unboundsoftware/nginx-s3-upload
Archived
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Add lua-module for signing

Browse Source
This commit is contained in:
Joakim Olsson
2019-06-28 16:07:04 +02:00
parent b90a0a23ed
commit cd38b8b25e
7 changed files with 4047 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx.conf
+32 -4
View File
@@ -10,7 +10,13 @@ events {
http {
lua_load_resty_core off;
lua_package_path "/tmp/lua-resty-core/lib/?.lua;;";
lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;";
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
lua_need_request_body on;
lua_socket_buffer_size 128k;
server {
listen 80;
@@ -40,17 +46,37 @@ http {
set_secure_random_alphanum $prefix 64;
set_sha1 $prefixsha $prefix;
set_by_lua $date "return ngx.cookie_time(ngx.time())";
set_by_lua $day "return ngx.today()";
set_by_lua $time "os.time()";
set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))";
set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))";
set_sha1 $datesha $date;
set $key $prefixsha$datesha;
set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')";
set $url https://$bucket.s3.amazonaws.com/$day/$key;
set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key;
set $returnurl https://uploads.paidit.se/$day/$key;
set $acl public-read;
set $contentSha256 "";
access_by_lua_block {
local sha256 = require("sha256")
ngx.req.read_body()
local body = ngx.req.get_body_data()
local contentSha256 = sha256.sha256(body)
ngx.var.contentSha256 = contentSha256
}
set_by_lua_block $authorization {
local sign = require("sign")
local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"}
local region = "eu-west-1"
return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region)
}
proxy_set_header date $date;
proxy_set_header x-amz-acl $acl;
proxy_set_header x-amz-date $date;
proxy_set_header x-amz-content-sha256 $contentSha256;
proxy_set_header Authorization $authorization;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
add_header X-File-URL $returnurl;
@@ -59,6 +85,8 @@ http {
resolver_timeout 10s;
add_header 'Access-Control-Expose-Headers' 'X-File-Url';
add_header X-debug-message $authorization always;
proxy_pass $url;
}
}