nginx接口安全验证模块ngx_http_secure_link_module

时间:2020-05-08 13:23:45   收藏:0   阅读:69

location配置

location ~ ^/v1/(apple|banana)/ {  #uri以v1/apple或者v1/banana开头的,走以下的逻辑,验证签名
            set $channel_name $cookie_channel_name;  # 设置channel_name变量为cookie中的channel_name的值
            secure_link $arg_sign,$arg_expire;  # arg中的签名和过期时间
            secure_link_md5 "$uri $arg_version_name $channel_name $arg_et  gohell";

            set $check_status "";

            # checksum
            if ($secure_link = "") {
                set $check_status 403;
            }
            if ($arg_nonce_str = "") {
                set $check_status 200;
            }
            # expire
            if ($secure_link = "0") {
                set $check_status 410;
            }
            if ($arg_sign = "") {  # arg中无签名的直接返回504
                set $check_status 504;
            }
            if ($arg_version_name = "1.1.4.7") {  # arg中有version_name参数值为1.1.4.7的不验证签名
                set $check_status 200;
            }
            if ($arg_mmmm != "") {  # arg中有mmmm参数的不验证签名
                set $check_status 200;
            }
            if ($check_status = 403) {
                return 403;
            }
            if ($check_status = 410) {
                return 410;
            }
            if ($check_status = 504) {
                return 504;
            }

            proxy_pass http://127.0.0.1:10001;
        }


        location / {
            proxy_pass http://127.0.0.1:10001;
        }

原文:https://www.cnblogs.com/lanlingshao/p/12849702.html

评论(0
© 2014 bubuko.com 版权所有 - 联系我们:wmxa8@hotmail.com
打开技术之扣,分享程序人生!