Lines 12-17
Link Here
|
12 |
|
12 |
|
13 |
typedef struct { |
13 |
typedef struct { |
14 |
ngx_str_t secret; |
14 |
ngx_str_t secret; |
|
|
15 |
time_t timeout; |
15 |
} ngx_http_secure_link_conf_t; |
16 |
} ngx_http_secure_link_conf_t; |
16 |
|
17 |
|
17 |
|
18 |
|
Lines 30-35
Link Here
|
30 |
offsetof(ngx_http_secure_link_conf_t, secret), |
31 |
offsetof(ngx_http_secure_link_conf_t, secret), |
31 |
NULL }, |
32 |
NULL }, |
32 |
|
33 |
|
|
|
34 |
{ ngx_string("secure_link_timeout"), |
35 |
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
36 |
ngx_conf_set_sec_slot, |
37 |
NGX_HTTP_LOC_CONF_OFFSET, |
38 |
offsetof(ngx_http_secure_link_conf_t, timeout), |
39 |
NULL }, |
33 |
ngx_null_command |
40 |
ngx_null_command |
34 |
}; |
41 |
}; |
35 |
|
42 |
|
Lines 67-88
Link Here
|
67 |
|
74 |
|
68 |
static ngx_str_t ngx_http_secure_link = ngx_string("secure_link"); |
75 |
static ngx_str_t ngx_http_secure_link = ngx_string("secure_link"); |
69 |
|
76 |
|
|
|
77 |
static u_char |
78 |
ngx_hex2int(u_char hex) |
79 |
{ |
80 |
hex = hex - '0'; |
81 |
if (hex > 9) { |
82 |
hex = (hex + '0' - 1) | 0x20; |
83 |
hex = hex - 'a' + 11; |
84 |
} |
85 |
if (hex > 15) |
86 |
hex = 0xFF; |
87 |
|
88 |
return hex; |
89 |
} |
70 |
|
90 |
|
71 |
static ngx_int_t |
91 |
static ngx_int_t |
72 |
ngx_http_secure_link_variable(ngx_http_request_t *r, |
92 |
ngx_http_secure_link_variable(ngx_http_request_t *r, |
73 |
ngx_http_variable_value_t *v, uintptr_t data) |
93 |
ngx_http_variable_value_t *v, uintptr_t data) |
74 |
{ |
94 |
{ |
75 |
u_char *p, *start, *end, *last; |
95 |
u_char *p, *start, *end, *last, *tss, *tse; |
76 |
size_t len; |
96 |
size_t len, tslen; |
77 |
ngx_int_t n; |
97 |
ngx_int_t n; |
78 |
ngx_uint_t i; |
98 |
ngx_uint_t i; |
79 |
ngx_md5_t md5; |
99 |
ngx_md5_t md5; |
|
|
100 |
time_t ts; |
80 |
ngx_http_secure_link_conf_t *conf; |
101 |
ngx_http_secure_link_conf_t *conf; |
81 |
u_char hash[16]; |
102 |
u_char hash[16]; |
82 |
|
103 |
|
83 |
conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module); |
104 |
conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module); |
84 |
|
105 |
|
85 |
if (conf->secret.len == 0) { |
106 |
if (conf->secret.len == 0 || conf->timeout == 0) { |
86 |
goto not_found; |
107 |
goto not_found; |
87 |
} |
108 |
} |
88 |
|
109 |
|
Lines 103-124
Link Here
|
103 |
while (p < last) { |
124 |
while (p < last) { |
104 |
if (*p++ == '/') { |
125 |
if (*p++ == '/') { |
105 |
end = p - 1; |
126 |
end = p - 1; |
106 |
goto url_start; |
127 |
goto tstamp_start; |
107 |
} |
128 |
} |
108 |
} |
129 |
} |
109 |
|
130 |
|
110 |
goto not_found; |
131 |
goto not_found; |
111 |
|
132 |
|
|
|
133 |
tstamp_start: |
134 |
|
135 |
tss = p; |
136 |
|
137 |
while (p < last) { |
138 |
if (*p++ == '/') { |
139 |
tse = p - 1; |
140 |
goto url_start; |
141 |
} |
142 |
} |
143 |
|
144 |
goto not_found; |
145 |
|
112 |
url_start: |
146 |
url_start: |
113 |
|
147 |
|
|
|
148 |
tslen = tse - tss; |
114 |
len = last - p; |
149 |
len = last - p; |
115 |
|
150 |
|
116 |
if (end - start != 32 || len == 0) { |
151 |
if (end - start != 32 || len == 0 || tslen != 8) { |
117 |
goto not_found; |
152 |
goto not_found; |
118 |
} |
153 |
} |
119 |
|
154 |
|
|
|
155 |
ts = 0; |
156 |
for (i = 0; i < 8; i++) { |
157 |
ts = (ts << 4) + ngx_hex2int(tss[i]); |
158 |
} |
159 |
|
160 |
if (ts < r->start_sec - conf->timeout) { |
161 |
goto not_found; |
162 |
} |
163 |
|
120 |
ngx_md5_init(&md5); |
164 |
ngx_md5_init(&md5); |
121 |
ngx_md5_update(&md5, p, len); |
165 |
ngx_md5_update(&md5, p, len); |
|
|
166 |
ngx_md5_update(&md5, tss, tslen); |
122 |
ngx_md5_update(&md5, conf->secret.data, conf->secret.len); |
167 |
ngx_md5_update(&md5, conf->secret.data, conf->secret.len); |
123 |
ngx_md5_final(hash, &md5); |
168 |
ngx_md5_final(hash, &md5); |
124 |
|
169 |
|
Lines 160-166
Link Here
|
160 |
* |
205 |
* |
161 |
* conf->secret = { 0, NULL } |
206 |
* conf->secret = { 0, NULL } |
162 |
*/ |
207 |
*/ |
163 |
|
208 |
|
|
|
209 |
conf->timeout = NGX_CONF_UNSET; |
164 |
return conf; |
210 |
return conf; |
165 |
} |
211 |
} |
166 |
|
212 |
|
Lines 172-177
Link Here
|
172 |
ngx_http_secure_link_conf_t *conf = child; |
218 |
ngx_http_secure_link_conf_t *conf = child; |
173 |
|
219 |
|
174 |
ngx_conf_merge_str_value(conf->secret, prev->secret, ""); |
220 |
ngx_conf_merge_str_value(conf->secret, prev->secret, ""); |
|
|
221 |
ngx_conf_merge_sec_value(conf->timeout, prev->timeout, 3600); |
175 |
|
222 |
|
176 |
return NGX_CONF_OK; |
223 |
return NGX_CONF_OK; |
177 |
} |
224 |
} |