Jh2bDPAx

· 5 years ago · Nov 25, 2019, 05:48 AM
1local resty_rsa = require "resty.rsa"
2
3--ngx.say('Smile your service is running')
4
5local cjson = require "cjson"
6local cjson2 = cjson.new()
7local http = require "resty.http"
8local httpc = http.new()
9
10local b64 = require "ngx.base64"
11local aes = require "resty.aes"
12
13local oauthUrl=os.getenv("OAUTH_SERVICE_URL")
14local s3Url=os.getenv("S3_SERVICE_URL")
15local userName=os.getenv("USER_NAME")
16local userSecret=os.getenv("USER_PASSWORD")
17local clientName=os.getenv("CLIENT_NAME")
18local clientSecret=os.getenv("CLIENT_PASSWORD")
19local expiryTime=os.getenv("EXPIRY_TIME")
20local aes_secret = os.getenv("AES_SECRET_KEY")
21local aes_iv = os.getenv("AES_IV")
22local aes_128_cbc_with_iv = assert(aes:new(aes_secret,nil, aes.cipher(128,"cbc"), {iv=aes_iv}))
23
24local query_string = ngx.req.get_uri_args()
25
26local encodedEncryptedKey = query_string["key"]
27local decodedEncryptedKey = b64.decode_base64url(encodedEncryptedKey)
28local key = aes_128_cbc_with_iv:decrypt(decodedEncryptedKey)
29
30--ngx.say("key is ",key)
31
32local encodedEncryptedPfolder = query_string["pfolder"]
33local decodedEncryptedPfolder = b64.decode_base64url(encodedEncryptedPfolder)
34local pfolder = aes_128_cbc_with_iv:decrypt(decodedEncryptedPfolder)
35
36--ngx.say("bucket is ",buckets)
37
38local encodedEncryptedTimeStamp = query_string["timestamp"]
39local decodedEncryptedTimeStamp = b64.decode_base64url(encodedEncryptedTimeStamp)
40local timeStamp = aes_128_cbc_with_iv:decrypt(decodedEncryptedTimeStamp)
41
42--ngx.say("timestamp is ",timeStamp)
43
44local signature = query_string["signature"]
45
46--ngx.say("signature is ",signature)
47
48local combinedParams= key .. "&" .. pfolder .. "&" .. timeStamp
49local calculatedSignature = aes_128_cbc_with_iv:encrypt(combinedParams)
50local encodedCalculatedSignature = b64.encode_base64url(calculatedSignature)
51
52--ngx.say("received signature:",signature);
53--ngx.say("expected signature:",encodedCalculatedSignature);
54
55if signature ~= encodedCalculatedSignature then
56	--ngx.say("signature mismatch");
57	return
58else
59	--ngx.say("signature match");
60end
61
62
63local oauthRes, oauthErr = httpc:request_uri(oauthUrl .. "/oauth/token",
64{
65    method = "POST",
66    body = "username=" .. userName .. "&password=" .. userSecret .. "&grant_type=password&client_id=" .. clientName .. "&client_secret=" .. clientSecret,
67    headers =
68    {
69    ["Content-Type"] = "application/x-www-form-urlencoded",
70    },
71    keepalive_timeout = 60,
72    keepalive_pool = 10
73})
74
75if not oauthRes then
76	--ngx.say("failed to oauth request: ", oauthErr)
77	return
78end
79--ngx.say(oauthRes.body)
80local oauthJson=oauthRes.body
81local oauthTable = cjson.decode(oauthJson)
82local token=oauthTable.access_token
83--ngx.say("token is:- ",token)
84local s3Res, s3Err = httpc:request_uri(s3Url .. "/v1/object/viewPresignedUrl?key=" .. key .."&expirationTime=10&bucketNames=" .. pfolder,
85{
86    method = "GET",
87    headers =
88    {
89      ["Content-Type"] = "application/x-www-form-urlencoded",
90      ["authorization"]="Bearer " .. token,
91    },
92    keepalive_timeout = 60,
93    keepalive_pool = 10
94})
95if not s3Res then
96--ngx.say("failed to s3 request: ", s3Err)
97return
98end
99--ngx.say(s3Res.body)
100local s3Json = s3Res.body
101local s3ResponseTable = cjson.decode(s3Json)
102local s3Status = s3ResponseTable.status
103
104if s3Status == "SUCCESS" then
105	--ngx.say(s3ResponseTable.presignedUrl)
106	ngx.var.target =s3ResponseTable.presignedUrl
107else
108	ngx.log(ngx.ERR,s3ResponseTable.error.message);
109	return ngx.redirect("/error.html")
110end