byaz87Wv

· 5 years ago · Nov 29, 2019, 08:22 AM
1local cjson = require "cjson"
2local cjson2 = cjson.new()
3local http = require "resty.http"
4local httpc = http.new()
5
6local b64 = require "ngx.base64"
7local aes = require "resty.aes"
8
9local oauthUrl=os.getenv("OAUTH_SERVICE_URL")
10local s3Url=os.getenv("S3_SERVICE_URL")
11local userName=os.getenv("USER_NAME")
12local userSecret=os.getenv("USER_PASSWORD")
13local clientName=os.getenv("CLIENT_NAME")
14local clientSecret=os.getenv("CLIENT_PASSWORD")
15local expiryTime=os.getenv("EXPIRY_TIME")
16local aes_secret = os.getenv("AES_SECRET_KEY")
17local aes_iv = os.getenv("AES_IV")
18local aes_128_cbc_with_iv = assert(aes:new(aes_secret,nil, aes.cipher(128,"cbc"), {iv=aes_iv}))
19
20local query_string = ngx.req.get_uri_args()
21
22local encodedEncryptedKey = query_string["key"]
23local decodedEncryptedKey = b64.decode_base64url(encodedEncryptedKey)
24local key = aes_128_cbc_with_iv:decrypt(decodedEncryptedKey)
25
26--ngx.log(ngx.ERR,"key is " .. key)
27
28local encodedEncryptedPfolder = query_string["pfolder"]
29local decodedEncryptedPfolder = b64.decode_base64url(encodedEncryptedPfolder)
30local pfolder = aes_128_cbc_with_iv:decrypt(decodedEncryptedPfolder)
31
32--ngx.log(ngx.ERR,"bucket is " .. buckets)
33
34local encodedEncryptedTimeStamp = query_string["timestamp"]
35local decodedEncryptedTimeStamp = b64.decode_base64url(encodedEncryptedTimeStamp)
36local timeStamp = aes_128_cbc_with_iv:decrypt(decodedEncryptedTimeStamp)
37
38--ngx.log(ngx.ERR,"timestamp is " .. timeStamp)
39
40local signature = query_string["signature"]
41
42--ngx.log(ngx.ERR,"signature is " .. signature)
43
44local combinedParams= key .. "&" .. pfolder .. "&" .. timeStamp
45local calculatedSignature = aes_128_cbc_with_iv:encrypt(combinedParams)
46local encodedCalculatedSignature = b64.encode_base64url(calculatedSignature)
47
48--ngx.log(ngx.ERR,"received signature:" .. signature);
49--ngx.log(ngx.ERR,"expected signature:" .. encodedCalculatedSignature);
50
51if signature ~= encodedCalculatedSignature then
52	--ngx.log(ngx.ERR,"signature mismatch");
53	return
54else
55	--ngx.log(ngx.ERR,"signature match");
56end
57
58
59local oauthRes, oauthErr = httpc:request_uri(oauthUrl .. "/oauth/token",
60{
61    method = "POST",
62    body = "username=" .. userName .. "&password=" .. userSecret .. "&grant_type=password&client_id=" .. clientName .. "&client_secret=" .. clientSecret,
63    headers =
64    {
65    ["Content-Type"] = "application/x-www-form-urlencoded",
66    },
67    keepalive_timeout = 60,
68    keepalive_pool = 10
69})
70
71if not oauthRes then
72	--ngx.log(ngx.ERR,"failed to oauth request: " .. oauthErr)
73	return
74end
75--ngx.log(ngx.ERR,oauthRes.body)
76local oauthJson=oauthRes.body
77local oauthTable = cjson.decode(oauthJson)
78local token=oauthTable.access_token
79--ngx.log(ngx.ERR,"token is:- " .. token)
80local s3Res, s3Err = httpc:request_uri(s3Url .. "/v1/object/viewPresignedUrl?key=" .. key .."&expirationTime=10&bucketNames=" .. pfolder,
81{
82    method = "GET",
83    headers =
84    {
85      ["Content-Type"] = "application/x-www-form-urlencoded",
86      ["authorization"]="Bearer " .. token,
87    },
88    keepalive_timeout = 60,
89    keepalive_pool = 10
90})
91if not s3Res then
92--ngx.log(ngx.ERR,"failed to s3 request: " .. s3Err)
93return
94end
95--ngx.log(ngx.ERR,s3Res.body)
96local s3Json = s3Res.body
97local s3ResponseTable = cjson.decode(s3Json)
98local s3Status = s3ResponseTable.status
99
100if s3Status == "SUCCESS" then
101	--ngx.log(ngx.ERR,s3ResponseTable.presignedUrl)
102	ngx.var.target =s3ResponseTable.presignedUrl
103else
104	ngx.log(ngx.ERR,s3ResponseTable.error.message);
105	return ngx.redirect("/error.html")
106end