IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-18 21:23:36 -06:00
Code Issues Packages Projects Releases Wiki Activity

new ngx_http_secure_link_module with secure_link, secure_link_md5, and

Browse Source 
secure_link_expires
This commit is contained in:
Igor Sysoev 2010-09-02 14:37:16 +00:00
parent a256afd064
commit 94e9aaa8ad
5 changed files with 272 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/core/ngx_string.c
View File

@ -10,6 +10,8 @@
static u_char *ngx_sprintf_num(u_char *buf, u_char *last, uint64_t ui64,
u_char zero, ngx_uint_t hexadecimal, ngx_uint_t width);
static ngx_int_t ngx_decode_base64_internal(ngx_str_t *dst, ngx_str_t *src,
const u_char *basis);
void
@ -1095,8 +1097,6 @@ ngx_encode_base64(ngx_str_t *dst, ngx_str_t *src)
ngx_int_t
ngx_decode_base64(ngx_str_t *dst, ngx_str_t *src)
{
size_t len;
u_char *d, *s;
static u_char basis64[] = {
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
@ -1117,12 +1117,49 @@ ngx_decode_base64(ngx_str_t *dst, ngx_str_t *src)
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77
};
return ngx_decode_base64_internal(dst, src, basis64);
}
ngx_int_t
ngx_decode_base64url(ngx_str_t *dst, ngx_str_t *src)
{
static u_char basis64[] = {
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 62, 77, 77,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 77, 77, 77, 77, 77, 77,
77, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 77, 77, 77, 77, 63,
77, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77
};
return ngx_decode_base64_internal(dst, src, basis64);
}
static ngx_int_t
ngx_decode_base64_internal(ngx_str_t *dst, ngx_str_t *src, const u_char *basis)
{
size_t len;
u_char *d, *s;
for (len = 0; len < src->len; len++) {
if (src->data[len] == '=') {
break;
}
if (basis64[src->data[len]] == 77) {
if (basis[src->data[len]] == 77) {
return NGX_ERROR;
}
}
@ -1135,20 +1172,20 @@ ngx_decode_base64(ngx_str_t *dst, ngx_str_t *src)
d = dst->data;
while (len > 3) {
*d++ = (u_char) (basis64[s[0]] << 2 | basis64[s[1]] >> 4);
*d++ = (u_char) (basis64[s[1]] << 4 | basis64[s[2]] >> 2);
*d++ = (u_char) (basis64[s[2]] << 6 | basis64[s[3]]);
*d++ = (u_char) (basis[s[0]] << 2 | basis[s[1]] >> 4);
*d++ = (u_char) (basis[s[1]] << 4 | basis[s[2]] >> 2);
*d++ = (u_char) (basis[s[2]] << 6 | basis[s[3]]);
s += 4;
len -= 4;
}
if (len > 1) {
*d++ = (u_char) (basis64[s[0]] << 2 | basis64[s[1]] >> 4);
*d++ = (u_char) (basis[s[0]] << 2 | basis[s[1]] >> 4);
}
if (len > 2) {
*d++ = (u_char) (basis64[s[1]] << 4 | basis64[s[2]] >> 2);
*d++ = (u_char) (basis[s[1]] << 4 | basis[s[2]] >> 2);
}
dst->len = d - dst->data;

1
src/core/ngx_string.h
View File

@ -178,6 +178,7 @@ u_char *ngx_hex_dump(u_char *dst, u_char *src, size_t len);
void ngx_encode_base64(ngx_str_t *dst, ngx_str_t *src);
ngx_int_t ngx_decode_base64(ngx_str_t *dst, ngx_str_t *src);
ngx_int_t ngx_decode_base64url(ngx_str_t *dst, ngx_str_t *src);
uint32_t ngx_utf8_decode(u_char **p, size_t n);
size_t ngx_utf8_length(u_char *p, size_t n);

199
src/http/modules/ngx_http_secure_link_module.c
View File

@ -11,10 +11,23 @@
typedef struct {
ngx_str_t secret;
ngx_http_complex_value_t *variable;
ngx_http_complex_value_t *md5;
ngx_str_t secret;
ngx_flag_t expires;
} ngx_http_secure_link_conf_t;
typedef struct {
ngx_str_t expires;
} ngx_http_secure_link_ctx_t;
static ngx_int_t ngx_http_secure_link_old_variable(ngx_http_request_t *r,
ngx_http_secure_link_conf_t *conf, ngx_http_variable_value_t *v,
uintptr_t data);
static ngx_int_t ngx_http_secure_link_expires_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static void *ngx_http_secure_link_create_conf(ngx_conf_t *cf);
static char *ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent,
void *child);
@ -23,6 +36,27 @@ static ngx_int_t ngx_http_secure_link_add_variables(ngx_conf_t *cf);
static ngx_command_t ngx_http_secure_link_commands[] = {
{ ngx_string("secure_link"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_http_set_comlex_value_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_secure_link_conf_t, variable),
NULL },
{ ngx_string("secure_link_md5"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_http_set_comlex_value_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_secure_link_conf_t, md5),
NULL },
{ ngx_string("secure_link_expires"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_secure_link_conf_t, expires),
NULL },
{ ngx_string("secure_link_secret"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
@ -65,27 +99,124 @@ ngx_module_t ngx_http_secure_link_module = {
};
static ngx_str_t ngx_http_secure_link = ngx_string("secure_link");
static ngx_str_t ngx_http_secure_link_name = ngx_string("secure_link");
static ngx_str_t ngx_http_secure_link_expires_name =
ngx_string("secure_link_expires");
static ngx_int_t
ngx_http_secure_link_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
ngx_http_variable_value_t *v, uintptr_t data)
{
u_char *p, *start, *end, *last;
size_t len;
ngx_int_t n;
ngx_uint_t i;
ngx_md5_t md5;
u_char *p, *last;
ngx_str_t val, hash;
time_t expires;
ngx_md5_t md5;
ngx_http_secure_link_ctx_t *ctx;
ngx_http_secure_link_conf_t *conf;
u_char hash[16];
u_char hash_buf[16], md5_buf[16];
conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module);
if (conf->secret.len == 0) {
if (conf->secret.len) {
return ngx_http_secure_link_old_variable(r, conf, v, data);
}
if (conf->variable == NULL || conf->md5 == NULL) {
goto not_found;
}
if (ngx_http_complex_value(r, conf->variable, &val) != NGX_OK) {
return NGX_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"secure link: \"%V\"", &val);
last = val.data + val.len;
p = ngx_strlchr(val.data, last, ',');
expires = 0;
if (p) {
val.len = p++ - val.data;
if (conf->expires) {
expires = ngx_atotm(p, last - p);
if (expires <= 0) {
goto not_found;
}
ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_secure_link_ctx_t));
if (ctx == NULL) {
return NGX_ERROR;
}
ngx_http_set_ctx(r, ctx, ngx_http_secure_link_module);
ctx->expires.len = last - p;
ctx->expires.data = p;
}
}
if (val.len > 24) {
goto not_found;
}
hash.len = 16;
hash.data = hash_buf;
if (ngx_decode_base64url(&hash, &val) != NGX_OK) {
goto not_found;
}
if (hash.len != 16) {
goto not_found;
}
if (ngx_http_complex_value(r, conf->md5, &val) != NGX_OK) {
return NGX_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"secure link md5: \"%V\"", &val);
ngx_md5_init(&md5);
ngx_md5_update(&md5, val.data, val.len);
ngx_md5_final(md5_buf, &md5);
if (ngx_memcmp(hash_buf, md5_buf, 16) != 0) {
goto not_found;
}
v->data = (u_char *) ((expires && expires < ngx_time()) ? "0" : "1");
v->len = 1;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
return NGX_OK;
not_found:
v->not_found = 1;
return NGX_OK;
}
static ngx_int_t
ngx_http_secure_link_old_variable(ngx_http_request_t *r,
ngx_http_secure_link_conf_t *conf, ngx_http_variable_value_t *v,
uintptr_t data)
{
u_char *p, *start, *end, *last;
size_t len;
ngx_int_t n;
ngx_uint_t i;
ngx_md5_t md5;
u_char hash[16];
p = &r->unparsed_uri.data[1];
last = r->unparsed_uri.data + r->unparsed_uri.len;
@ -145,6 +276,29 @@ not_found:
}
static ngx_int_t
ngx_http_secure_link_expires_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
ngx_http_secure_link_ctx_t *ctx;
ctx = ngx_http_get_module_ctx(r, ngx_http_secure_link_module);
if (ctx) {
v->len = ctx->expires.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
v->data = ctx->expires.data;
} else {
v->not_found = 1;
}
return NGX_OK;
}
static void *
ngx_http_secure_link_create_conf(ngx_conf_t *cf)
{
@ -158,9 +312,13 @@ ngx_http_secure_link_create_conf(ngx_conf_t *cf)
/*
* set by ngx_pcalloc():
*
* conf->secret = { 0, NULL }
* conf->variable = NULL;
* conf->md5 = NULL;
* conf->secret = { 0, NULL };
*/
conf->expires = NGX_CONF_UNSET;
return conf;
}
@ -173,6 +331,16 @@ ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->secret, prev->secret, "");
if (conf->variable == NULL) {
conf->variable = prev->variable;
}
if (conf->md5 == NULL) {
conf->md5 = prev->md5;
}
ngx_conf_merge_value(conf->expires, prev->expires, 0);
return NGX_CONF_OK;
}
@ -182,12 +350,19 @@ ngx_http_secure_link_add_variables(ngx_conf_t *cf)
{
ngx_http_variable_t *var;
var = ngx_http_add_variable(cf, &ngx_http_secure_link, NGX_HTTP_VAR_NOHASH);
var = ngx_http_add_variable(cf, &ngx_http_secure_link_name, 0);
if (var == NULL) {
return NGX_ERROR;
}
var->get_handler = ngx_http_secure_link_variable;
var = ngx_http_add_variable(cf, &ngx_http_secure_link_expires_name, 0);
if (var == NULL) {
return NGX_ERROR;
}
var->get_handler = ngx_http_secure_link_expires_variable;
return NGX_OK;
}

36
src/http/ngx_http_script.c
View File

@ -211,6 +211,42 @@ ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv)
}
char *
ngx_http_set_comlex_value_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
char *p = conf;
ngx_str_t *value;
ngx_http_complex_value_t **cv;
ngx_http_compile_complex_value_t ccv;
cv = (ngx_http_complex_value_t **) (p + cmd->offset);
if (*cv != NULL) {
return "duplicate";
}
*cv = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t));
if (*cv == NULL) {
return NGX_CONF_ERROR;
}
value = cf->args->elts;
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
ccv.cf = cf;
ccv.value = &value[1];
ccv.complex_value = *cv;
if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
ngx_int_t
ngx_http_test_predicates(ngx_http_request_t *r, ngx_array_t *predicates)
{

3
src/http/ngx_http_script.h
View File

@ -207,6 +207,9 @@ void ngx_http_script_flush_complex_value(ngx_http_request_t *r,
ngx_int_t ngx_http_complex_value(ngx_http_request_t *r,
ngx_http_complex_value_t *val, ngx_str_t *value);
ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv);
char * ngx_http_set_comlex_value_slot(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r,
ngx_array_t *predicates);