unboundsoftware/nginx-s3-upload
Archived
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Change SHA-implementation and make sure signature is correctly generated

Browse Source
This commit is contained in:
Joakim Olsson
2019-08-02 10:27:54 +02:00
parent cd38b8b25e
commit fc9269f362
10 changed files with 436 additions and 807 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx.conf
+22 -12
View File
@@ -1,6 +1,8 @@
env AWS_ACCESS_KEY_ID;
env AWS_SECRET_ACCESS_KEY;
env S3_BUCKET_NAME;
env AWS_REGION;
env RETURN_URL;
worker_processes 1;
@@ -11,10 +13,15 @@ events {
http {
lua_load_resty_core off;
lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;";
client_max_body_size 100m;
lua_package_cpath '/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;';
proxy_max_temp_file_size 0;
proxy_buffering off;
server_names_hash_bucket_size 256;
client_body_buffer_size 128k;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
lua_need_request_body on;
lua_socket_buffer_size 128k;
@@ -47,34 +54,37 @@ http {
set_secure_random_alphanum $prefix 64;
set_sha1 $prefixsha $prefix;
set_by_lua $time "os.time()";
set_by_lua $timestamp "return os.date('%Y%m%dT%H%M%SZ', tonumber(ngx.var.time))";
set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))";
set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))";
set_sha1 $datesha $date;
set $key $prefixsha$datesha;
set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')";
set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key;
set $returnurl https://uploads.paidit.se/$day/$key;
set_by_lua $baseurl "return os.getenv('RETURN_URL')";
set_by_lua $region "return os.getenv('AWS_REGION')";
set $phost $bucket.s3-$region.amazonaws.com;
set $ppath /$day/$key;
set $url https://$phost$ppath;
set $returnurl https://$baseurl$ppath;
set $acl public-read;
set $contentSha256 "";
set $authorization "";
access_by_lua_block {
local sha256 = require("sha256")
local sha2 = require("sha2")
ngx.req.read_body()
local body = ngx.req.get_body_data()
local contentSha256 = sha256.sha256(body)
local contentSha256 = sha2.hash256(body)
ngx.var.contentSha256 = contentSha256
}
set_by_lua_block $authorization {
local sign = require("sign")
local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"}
local region = "eu-west-1"
return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region)
local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.timestamp, ["x-amz-content-sha256"] = ngx.var.contentSha256, ["date"] = ngx.var.date, ["host"] = ngx.var.phost }
ngx.var.authorization = sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), ngx.var.ppath, headers, ngx.var.region)
}
proxy_set_header date $date;
proxy_set_header host $phost;
proxy_set_header x-amz-acl $acl;
proxy_set_header x-amz-date $date;
proxy_set_header x-amz-date $timestamp;
proxy_set_header x-amz-content-sha256 $contentSha256;
proxy_set_header Authorization $authorization;
proxy_hide_header x-amz-id-2;