A kong plugin that verifies request permissions via JWT token.
Confirm user permissions for each API through the database.
- Kong Version: 1.1.3
- Postgresql Version: 9.6.24
- check token signature
- check token expiry
- check token conflict
- check user has permission to access api
- handler : main
- schema : config
- daos : cache
- api_mgr : define api auth level
CREATE TABLE api_mgr(
sign VARCHAR(51) PRIMARY KEY,
path VARCHAR(50) NOT NULL,
service smallint NOT NULL,
auth_level smallint DEFAULT 0
);
- login_user : define user and user permissions
CREATE TABLE login_user(
phone CHAR(11) PRIMARY KEY NOT NULL,
username VARCHAR(15) NOT NULL,
password VARCHAR(15) NOT NULL,
level smallint DEFAULT 0
);
Remove all kong.log.inspect
code in production environment.