

    local resty_sha224 = require "resty.sha224"
    local str = require "resty.string"
    local sha224 = resty_sha224:new()
    ngx.say(sha224:update("hello"))
    local digest = sha224:final()
    ngx.say("sha224: ", str.to_hex(digest))

    local resty_sha256 = require "resty.sha256"
    local str = require "resty.string"
    local sha256 = resty_sha256:new()
    ngx.say(sha256:update("hello"))
    local digest = sha256:final()
    ngx.say("sha256: ", str.to_hex(digest))

    local resty_sha512 = require "resty.sha512"
    local str = require "resty.string"
    local sha512 = resty_sha512:new()
    ngx.say(sha512:update("hello"))
    local digest = sha512:final()
    ngx.say("sha512: ", str.to_hex(digest))

    local resty_sha384 = require "resty.sha384"
    local str = require "resty.string"
    local sha384 = resty_sha384:new()
    ngx.say(sha384:update("hel"))
    ngx.say(sha384:update("lo"))
    local digest = sha384:final()
    ngx.say("sha384: ", str.to_hex(digest))

    local resty_random = require "resty.random"
    local str = require "resty.string"
    local random = resty_random.bytes(16)
        -- 生成16字节的伪随机数据
    ngx.say("伪随机: ", str.to_hex(random))

    local resty_random = require "resty.random"
    local str = require "resty.string"
    local strong_random = resty_random.bytes(16,true)
        -- 尝试生成16字节的
        -- 密码学上强随机数据
    while strong_random == nil do
        strong_random = resty_random.bytes(16,true)
    end
    ngx.say("随机: ", str.to_hex(strong_random))

    local aes = require "resty.aes"
    local str = require "resty.string"
    local aes_128_cbc_md5 = aes:new("AKeyForAES")
        -- 默认密码是AES 128 CBC，使用1轮MD5
        -- 作为密钥，盐为nil
    local encrypted = aes_128_cbc_md5:encrypt("秘密信息！")
    ngx.say("AES 128 CBC (MD5) 加密十六进制: ", str.to_hex(encrypted))
    ngx.say("AES 128 CBC (MD5) 解密: ", aes_128_cbc_md5:decrypt(encrypted))

    local aes = require "resty.aes"
    local str = require "resty.string"
    local aes_256_cbc_sha512x5 = aes:new("AKeyForAES-256-CBC",
        "MySalt!!", aes.cipher(256,"cbc"), aes.hash.sha512, 5)
        -- AES 256 CBC，使用5轮SHA-512作为密钥
        -- 盐为"MySalt!!"
        -- 注意：盐可以是nil或正好8个字符长
    local encrypted = aes_256_cbc_sha512x5:encrypt("真的秘密信息！")
    ngx.say("AES 256 CBC (SHA-512, 带盐) 加密十六进制: ", str.to_hex(encrypted))
    ngx.say("AES 256 CBC (SHA-512, 带盐) 解密: ",
        aes_256_cbc_sha512x5:decrypt(encrypted))

    local aes = require "resty.aes"
    local str = require "resty.string"
    local aes_128_cbc_with_iv = assert(aes:new("1234567890123456",
        nil, aes.cipher(128,"cbc"), {iv="1234567890123456"}))
        -- AES 128 CBC，带IV且无盐
    local encrypted = aes_128_cbc_with_iv:encrypt("真的秘密信息！")
    ngx.say("AES 128 CBC (带IV) 加密十六进制: ", str.to_hex(encrypted))
    ngx.say("AES 128 CBC (带IV) 解密: ",
        aes_128_cbc_with_iv:decrypt(encrypted))

    local aes = require "resty.aes"
    local str = require "resty.string"
    local enable_padding = false
    local aes_256_cbc_with_padding = aes:new(
        key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)}, nil,
        nil, enable_padding)
        -- AES-256 CBC (自定义密钥生成，用户填充，块大小=32)
    local text = "hello"
    local block_size = 32
    local pad = block_size - #text % 32
    local text_paded = text .. string.rep(string.char(pad), pad)
    local encrypted = aes_256_cbc_with_padding:encrypt(text_paded)
    ngx.say("AES-256 CBC (自定义密钥生成，用户填充，块大小=32) 十六进制: ",
        str.to_hex(encrypted))

另请参阅

• ngx_lua模块: http://wiki.nginx.org/HttpLuaModule

GitHub

您可以在nginx-module-string的GitHub仓库中找到此模块的其他配置提示和文档。