nginx实现静态文件的token认证

本文介绍了基于OpenResty和Lua实现Nginx的Token鉴权思路。用户携带token请求Nginx,Nginx反问后台服务验证token有效性,有效则返回静态资源,无效返回权限不够。采用OpenResty版本编写Lua脚本,下载lua - resty - http工具包并放置指定目录,编写Nginx配置和后台鉴权代码即可。

思路

1.用户请求携带token请求nginx

2.nginx反问后台服务token是否有效

3.token有效就返回静态资源 无效就返回权限不够

普通的nginx无法编写lua脚本

我们采用openresty版本可以编写lua脚本

lua包需要下载lua-resty-http工具包,地址lua-resty-http,解压后将.lua文件放到 lualib\resty目录下就行。

编写nginx的config的配置 server替换

 server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

	location / {
		rewrite_by_lua_block {
			-- local cjson = require "cjson"
			-- local http = require "resty.http"
			local httpc = http.new()
			local ngx = ngx
			local headers = ngx.req.get_headers()
			-- get请求参数中T就是token
			local token = headers["token"]
			local request_method = ngx.var.request_method
			local args = nil
			if "GET" == request_method then
				args = ngx.req.get_uri_args()
			elseif "POST" == request_method then
				ngx.req.read_body()
				args = ngx.req.get_post_args()
			end
				
			token = args["token"];
			if not token then
				ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
				ngx.status = ngx.HTTP_FORBIDDEN
				ngx.say("You do not have permission to view the picture.")
				ngx.exit(200)
			end
			-- 字符串拼接
			-- 你要实现token鉴权的服务,header和参数都给你实现了,根据实际需要选择
			local url = "http://127.0.0.1:8080/image/checkToken?token="..token;
				
			local res, err = httpc:request_uri(url, {method="GET", headers={["token"]=token}})
				
			if not res then 
				ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
				ngx.say(cjson.encode({message = "Error getting response",status = ngx.HTTP_INTERNAL_SERVER_ERROR }));					
				ngx.exit(200)
			end
			if res.body == '0' then 
				ngx.header['Content-Type'] = 'text/plain; charset=utf-8';
				ngx.say("You do not have permission to view the picture.");					
				ngx.exit(200)
			end	
			
			}
			root D:\\project;
			
		}


        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

编写后台对token进行鉴权即可成功返回1失败返回0

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值